Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/1.3.4'
Browse files Browse the repository at this point in the history
  • Loading branch information
Aaron Lewis committed Jul 7, 2020
2 parents bdd3d00 + b4a41a9 commit a8a646b
Show file tree
Hide file tree
Showing 198 changed files with 5,760 additions and 1,977 deletions.
1 change: 1 addition & 0 deletions agent/java/boot/src/main/java/com/baidu/openrasp/Agent.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
package com.baidu.openrasp;

import org.apache.commons.cli.*;
import sun.management.FileSystem;

import java.io.IOException;
import java.lang.instrument.Instrumentation;
Expand Down
7 changes: 7 additions & 0 deletions agent/java/boot/src/main/java/com/baidu/openrasp/ModuleLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ public class ModuleLoader {

// ModuleLoader 为 classloader加载的,不能通过getProtectionDomain()的方法获得JAR路径
static {
// juli
try {
Class clazz = Class.forName("java.nio.file.FileSystems");
clazz.getMethod("getDefault", new Class[0]).invoke(null);
} catch (Throwable t) {
// ignore
}
Class clazz = ModuleLoader.class;
// path值示例: file:/opt/apache-tomcat-xxx/rasp/rasp.jar!/com/fuxi/javaagent/Agent.class
String path = clazz.getResource("/" + clazz.getName().replace(".", "/") + ".class").getPath();
Expand Down
2 changes: 1 addition & 1 deletion agent/java/engine/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.2</version>
<version>2.8.5</version>
</dependency>
<dependency>
<groupId>org.yaml</groupId>
Expand Down
74 changes: 65 additions & 9 deletions agent/java/engine/src/main/java/com/baidu/openrasp/dependency/DependencyFinder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,14 +16,13 @@

package com.baidu.openrasp.dependency;

import com.baidu.openrasp.config.Config;
import com.baidu.openrasp.messaging.ErrorType;
import com.baidu.openrasp.messaging.LogTool;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.*;
import java.security.ProtectionDomain;
import java.util.Enumeration;
import java.util.HashSet;
Expand All @@ -41,7 +40,7 @@
*/
public class DependencyFinder {
public static final Logger LOGGER = Logger.getLogger(DependencyFinder.class.getPackage().getName() + ".log");
private static final int MAX_DEPENDENCES_CACHE = 4096;
private static final int MAX_DEPENDENCES_CACHE = 10000;
private static final String DEPENDENCY_SOURCE_MANEFEST_IMPL = "manifest_implementation";
private static final String DEPENDENCY_SOURCE_MANEFEST_SPEC = "manifest_specification";
private static final String DEPENDENCY_SOURCE_MANEFEST_BUNDLE = "manifest_bundle";
Expand All @@ -53,7 +52,16 @@ public static void addJarPath(ProtectionDomain domain) {
if (domain != null && domain.getCodeSource() != null && domain.getCodeSource().getLocation() != null) {
String path = domain.getCodeSource().getLocation().getFile();
if (!StringUtils.isEmpty(path)) {
if (path.endsWith(".jar") && !(loadedJarPaths.size() >= MAX_DEPENDENCES_CACHE)) {
if ((path.endsWith(".jar")
|| path.endsWith(".jar!")
|| path.endsWith(".jar!/")
|| path.endsWith(".jar/")
|| path.endsWith(".jar!" + File.separator))
&& !(loadedJarPaths.size() >= MAX_DEPENDENCES_CACHE)) {
if (!path.endsWith(".jar")) {
int start = path.contains("/") ? path.indexOf("/") : path.indexOf("\\");
path = path.substring(start, path.lastIndexOf(".jar") + 4);
}
loadedJarPaths.add(path);
}
}
Expand All @@ -63,9 +71,21 @@ public static void addJarPath(ProtectionDomain domain) {
public static HashSet<Dependency> getDependencySet() {
HashSet<Dependency> dependencySet = new HashSet<Dependency>();
for (String path : loadedJarPaths) {
String realPath = path;
String subPath = null;
int step = 6;
int i = path.indexOf(".jar!");
if (i < 0) {
step = 5;
i = path.indexOf(".jar/");
}
if (i > 0) {
realPath = path.substring(0, i + 4);
subPath = path.substring(i + step, path.length());
}
JarFile jarFile;
try {
jarFile = new JarFile(path);
jarFile = new JarFile(realPath);
} catch (IOException e) {
if (e instanceof FileNotFoundException) {
loadedJarPaths.remove(path);
Expand All @@ -76,11 +96,12 @@ public static HashSet<Dependency> getDependencySet() {
continue;
}
try {
Dependency dependency = loadDependencyFromPOM(jarFile, path);
Dependency dependency = loadDependencyFromJarFile(jarFile, path);
if (dependency != null) {
dependencySet.add(dependency);
} else {
dependency = loadDependencyFromManifest(jarFile, path);
}
if (subPath != null) {
dependency = loadDependencyFromJar(jarFile, path, subPath);
if (dependency != null) {
dependencySet.add(dependency);
}
Expand All @@ -100,6 +121,41 @@ public static HashSet<Dependency> getDependencySet() {
return dependencySet;
}

