Skip to content

Commit

Permalink
Merge pull request #322 from Nizernizer/main
Browse files Browse the repository at this point in the history
Release 1.7.0
  • Loading branch information
Nizernizer authored Jun 6, 2022
2 parents 0c3b1a7 + 521ba64 commit f18f749
Show file tree
Hide file tree
Showing 6 changed files with 390 additions and 12 deletions.
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
package com.secnium.iast.agent;

import java.io.*;
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Scanner;

import io.dongtai.iast.agent.IastProperties;
import io.dongtai.iast.agent.report.AgentRegisterReport;
import io.dongtai.log.DongTaiLog;
import org.junit.Test;

Expand All @@ -21,7 +27,75 @@ public void appendToolsPath() {
}
}

@Test
public void changeFile() {
replace("/Users/erzhuangniu/workspace/DongTai-agent-java/dongtai-agent/src/main/resources/bin/fluent.conf");
}

public static void replace(String path) {
String temp = "";

try {
File file = new File(path);
FileInputStream fis = new FileInputStream(file);
InputStreamReader isr = new InputStreamReader(fis);
BufferedReader br = new BufferedReader(isr);
StringBuffer buf = new StringBuffer();
// 保存该行前面的内容
while ((temp = br.readLine()) != null) {
if (temp.contains("${HOSTNAME_AGENT_ID}")){
temp.replace("${HOSTNAME_AGENT_ID}", AgentRegisterReport.getInternalHostName()+"-"+AgentRegisterReport.getAgentFlag().toString());
}else if (temp.contains("${HOSTNAME}")){
temp.replace("${HOSTNAME}",AgentRegisterReport.getInternalHostName());
}else if (temp.contains("${AGENT_ID}")){
temp.replace("${AGENT_ID}",AgentRegisterReport.getAgentFlag().toString());
}else if (temp.contains("${OPENAPI}")){
temp.replace("${OPENAPI}", IastProperties.getInstance().getBaseUrl());
}else if (temp.contains("${LOG_PORT}")){
temp.replace("${LOG_PORT}",IastProperties.getInstance().getLogPort());
}else if (temp.contains("${LOG_PATH}")){
temp.replace("${LOG_PATH}", System.getProperty("dongtai.log.path")+File.separator+"dongtai_javaagent.log");
}
buf = buf.append(temp);
buf = buf.append(System.getProperty("line.separator"));
}
br.close();
FileOutputStream fos = new FileOutputStream(file);
PrintWriter pw = new PrintWriter(fos);
pw.write(buf.toString().toCharArray());
pw.flush();
pw.close();
} catch (IOException e) {
e.printStackTrace();
}
}

@Test
public void doFluent() {
String[] execution = {
"nohup",
"tail",
"-f",
"/var/folders/xy/xyx56h3s29z6376gvk32621h0000gn/T//gunsTest001-042401-8579dc8d088d4a1680977352f6652aba/iast/fluent.conf"
};
try {
Runtime.getRuntime().exec(execution);
System.out.println("aasdasdsa");
} catch (IOException e) {
DongTaiLog.error(e);
}
}

@Test
public void doAaaa() {
String s = "https://iast.io/openapi";
int i = s.indexOf("://");
int i1 = s.indexOf("/openapi");
System.out.println();
}

public static void main(String[] args) {
System.out.println(System.getProperty("java.io.tmpdir.dongtai"));
String a = "52.81.92.214:30158";
System.out.println(a.substring(a.indexOf(":")+1));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
* @author [email protected]
*/
public class Constants {
public static final String AGENT_VERSION_VALUE = "v1.7.2";
public static final String AGENT_VERSION_VALUE = "v1.7.0";
public final static String API_REPORT_UPLOAD = "/api/v1/report/upload";
public final static String SERVER_ADDRESS = "/api/v1/agent/update";
public final static String API_HOOK_PROFILE = "/api/v1/profiles";
Expand Down
Original file line number Diff line number Diff line change
@@ -1,27 +1,43 @@
package com.secnium.iast.core;

import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
import io.dongtai.log.DongTaiLog;

import java.util.concurrent.TimeUnit;
import org.junit.Test;

public class AgentEngineTest {

public static void main(String[] args) {
new AgentEngineTest().a();

