From 0bcd5fb2b7284158c773670a716239ec607b948d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 12 Jul 2022 11:53:57 +0800 Subject: [PATCH 1/4] fix bug : CloneResponse and cloneRequest call exception. --- .../hookpoint/controller/impl/HttpImpl.java | 28 +++++++++++++++---- .../com.secnium.iast.resources/blackext.txt | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java index 2d8fb8bbe..746a74e93 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java @@ -27,6 +27,7 @@ public class HttpImpl { private static Class CLASS_OF_SERVLET_PROXY; private static IastClassLoader iastClassLoader; public static File IAST_REQUEST_JAR_PACKAGE; + private static Map REQUEST_META; static { IAST_REQUEST_JAR_PACKAGE = new File(System.getProperty("java.io.tmpdir.dongtai") + "iast" + File.separator + "dongtai-api.jar"); @@ -83,6 +84,12 @@ public static Object cloneRequest(Object req, boolean isJakarta) { if (req == null) { return null; } + if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { + return req; + } + if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { + return req; + } try { if (cloneRequestMethod == null) { createClassLoader(req); @@ -105,6 +112,12 @@ public static Object cloneResponse(Object response, boolean isJakarta) { if (response == null) { return null; } + if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { + return response; + } + if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { + return response; + } try { if (cloneResponseMethod == null) { loadCloneResponseMethod(); @@ -114,6 +127,8 @@ public static Object cloneResponse(Object response, boolean isJakarta) { return response; } catch (InvocationTargetException e) { return response; + } finally { + REQUEST_META = null; } } @@ -152,22 +167,23 @@ public static Map getResponseMeta(Object response) { public static void solveHttp(MethodEvent event) throws InvocationTargetException, IllegalAccessException, NoSuchMethodException { DongTaiLog.debug(EngineManager.SCOPE_TRACKER.get().toString()); - Map requestMeta = getRequestMeta(event.argumentArray[0]); - Boolean isReplay = (Boolean) requestMeta.get("replay-request"); + REQUEST_META = null; + REQUEST_META = getRequestMeta(event.argumentArray[0]); + Boolean isReplay = (Boolean) REQUEST_META.get("replay-request"); if (isReplay){ EngineManager.ENTER_REPLAY_ENTRYPOINT.enterEntry(); } // todo Consider increasing the capture of html request responses - if (ConfigMatcher.getInstance().disableExtension((String) requestMeta.get("requestURI"))) { + if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { return; } - if (ConfigMatcher.getInstance().getBlackUrl(requestMeta)) { + if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { return; } // todo: add custom header escape - EngineManager.enterHttpEntry(requestMeta); - DongTaiLog.debug("HTTP Request:{} {} from: {}", requestMeta.get("method"), requestMeta.get("requestURI"), + EngineManager.enterHttpEntry(REQUEST_META); + DongTaiLog.debug("HTTP Request:{} {} from: {}", REQUEST_META.get("method"), REQUEST_META.get("requestURI"), event.signature); } diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blackext.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blackext.txt index b2e67bbde..75c0a4095 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blackext.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blackext.txt @@ -1 +1 @@ -.js,.css,.htm,.html,.jpg,.png,.gif,.woff,.woff2,.ico,.maps,.xml \ No newline at end of file +.js,.css,.htm,.html,.jpg,.png,.gif,.woff,.woff2,.ico,.maps,.xml,.map \ No newline at end of file From dd1c82bfc3ae3ad7bb346fd03e0f26ac9036e4ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 12 Jul 2022 16:55:56 +0800 Subject: [PATCH 2/4] fix bug : agent upgrade. --- .../java/io/dongtai/iast/agent/AgentLauncher.java | 1 + .../io/dongtai/iast/agent/manager/EngineManager.java | 7 +++++-- .../iast/agent/monitor/impl/EngineMonitor.java | 11 ++++++++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java index 5e2de5b51..82cb5162d 100755 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java @@ -86,6 +86,7 @@ public static void agentmain(String args, Instrumentation inst) { DongTaiLog.info("DongTai wasn't installed."); return; } + EngineMonitor.setIsUninstallHeart(true); DongTaiLog.info("Engine is about to be uninstalled"); uninstall(); // attach手动卸载后停止守护线程 diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java