private static Dependency loadDependencyFromJarFile(JarFile jarFile, String path) throws Exception {
Dependency dependency = loadDependencyFromPOM(jarFile, path);
if (dependency != null) {
return dependency;
} else {
dependency = loadDependencyFromManifest(jarFile, path);
if (dependency != null) {
return dependency;
}
}
return null;
}

private static Dependency loadDependencyFromJar(JarFile jarFile, String path, String subPath) throws Exception {
InputStream in = jarFile.getInputStream(jarFile.getEntry(subPath));
File outFile = new File(Config.getConfig().getBaseDirectory() + File.separator + "tmp");
OutputStream out = new FileOutputStream(outFile);
byte[] buffer = new byte[1024];
int i;
while ((i = in.read(buffer)) != -1) {
out.write(buffer, 0, i);
}
out.flush();
try {
out.close();
in.close();
} catch (Throwable t) {
// ignore
}
JarFile file = new JarFile(outFile);
Dependency dependency = loadDependencyFromJarFile(file, path);
file.close();
return dependency;
}

private static Dependency loadDependencyFromPOM(JarFile jarFile, String path) throws Exception {
InputStream in = readPomFromJarFile(jarFile);
try {
Expand Down
12 changes: 8 additions & 4 deletions agent/java/engine/src/main/java/com/baidu/openrasp/dependency/DependencyReport.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,18 +40,22 @@
public class DependencyReport extends CloudTimerTask {

public static final Logger LOGGER = Logger.getLogger(DependencyReport.class.getName());
private static boolean firstReport = false;
private static final int FIRST_INTERNAL = 120;
private static int reportTimes = 0;
private static final int FIRST_INTERNAL = 15;
private static final int INIT_INTERNAL = 120;

public DependencyReport() {
super("OpenRASP Dependency Report Thread");
}

@Override
public long getSleepTime() {
if (!firstReport) {
firstReport = true;
if (reportTimes < 3) {
reportTimes++;
return FIRST_INTERNAL;
} else if (reportTimes < 6) {
reportTimes++;
return INIT_INTERNAL;
}
return Config.getConfig().getDependencyCheckInterval();
}
Expand Down
6 changes: 6 additions & 0 deletions agent/java/engine/src/main/java/com/baidu/openrasp/messaging/LogTool.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ public static void traceError(ErrorType errorType, String message, Throwable t)
}
}

public static void traceInfo(String message) {
if (Config.getConfig().isDebugEnabled()) {
LOGGER.info(message);
}
}

public static void traceWarn(ErrorType errorType, String message) {
if (Config.getConfig().isDebugEnabled()) {
warn(errorType, message);
Expand Down
52 changes: 33 additions & 19 deletions agent/java/engine/src/main/java/com/baidu/openrasp/plugin/info/AttackInfo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,13 +25,17 @@
import com.baidu.openrasp.tool.decompile.Decompiler;
import com.baidu.openrasp.tool.model.ApplicationModel;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;