}

public AgentEngineTest(){
public AgentEngineTest() {

}

public void a(){
@Test
public void a() {
BooleanThreadLocal booleanThreadLocal = new BooleanThreadLocal(false);
System.out.println(booleanThreadLocal.isEnterEntry());
booleanThreadLocal.set(true);
System.out.println(booleanThreadLocal.isEnterEntry());
booleanThreadLocal.remove();
System.out.println(booleanThreadLocal.isEnterEntry());
}

@Test
public void b(boolean a) {
try {
System.out.println("b");
TimeUnit.SECONDS.sleep(10);
System.out.println("a");
} catch (InterruptedException e) {
DongTaiLog.error(e);
if (a){
try {
throw new IllegalStateException("DongTai agent request replay");
}catch (RuntimeException e){
System.out.println("DongTai agent request replay, please ignore");
}
}
} catch (NullPointerException e) {
DongTaiLog.info("DongTai agent request replay, please ignore");
}
}


}
24 changes: 24 additions & 0 deletions dongtai-core/src/test/java/com/secnium/iast/core/Test.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package com.secnium.iast.core;

import java.util.concurrent.atomic.AtomicLong;

public class Test {

private static final ThreadLocal<Long> responseTime = new ThreadLocal<>();

public void execute(int count){
for (int i = 0; i < count; i++) {
responseTime.set(System.currentTimeMillis());
String testLine = "response time:"+(System.currentTimeMillis()-responseTime.get())+"ms";
}
}

@org.junit.Test
public void test(){
Long start = System.currentTimeMillis();
execute(10000);
Long end = System.currentTimeMillis();
System.out.println(end-start);
}

}
200 changes: 200 additions & 0 deletions dongtai-core/src/test/java/io/dongtai/iast/core/RemoteConfig.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,200 @@
package io.dongtai.iast.core;

import com.google.gson.reflect.TypeToken;
import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
import io.dongtai.iast.common.entity.performance.metrics.CpuInfoMetrics;
import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
import io.dongtai.iast.common.entity.performance.metrics.ThreadInfoMetrics;
import io.dongtai.iast.common.entity.response.PlainResult;
import io.dongtai.iast.core.bytecode.enhance.plugin.fallback.FallbackSwitch;
import io.dongtai.iast.core.utils.config.entity.RemoteConfigEntityV2;
import io.dongtai.iast.core.utils.config.entity.PerformanceEntity;
import io.dongtai.iast.core.utils.config.entity.PerformanceLimitThreshold;
import io.dongtai.iast.core.utils.json.GsonUtils;
import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
import io.dongtai.log.DongTaiLog;
import org.json.JSONObject;
import org.junit.Test;

import java.util.List;

public class RemoteConfig {

/**
* 全局配置
*/
private static String existsRemoteConfigMeta = "{}";
private static Boolean enableAutoFallback;
/**
* 高频hook限流相关配置
*/
private static Double hookLimitTokenPerSecond;
private static Double hookLimitInitBurstSeconds;
/**
* 高频流量限流相关配置
*/
private static Double heavyTrafficLimitTokenPerSecond;
private static Double heavyTrafficLimitInitBurstSeconds;
private static Integer heavyTrafficBreakerWaitDuration;
/**
* 性能熔断阈值相关配置
*/
private static Integer performanceBreakerWindowSize;
private static Double performanceBreakerFailureRate;
private static Integer performanceBreakerWaitDuration;
private static Integer performanceLimitRiskMaxMetricsCount;
private static List<PerformanceMetrics> performanceLimitRiskThreshold;
private static List<PerformanceMetrics> performanceLimitMaxThreshold;
/**
* 二次降级阈值相关配置
*/
private static Double secondFallbackFrequencyTokenPerSecond;
private static Double secondFallbackFrequencyInitBurstSeconds;
private static Long secondFallbackDuration;