index 3e1a43be8..7b768a204 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java @@ -5,6 +5,7 @@ import io.dongtai.iast.agent.middlewarerecognition.ServerDetect; import io.dongtai.iast.agent.middlewarerecognition.tomcat.AbstractTomcat; import io.dongtai.iast.agent.monitor.MonitorDaemonThread; +import io.dongtai.iast.agent.monitor.impl.EngineMonitor; import io.dongtai.iast.agent.monitor.impl.PerformanceMonitor; import io.dongtai.iast.agent.report.AgentRegisterReport; import io.dongtai.iast.agent.util.FileUtils; @@ -449,10 +450,12 @@ public synchronized boolean uninstall() { classOfEngine = null; IAST_CLASS_LOADER.closeIfPossible(); IAST_CLASS_LOADER = null; - uninstallObject(); setRunningStatus(1); setCoreStop(true); - MonitorDaemonThread.isExit = true; + if (EngineMonitor.getIsUninstallHeart()){ + uninstallObject(); + MonitorDaemonThread.isExit = true; + } return true; } diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/EngineMonitor.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/EngineMonitor.java index 6cdedc869..e3af36eeb 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/EngineMonitor.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/EngineMonitor.java @@ -19,7 +19,7 @@ public class EngineMonitor implements IMonitor { private final EngineManager engineManager; public static Boolean isCoreRegisterStart = false; private static final String NAME = "EngineMonitor"; - + private static Boolean isUninstallHeart = true; public EngineMonitor(EngineManager engineManager) { this.engineManager = engineManager; @@ -58,6 +58,7 @@ public void check() throws Exception { break; case CORE_UNINSTALL: DongTaiLog.info("engine uninstall"); + setIsUninstallHeart(false); engineManager.uninstall(); break; case CORE_PERFORMANCE_FORCE_OPEN: @@ -125,6 +126,14 @@ private boolean couldInstallEngine() { return true; } + public static Boolean getIsUninstallHeart() { + return isUninstallHeart; + } + + public static void setIsUninstallHeart(Boolean isUninstallHeart) { + EngineMonitor.isUninstallHeart = isUninstallHeart; + } + @Override public void run() { try { From 5925905b8e38711ea721e63b0e7531396b8eef37 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 13 Jul 2022 18:15:20 +0800 Subject: [PATCH 3/4] fix bug : attach file path. --- .../java/io/dongtai/iast/agent/Agent.java | 22 ++--- .../io/dongtai/iast/agent/AgentLauncher.java | 82 ++++++++++--------- 2 files changed, 54 insertions(+), 50 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java index f52e4917e..bfd21ed93 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java @@ -2,10 +2,9 @@ import java.io.*; import java.util.Arrays; -import java.util.UUID; +import java.util.concurrent.TimeUnit; import io.dongtai.iast.agent.util.FileUtils; -import io.dongtai.log.DongTaiLog; import org.apache.commons.cli.*; /** @@ -103,14 +102,14 @@ private static void doAttach(String pid, String agentArgs) { Process process = Runtime.getRuntime().exec(execution); process.waitFor(); if (process.exitValue() == 0) { - DongTaiLog.info("attach to process {} success, command: {}", pid, Arrays.toString(execution)); + System.out.println("[io.dongtai.iast.agent] [INFO] attach to process "+pid+" success, command: "+Arrays.toString(execution)); } else { - DongTaiLog.error("attach failure, please try again with command: {}", Arrays.toString(execution)); + System.out.println("[io.dongtai.iast.agent] [ERROR] attach failure, please try again with command: "+Arrays.toString(execution)); } } catch (IOException e) { - DongTaiLog.error("io.dongtai.iast.agent.Agent.doAttach(java.lang.String,java.lang.String)",e); + e.printStackTrace(); } catch (InterruptedException e) { - DongTaiLog.error("io.dongtai.iast.agent.Agent.doAttach(java.lang.String,java.lang.String)",e); + e.printStackTrace(); } } @@ -141,9 +140,9 @@ private static void extractJattach() throws IOException { FileUtils.getResourceToFile("bin/jattach-linux", JATTACH_FILE); } if ((new File(JATTACH_FILE)).setExecutable(true)) { - DongTaiLog.info("jattach extract success. wait for attach"); + System.out.println("[io.dongtai.iast.agent] [INFO] jattach extract success. wait for attach"); } else { - DongTaiLog.info("jattach extract failure. please set execute permission, file: {}", JATTACH_FILE); + System.out.println("[io.dongtai.iast.agent] [INFO] jattach extract failure. please set execute permission, file: "+JATTACH_FILE); } } @@ -152,7 +151,8 @@ private static void extractJattach() throws IOException { * * @param args */ - public static void main(String[] args) { + public static void main(String[] args) throws InterruptedException { + TimeUnit.SECONDS.sleep(10); String[] agentArgs = new String[0]; try { agentArgs = parseAgentArgs(args); @@ -162,9 +162,9 @@ public static void main(String[] args) { doAttach(agentArgs[0], agentArgs[1]); } } catch (ParseException e) { - DongTaiLog.error(e); + e.printStackTrace(); } catch (IOException e) { - DongTaiLog.error(e); + e.printStackTrace(); } } diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java index 82cb5162d..89113e83d 100755 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java @@ -79,8 +79,49 @@ public static void premain(String args, Instrumentation inst) { * @param inst inst */ public static void agentmain(String args, Instrumentation inst) { - DongTaiLog.info("Protect By DongTai IAST: " + System.getProperty("protect.by.dongtai", "false")); Map argsMap = parseArgs(args); + try { + if (argsMap.containsKey("debug")) { + System.setProperty("dongtai.debug", argsMap.get("debug")); + } + if (argsMap.containsKey("appCreate")) { + System.setProperty("dongtai.app.create", argsMap.get("appCreate")); + } + if (argsMap.containsKey("appName")) { + System.setProperty("dongtai.app.name", argsMap.get("appName")); + } + if (argsMap.containsKey("appVersion")) { + System.setProperty("dongtai.app.version", argsMap.get("appVersion")); + } + if (argsMap.containsKey("clusterName")) { + System.setProperty("dongtai.cluster.name", argsMap.get("clusterName")); + } + if (argsMap.containsKey("clusterVersion")) { + System.setProperty("dongtai.cluster.version", argsMap.get("clusterVersion")); + } + if (argsMap.containsKey("dongtaiServer")) { + System.setProperty("dongtai.server.url", argsMap.get("dongtaiServer")); + } + if (argsMap.containsKey("dongtaiToken")) { + System.setProperty("dongtai.server.token", argsMap.get("dongtaiToken")); + } + if (argsMap.containsKey("serverPackage")) { + System.setProperty("dongtai.server.package", argsMap.get("serverPackage")); + } + if (argsMap.containsKey("logLevel")) { + System.setProperty("dongtai.log.level", argsMap.get("logLevel")); + } + if (argsMap.containsKey("logPath")) { + System.setProperty("dongtai.log.path", argsMap.get("logPath")); + } + } catch (Exception e) { + DongTaiLog.error(e); + } + String tmpdir = System.getProperty("java.io.tmpdir"); + String appName = System.getProperty("dongtai.app.name"); + String appVersion = System.getProperty("dongtai.app.version"); + System.setProperty("java.io.tmpdir.dongtai", tmpdir + File.separator + appName + "-" + appVersion + "-" + UUID.randomUUID().toString().replaceAll("-", "") + File.separator); + DongTaiLog.info("Protect By DongTai IAST: " + System.getProperty("protect.by.dongtai", "false")); if ("uninstall".equals(argsMap.get("mode"))) { if (System.getProperty("protect.by.dongtai", null) == null) { DongTaiLog.info("DongTai wasn't installed."); @@ -99,44 +140,7 @@ public static void agentmain(String args, Instrumentation inst) { } MonitorDaemonThread.isExit = false; LAUNCH_MODE = LAUNCH_MODE_ATTACH; - try { - if (argsMap.containsKey("debug")) { - System.setProperty("dongtai.debug", argsMap.get("debug")); - } - if (argsMap.containsKey("appCreate")) { - System.setProperty("dongtai.app.create", argsMap.get("appCreate")); - } - if (argsMap.containsKey("appName")) { - System.setProperty("dongtai.app.name", argsMap.get("appName")); - } - if (argsMap.containsKey("appVersion")) { - System.setProperty("dongtai.app.version", argsMap.get("appVersion")); - } - if (argsMap.containsKey("clusterName")) { - System.setProperty("dongtai.cluster.name", argsMap.get("clusterName")); - } - if (argsMap.containsKey("clusterVersion")) { - System.setProperty("dongtai.cluster.version", argsMap.get("clusterVersion")); - } - if (argsMap.containsKey("dongtaiServer")) { - System.setProperty("dongtai.server.url", argsMap.get("dongtaiServer")); - } - if (argsMap.containsKey("dongtaiToken")) { - System.setProperty("dongtai.server.token", argsMap.get("dongtaiToken")); - } - if (argsMap.containsKey("serverPackage")) { - System.setProperty("dongtai.server.package", argsMap.get("serverPackage")); - } - if (argsMap.containsKey("logLevel")) { - System.setProperty("dongtai.log.level", argsMap.get("logLevel")); - } - if (argsMap.containsKey("logPath")) { - System.setProperty("dongtai.log.path", argsMap.get("logPath")); - } - install(inst); - } catch (Exception e) { - DongTaiLog.error(e); - } + install(inst); } } From e6eb23ea1b33dd44a5135bfc00720b76c863d59e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 13 Jul 2022 18:20:55 +0800 Subject: [PATCH 4/4] fix bug : load resource failure. --- .../ServletDispatcherAdviceAdapter.java | 2 +- .../hookpoint/controller/impl/HttpImpl.java | 41 ++++++++----------- 2 files changed, 18 insertions(+), 25 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletDispatcherAdviceAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletDispatcherAdviceAdapter.java index 6ff7b2ab4..a324e66db 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletDispatcherAdviceAdapter.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletDispatcherAdviceAdapter.java @@ -30,8 +30,8 @@ protected void before() { mv.visitJumpInsn(EQ, elseLabel); cloneHttpServletRequest(); - cloneHttpServletResponse(); captureMethodState(-1, HookType.HTTP.getValue(), false); + cloneHttpServletResponse(); mark(elseLabel); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java index 746a74e93..30f37bf20 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java @@ -27,7 +27,7 @@ public class HttpImpl { private static Class CLASS_OF_SERVLET_PROXY; private static IastClassLoader iastClassLoader; public static File IAST_REQUEST_JAR_PACKAGE; - private static Map REQUEST_META; + private final static ThreadLocal> REQUEST_META = new ThreadLocal<>(); static { IAST_REQUEST_JAR_PACKAGE = new File(System.getProperty("java.io.tmpdir.dongtai") + "iast" + File.separator + "dongtai-api.jar"); @@ -84,12 +84,6 @@ public static Object cloneRequest(Object req, boolean isJakarta) { if (req == null) { return null; } - if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { - return req; - } - if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { - return req; - } try { if (cloneRequestMethod == null) { createClassLoader(req); @@ -109,16 +103,16 @@ public static Object cloneRequest(Object req, boolean isJakarta) { * @return dongtai response object */ public static Object cloneResponse(Object response, boolean isJakarta) { - if (response == null) { - return null; - } - if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { - return response; - } - if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { - return response; - } try { + if (response == null) { + return null; + } + if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get().get("requestURI"))) { + return response; + } + if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META.get())) { + return response; + } if (cloneResponseMethod == null) { loadCloneResponseMethod(); } @@ -128,7 +122,7 @@ public static Object cloneResponse(Object response, boolean isJakarta) { } catch (InvocationTargetException e) { return response; } finally { - REQUEST_META = null; + REQUEST_META.remove(); } } @@ -167,23 +161,22 @@ public static Map getResponseMeta(Object response) { public static void solveHttp(MethodEvent event) throws InvocationTargetException, IllegalAccessException, NoSuchMethodException { DongTaiLog.debug(EngineManager.SCOPE_TRACKER.get().toString()); - REQUEST_META = null; - REQUEST_META = getRequestMeta(event.argumentArray[0]); - Boolean isReplay = (Boolean) REQUEST_META.get("replay-request"); + REQUEST_META.set(getRequestMeta(event.argumentArray[0])); + Boolean isReplay = (Boolean) REQUEST_META.get().get("replay-request"); if (isReplay){ EngineManager.ENTER_REPLAY_ENTRYPOINT.enterEntry(); } // todo Consider increasing the capture of html request responses - if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get("requestURI"))) { + if (ConfigMatcher.getInstance().disableExtension((String) REQUEST_META.get().get("requestURI"))) { return; } - if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META)) { + if (ConfigMatcher.getInstance().getBlackUrl(REQUEST_META.get())) { return; } // todo: add custom header escape - EngineManager.enterHttpEntry(REQUEST_META); - DongTaiLog.debug("HTTP Request:{} {} from: {}", REQUEST_META.get("method"), REQUEST_META.get("requestURI"), + EngineManager.enterHttpEntry(REQUEST_META.get()); + DongTaiLog.debug("HTTP Request:{} {} from: {}", REQUEST_META.get().get("method"), REQUEST_META.get().get("requestURI"), event.signature); }