import org.apache.commons.lang3.StringUtils;

import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

/**
* Created by zhuming01 on 7/11/17.
Expand All @@ -50,9 +54,10 @@ public class AttackInfo extends EventInfo {
private String pluginName;
private String message;
private String action;
private int confidence;
private String algorithm;
private Map params;
private int confidence;
private JsonObject extras;

public static AttackInfo createLocalAttackInfo(CheckParameter parameter, String action,
String message, String algorithm) {
Expand All @@ -69,10 +74,17 @@ public AttackInfo(CheckParameter parameter, String action, String message,
this(parameter, action, message, pluginName, algorithm, DEFAULT_CONFIDENCE_VALUE);
}

public AttackInfo(CheckParameter parameter, String action, String message, String pluginName, String algorithm,
int confidence, Map params) {
this(parameter, action, message, pluginName, algorithm, confidence);
public AttackInfo(CheckParameter parameter, String action, String message, String pluginName, int confidence,
String algorithm, Map params, JsonObject extras) {
this.parameter = parameter;
this.action = action;
this.message = message;
this.pluginName = pluginName;
this.confidence = confidence;
this.algorithm = algorithm;
this.params = params;
this.extras = extras;
setBlock(CHECK_ACTION_BLOCK.equals(action));
}

public AttackInfo(CheckParameter parameter, String action, String message,
Expand Down Expand Up @@ -107,8 +119,8 @@ public Map<String, Object> getInfo() {
// 攻击参数
if (params == null) {
params = parameter.getParams();
params.put("stack", StackTrace.getStackTraceArray(true, true));
}
params.put("stack", StackTrace.getStackTraceArray(true, true));
info.put("attack_params", params);
// 检测插件
info.put("plugin_name", this.pluginName);
Expand All @@ -126,22 +138,30 @@ public Map<String, Object> getInfo() {
// appId
info.put("app_id", Config.getConfig().getCloudAppId());
}
// 服务器ip
info.put("server_nic", OSUtil.getIpAddress());
// 被攻击目标服务器类型和版本
info.put("server_type", ApplicationModel.getServerName());
info.put("server_version", ApplicationModel.getVersion());
// Java反编译开关打开时,启用
if (Config.getConfig().getDecompileEnable() && checkTomcatVersion()) {
// 攻击调用栈
StackTraceElement[] trace = StackTrace.filter(new Throwable().getStackTrace());
info.put("source_code", Decompiler.getAlarmPoint(trace));
} else {
info.put("source_code", "");
}
if (request != null) {
// 请求ID
info.put("request_id", request.getRequestId());
// 攻击来源IP
info.put("attack_source", request.getRemoteAddr());
// 攻击真实IP
info.put("client_ip", request.getClientIp());
// 服务器ip
info.put("server_nic", OSUtil.getIpAddress());
// 被攻击目标域名
info.put("target", request.getServerName());
// 被攻击目标IP
info.put("server_ip", request.getLocalAddr());
// 被攻击目标服务器类型和版本
info.put("server_type", ApplicationModel.getServerName());
info.put("server_version", ApplicationModel.getVersion());
// 请求 header
info.put("header", getRequestHeader(request));
// 请求参数
Expand All @@ -167,16 +187,10 @@ public Map<String, Object> getInfo() {
// 请求方法
String method = request.getMethod();
info.put("request_method", method != null ? method.toLowerCase() : null);
// Java反编译开关打开时,启用
if (Config.getConfig().getDecompileEnable() && checkTomcatVersion()) {
// 攻击调用栈
StackTraceElement[] trace = StackTrace.filter(new Throwable().getStackTrace());
info.put("source_code", Decompiler.getAlarmPoint(trace));
} else {
info.put("source_code", "");
}
}

for (Entry<String, JsonElement> entry : extras.entrySet()) {
info.put(entry.getKey(), entry.getValue());
}
return info;
}

Expand Down
Loading

0 comments on commit a8a646b

Please sign in to comment.