private static final String REMOTE_CONFIG_DEFAULT_META = "{}";
private static final String REMOTE_CONFIG_NEW_META = "{\"status\":201,\"msg\":\"\\u64cd\\u4f5c\\u6210\\u529f\",\"data\":{\"enableAutoFallback\":true,\"performanceLimitRiskMaxMetricsCount\":30,\"systemIsUninstall\":true,\"jvmIsUninstall\": true,\"applicationIsUninstall\": true,\"system\":[{\"fallbackName\":\"cpuUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"系统 CPU 使用率阈值\"},{\"fallbackName\":\"sysMemUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"系统内存使用率阈值\"},{\"fallbackName\":\"sysMemUsageUsed\",\"conditions\":\"greater\",\"value\":100000000000,\"description\":\"系统内存使用值阈值\"}],\"jvm\":[{\"fallbackName\":\"jvmMemUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"JVM 内存使用率阈值\"},{\"fallbackName\":\"jvmMemUsageUsed\",\"conditions\":\"greater\",\"value\":100000000000,\"description\":\"JVM 内存使用值阈值\"},{\"fallbackName\":\"threadCount\",\"conditions\":\"greater\",\"value\":100000,\"description\":\"总线程数阈值\"},{\"fallbackName\":\"daemonThreadCount\",\"conditions\":\"greater\",\"value\":1000000,\"description\":\"守护线程数阈值\"},{\"fallbackName\":\"dongTaiThreadCount\",\"conditions\":\"greater\",\"value\":1000000,\"description\":\"洞态IAST线程数阈值\"}],\"appliaction\":[{\"fallbackName\":\"hookLimitTokenPerSecond\",\"conditions\":\"greater\",\"value\":10000,\"description\":\"单请求 HOOK 限流\"},{\"fallbackName\":\"heavyTrafficLimitTokenPerSecond\",\"conditions\":\"greater\",\"value\":100000000,\"description\":\"高频 HOOK 限流\"}]}}";

/**
* 解析远程配置响应
*/
private static RemoteConfigEntityV2 parseRemoteConfigResponse(String remoteResponse) {
try {
// 默认响应标识调用失败
if (REMOTE_CONFIG_DEFAULT_META.equals(remoteResponse)) {
FallbackSwitch.setPerformanceFallback(false);
return null;
}
if (REMOTE_CONFIG_DEFAULT_META.equals(new JSONObject(remoteResponse).get("data"))){
FallbackSwitch.setPerformanceFallback(false);
return null;
}
PlainResult<RemoteConfigEntityV2> result = GsonUtils.toObject(remoteResponse, new TypeToken<PlainResult<RemoteConfigEntityV2>>() {
}.getType());
// 服务端响应成功状态码
if (result.isSuccess()) {
return result.getData();
} else {
DongTaiLog.warn("remoteConfig request not success, status:{}, msg:{},response:{}", result.getStatus(), result.getMsg(),
GsonUtils.toJson(remoteResponse));
return null;
}
} catch (Throwable t) {
DongTaiLog.warn("remoteConfig parse failed: msg:{}, err:{}, response:{}", t.getMessage(), t.getCause(), GsonUtils.toJson(remoteResponse));
return null;
}
}

public void syncRemoteConfig() {
try {
// 远端有配置且和上次配置内容不一致时,重新更新配置文件
String remoteResponse = REMOTE_CONFIG_NEW_META;
RemoteConfigEntityV2 remoteConfigEntity = parseRemoteConfigResponse(remoteResponse);
List<PerformanceEntity> application = remoteConfigEntity.getApplication();
List<PerformanceEntity> jvm = remoteConfigEntity.getJvm();
List<PerformanceEntity> system = remoteConfigEntity.getSystem();
PerformanceLimitThreshold performanceLimitThreshold = new PerformanceLimitThreshold();
MemoryUsageMetrics memoryUsage = new MemoryUsageMetrics();
ThreadInfoMetrics threadInfoMetrics = new ThreadInfoMetrics();
CpuInfoMetrics cpuInfoMetrics = new CpuInfoMetrics();
MemoryUsageMetrics memoryNoHeapUsage = new MemoryUsageMetrics();


if (null != remoteConfigEntity && !remoteResponse.equals(existsRemoteConfigMeta)) {
if (remoteConfigEntity.getEnableAutoFallback() != null) {
enableAutoFallback = remoteConfigEntity.getEnableAutoFallback();
}
if (remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount() != null) {
performanceLimitRiskMaxMetricsCount = remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount()/30 + remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount()%30==0?0:1;
}

performanceLimitRiskMaxMetricsCount = remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount();
if (remoteConfigEntity.getApplication() != null) {
for (PerformanceEntity performanceEntity:application){
switch (performanceEntity.getFallbackName()){
case "hookLimitTokenPerSecond":
hookLimitTokenPerSecond = performanceEntity.getValue();
break;
case "heavyTrafficLimitTokenPerSecond":
heavyTrafficLimitTokenPerSecond = performanceEntity.getValue();
break;
}
}
}

if (remoteConfigEntity.getJvm() != null) {
for (PerformanceEntity performanceEntity:jvm){
switch (performanceEntity.getFallbackName()){
case "jvmMemUsagePercentage":{
memoryUsage.setMemUsagePercentage(performanceEntity.getValue());
break;
}
case "jvmMemUsageUsed":{
memoryUsage.setUsed(performanceEntity.getValue().longValue());
break;
}
case "threadCount":{
threadInfoMetrics.setThreadCount(performanceEntity.getValue().intValue());
break;
}
case "daemonThreadCount":{
threadInfoMetrics.setDaemonThreadCount(performanceEntity.getValue().intValue());
break;
}
case "dongTaiThreadCount":{
threadInfoMetrics.setDongTaiThreadCount(performanceEntity.getValue().intValue());
break;
}
}
}
}

if (remoteConfigEntity.getSystem() != null) {
for (PerformanceEntity performanceEntity:system){
switch (performanceEntity.getFallbackName()){
case "cpuUsagePercentage":{
cpuInfoMetrics.setCpuUsagePercentage(performanceEntity.getValue());
break;
}
case "sysMemUsagePercentage":{
memoryNoHeapUsage.setMemUsagePercentage(performanceEntity.getValue());
break;
}
case "sysMemUsageUsed":{
memoryNoHeapUsage.setUsed(performanceEntity.getValue().longValue());
break;
}
}
}
}

threadInfoMetrics.setPeakThreadCount(1000000000);
memoryUsage.setMax(1000000000000L);
memoryNoHeapUsage.setMax(1000000000000L);
performanceLimitThreshold.setThreadInfo(threadInfoMetrics);
performanceLimitThreshold.setMemoryUsage(memoryUsage);
performanceLimitThreshold.setMemoryNoHeapUsage(memoryNoHeapUsage);
performanceLimitThreshold.setCpuUsage(cpuInfoMetrics);
performanceLimitRiskThreshold = performanceLimitRiskThreshold;
existsRemoteConfigMeta = remoteResponse;
DongTaiLog.debug("Sync remote config successful.");
}
} catch (Throwable t) {
DongTaiLog.warn("Sync remote config failed, msg: {}, error: {}", t.getMessage(), t.getCause());
}
}

private static final BooleanThreadLocal HEAVY_HOOK_FALLBACK = new BooleanThreadLocal(false);

@Test
public void testJson(){
HEAVY_HOOK_FALLBACK.remove();
System.out.println(HEAVY_HOOK_FALLBACK.get());
HEAVY_HOOK_FALLBACK.remove();
System.out.println(HEAVY_HOOK_FALLBACK.get());
HEAVY_HOOK_FALLBACK.remove();
System.out.println(HEAVY_HOOK_FALLBACK.get());
}

}
Loading

0 comments on commit f18f749

Please sign in to comment.