From 0f6d53c02cc875da40dd10ece33af6e2922b8e2e Mon Sep 17 00:00:00 2001 From: tscuite Date: Tue, 18 Jul 2023 16:56:44 +0800 Subject: [PATCH 01/14] fix: update ci --- .github/workflows/code-check.yml | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/.github/workflows/code-check.yml b/.github/workflows/code-check.yml index 53d3c644a..b9e82cff3 100644 --- a/.github/workflows/code-check.yml +++ b/.github/workflows/code-check.yml @@ -157,24 +157,18 @@ jobs: ossutil cp -rf dongtai-agent/src/main/resources/bin/agent_latest.tar.gz oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ --meta x-oss-object-acl:public-read fi - - name: Set the value - id: release - run: | - if [ ${{ steps.version.outputs.GITHUB_REF }} = develop ] ; then echo "helm_ns=test" >> $GITHUB_ENV; echo "helm_mysql=test" >> $GITHUB_ENV - elif [ ${{ steps.version.outputs.GITHUB_REF }} = beta ] ; then echo "helm_ns=beta" >> $GITHUB_ENV; echo "helm_mysql=beta" >> $GITHUB_ENV - else echo "helm_ns=main" >> $GITHUB_ENV ; echo "helm_mysql=temp" >> $GITHUB_ENV ;fi + - name: deploy to cluster A + uses: tscuite/kubectl-helm-action@main + env: + MAX: false + PROJECT: agent + TOKEN_SCA: ${{ secrets.TOKEN_SCA }} + KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} - - name: deploy to cluster - uses: wahyd4/kubectl-helm-action@master + - name: deploy to cluster B + uses: tscuite/kubectl-helm-action@main env: + MAX: true + PROJECT: agent + TOKEN_SCA: ${{ secrets.MAX_TOKEN_SCA }} KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} - with: - args: | - git clone https://github.com/HXSecurity/DongTai.git - helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }} ./DongTai/deploy/kubernetes/helm/ \ - --set sca.sca_token=${{ secrets.TOKEN_SCA }} --set usb.usb_token=${{ secrets.TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}.huoxian.cn \ - --set tag=${{ steps.version.outputs.GITHUB_REF }}-latest --set build.agent_number=iast${{github.run_number}} --set develop.agentZip=${{ env.helm_ns }} --values https://charts.dongtai.io/devops.yaml - helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }}-max ./DongTai/deploy/kubernetes/helm/ \ - --set max=true --set sca.sca_token=${{ secrets.MAX_TOKEN_SCA }} --set usb.usb_token=${{ secrets.MAX_TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}-max.huoxian.cn \ - --set tag=max-${{ steps.version.outputs.GITHUB_REF }}-latest --set develop.agentZip=${{ env.helm_ns }} \ - --set build.agent_number=iast${{github.run_number}} --values https://charts.dongtai.io/devops.yaml From 622917d5db247399b02e58a990c8d79dac916765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 24 Jul 2023 10:53:48 +0800 Subject: [PATCH 02/14] fix: agent deadlock. --- .../bytecode/IastClassFileTransformer.java | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java index 4c647cad4..cef3c9fe6 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java @@ -112,29 +112,39 @@ public byte[] transform(final ClassLoader loader, final Class classBeingRedefined, final ProtectionDomain protectionDomain, final byte[] srcByteCodeArray) { + String threadName = Thread.currentThread().getName(); + if (threadName.startsWith("DongTai-IAST-Core") + || threadName.startsWith("DongTai-IAST-AgentStateMonitor") + || threadName.startsWith("DongTai-IAST-ConfigMonitor") + || threadName.startsWith("DongTai-IAST-FallbackConfigMonitor") + || threadName.startsWith("DongTai-IAST-HearBeatMonitor") + || threadName.startsWith("DongTai-IAST-PerformanceMonitor")) { + return null; + } + + if (internalClassName == null + || internalClassName.startsWith("io/dongtai/") + || internalClassName.startsWith("com/secnium/iast/") + || internalClassName.startsWith("java/lang/iast/") + || internalClassName.startsWith("cn/huoxian/iast/") + || internalClassName.startsWith("META-INF/") + || "module-info".equals(internalClassName)) { + return null; + } + + if (null != loader && loader.toString().toLowerCase().contains("rasp")) { + return null; + } + try { ScopeManager.SCOPE_TRACKER.getPolicyScope().enterAgent(); - if (internalClassName == null - || internalClassName.startsWith("io/dongtai/") - || internalClassName.startsWith("com/secnium/iast/") - || internalClassName.startsWith("java/lang/iast/") - || internalClassName.startsWith("cn/huoxian/iast/") - || internalClassName.startsWith("META-INF/") - || "module-info".equals(internalClassName)) { - return null; - } - if (" com/alibaba/fastjson/JSON".substring(1).equals(internalClassName)) { FastjsonCheck.setJsonClassLoader(loader); } else if (" com/alibaba/fastjson/parser/ParserConfig".substring(1).equals(internalClassName)) { FastjsonCheck.setParseConfigClassLoader(loader); } - if (null != loader && loader.toString().toLowerCase().contains("rasp")) { - return null; - } - if (loader != null && protectionDomain != null) { final CodeSource codeSource = protectionDomain.getCodeSource(); if (codeSource == null) { @@ -156,7 +166,6 @@ public byte[] transform(final ClassLoader loader, ClassContext classContext = new ClassContext(cr, loader); if (Modifier.isInterface(classContext.getModifier())) { - sourceCodeBak = null; return null; } final String className = classContext.getClassName(); @@ -183,14 +192,14 @@ public byte[] transform(final ClassLoader loader, transformMap.put(classBeingRedefined, srcByteCodeArray); } transformCount++; + classDiagram.setLoader(null); return dumpClassIfNecessary(cr.getClassName(), cw.toByteArray(), srcByteCodeArray); } } - sourceCodeBak = null; + classDiagram.setLoader(null); } catch (Throwable throwable) { DongTaiLog.warn(ErrorCode.get("TRANSFORM_CLASS_FAILED"), internalClassName, throwable); } finally { - classDiagram.setLoader(null); ScopeManager.SCOPE_TRACKER.getPolicyScope().leaveAgent(); } From e9ba653dcd047d500248a177509889f995237291 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 24 Jul 2023 16:38:48 +0800 Subject: [PATCH 03/14] fix: agent deadlock. --- .../core/bytecode/IastClassFileTransformer.java | 13 +++++++++++-- .../iast/core/init/impl/TransformEngine.java | 3 +++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java index cef3c9fe6..b1c655f02 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java @@ -62,6 +62,13 @@ public static IastClassFileTransformer getInstance(Instrumentation inst, PolicyM return INSTANCE; } + public static IastClassFileTransformer getInstance() { + if (null != INSTANCE) { + return INSTANCE; + } + return null; + } + IastClassFileTransformer(Instrumentation inst, PolicyManager policyManager) { this.inst = inst; this.isDumpClass = EngineManager.getInstance().isEnableDumpClass(); @@ -192,11 +199,9 @@ public byte[] transform(final ClassLoader loader, transformMap.put(classBeingRedefined, srcByteCodeArray); } transformCount++; - classDiagram.setLoader(null); return dumpClassIfNecessary(cr.getClassName(), cw.toByteArray(), srcByteCodeArray); } } - classDiagram.setLoader(null); } catch (Throwable throwable) { DongTaiLog.warn(ErrorCode.get("TRANSFORM_CLASS_FAILED"), internalClassName, throwable); } finally { @@ -356,5 +361,9 @@ public void reTransform() { public static HashMap getTransformMap() { return transformMap; } + + public IastClassDiagram getClassDiagram() { + return classDiagram; + } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java b/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java index c3d6b877e..bb83ffee3 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java @@ -73,6 +73,9 @@ public void destroy() { DongTaiLog.error(ErrorCode.get("TRANSFORM_ENGINE_DESTROY_REDEFINE_CLASSES_FAILED"), e); } } + if (IastClassFileTransformer.getInstance() != null) { + IastClassFileTransformer.getInstance().getClassDiagram().setLoader(null); + } inst = null; classFileTransformer = null; } From ac33750d652e3bcd86f70a177acebad16127ca3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 1 Aug 2023 10:39:39 +0800 Subject: [PATCH 04/14] feature: add validator handler. --- .../common/constants/PropertyConstant.java | 2 +- .../core/bytecode/enhance/asm/AsmMethods.java | 6 ++ .../plugin/core/DispatchClassPlugin.java | 1 + .../plugin/core/adapter/ValidatorAdapter.java | 54 ++++++++++++ .../handler/hookpoint/SpyDispatcherImpl.java | 21 ++++- .../hookpoint/controller/impl/DubboImpl.java | 2 + .../controller/impl/PropagatorImpl.java | 2 + .../hookpoint/controller/impl/SourceImpl.java | 2 + .../controller/impl/ValidatorImpl.java | 86 +++++++++++++++++++ .../hookpoint/graphy/GraphBuilder.java | 9 ++ .../handler/hookpoint/models/MethodEvent.java | 15 ++++ .../hookpoint/models/policy/Policy.java | 6 ++ .../models/policy/PolicyBuilder.java | 25 ++++-- .../models/policy/PolicyNodeType.java | 2 +- .../models/policy/ValidatorNode.java | 59 +++++++++++++ .../models/taint/range/TaintRanges.java | 14 ++- .../hookpoint/models/taint/tag/TaintTag.java | 1 + .../hookpoint/service/trace/DubboService.java | 2 + .../hookpoint/service/trace/FeignService.java | 2 + .../dynamic/DynamicPropagatorScanner.java | 11 ++- .../iast/core/utils/PropertyUtils.java | 8 ++ .../main/java/java/lang/dongtai/NopSpy.java | 8 ++ .../java/java/lang/dongtai/SpyDispatcher.java | 2 + 23 files changed, 325 insertions(+), 15 deletions(-) create mode 100644 dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java create mode 100644 dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java create mode 100644 dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java index b7e54b30a..69007e2c7 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java @@ -32,5 +32,5 @@ public class PropertyConstant { public static final String PROPERTY_POLICY_PATH = "dongtai.policy.path"; public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path"; public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins"; - public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled_features"; + public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled.features"; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java index 140c3541c..70893d37c 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java @@ -219,6 +219,12 @@ static Method getAsmMethod(final Class clazz, SpyDispatcher.class, "isFirstLevelSink" ); + + Method SPY$enterValidator = InnerHelper.getAsmMethod( + SpyDispatcher.class, + "enterValidator" + ); + Method SPY$enterIgnoreInternal = InnerHelper.getAsmMethod( SpyDispatcher.class, "enterIgnoreInternal" diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java index 184573b53..dd8794487 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java @@ -54,6 +54,7 @@ public class ClassVisit extends AbstractClassVisitor { new SourceAdapter(), new PropagatorAdapter(), new SinkAdapter(), + new ValidatorAdapter(), }; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java new file mode 100644 index 000000000..991028a88 --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java @@ -0,0 +1,54 @@ +package io.dongtai.iast.core.bytecode.enhance.plugin.core.adapter; + +import io.dongtai.iast.core.bytecode.enhance.MethodContext; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNode; +import io.dongtai.iast.core.handler.hookpoint.models.policy.ValidatorNode; +import org.objectweb.asm.Label; +import org.objectweb.asm.MethodVisitor; +import org.objectweb.asm.Opcodes; + +import java.util.Set; + +public class ValidatorAdapter extends MethodAdapter { + /** + * @param adapter + * @param mv + * @param context + * @param policyNodes + */ + @Override + public void onMethodEnter(MethodAdviceAdapter adapter, MethodVisitor mv, MethodContext context, Set policyNodes) { + } + + /** + * @param adapter + * @param mv + * @param opcode + * @param context + * @param policyNodes + */ + @Override + public void onMethodExit(MethodAdviceAdapter adapter, MethodVisitor mv, int opcode, MethodContext context, Set policyNodes) { + for (PolicyNode policyNode : policyNodes) { + if (!(policyNode instanceof ValidatorNode)) { + continue; + } + + Label elseLabel = new Label(); + Label endLabel = new Label(); + + isEnterScope(adapter); + mv.visitJumpInsn(Opcodes.IFEQ, elseLabel); + + adapter.trackMethod(opcode, policyNode, true); + + adapter.mark(elseLabel); + adapter.mark(endLabel); + } + } + + private void isEnterScope(MethodAdviceAdapter adapter) { + adapter.invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher); + adapter.invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$enterValidator); + } +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java index 081c97336..40877056a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java @@ -394,7 +394,8 @@ public void collectDubboResponse(Object result, byte status) { } if (!ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_REQUEST).isFirst() - || !ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).in()) { + || !ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).in() + || ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_REQUEST).in()) { return; } @@ -558,6 +559,17 @@ public void leaveSink() { } } + /** + * mark for enter validator entry point + */ + @Override + public boolean enterValidator() { + if (!EngineManager.isEngineRunning()) { + return false; + } + return !ScopeManager.SCOPE_TRACKER.inAgent() && ScopeManager.SCOPE_TRACKER.inEnterEntry(); + } + /** * Determines whether it is a layer 1 Sink entry * @@ -674,6 +686,9 @@ public boolean collectMethod(Object instance, Object[] parameters, Object retObj } else if ((policyNode instanceof SinkNode)) { SinkImpl.solveSink(event, (SinkNode) policyNode); return true; + } else if ((policyNode instanceof ValidatorNode)) { + ValidatorImpl.solveValidator(event,(ValidatorNode)policyNode, INVOKE_ID_SEQUENCER); + return true; } return false; @@ -731,7 +746,7 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation, @Override public boolean isSkipCollectDubbo(Object invocation) { if (BlackUrlBypass.isBlackUrl()) { - Method setAttachmentMethod = null; + Method setAttachmentMethod; try { setAttachmentMethod = invocation.getClass().getMethod("setAttachment", String.class, String.class); setAttachmentMethod.setAccessible(true); @@ -746,7 +761,7 @@ public boolean isSkipCollectDubbo(Object invocation) { @Override public boolean isSkipCollectFeign(Object instance) { if (BlackUrlBypass.isBlackUrl()) { - Field metadataField = null; + Field metadataField; try { metadataField = instance.getClass().getDeclaredField("metadata"); metadataField.setAccessible(true); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java index b6b6496c7..8c512c239 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java @@ -8,6 +8,7 @@ import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.IastClassLoader; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRange; @@ -178,6 +179,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation, int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SOURCE.getName()); event.source = true; event.setCallStacks(StackUtils.createCallStack(4)); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java index 33168fe7c..0abf9e8c5 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java @@ -2,6 +2,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.PropagatorNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.*; @@ -63,6 +64,7 @@ private static void addPropagator(PropagatorNode propagatorNode, MethodEvent eve event.setCallStacks(StackUtils.createCallStack(6)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java index 60a169aaf..837298265 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java @@ -2,6 +2,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder; @@ -37,6 +38,7 @@ public static void solveSource(MethodEvent event, SourceNode sourceNode, AtomicI int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SOURCE.getName()); boolean valid = trackTarget(event, sourceNode); if (!valid) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java new file mode 100644 index 000000000..c1b045bc7 --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -0,0 +1,86 @@ +package io.dongtai.iast.core.handler.hookpoint.controller.impl; + +import io.dongtai.iast.core.EngineManager; +import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; +import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; +import io.dongtai.iast.core.handler.hookpoint.models.policy.ValidatorNode; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRange; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder; +import io.dongtai.iast.core.utils.StackUtils; +import io.dongtai.iast.core.utils.TaintPoolUtils; + +import java.util.Set; +import java.util.concurrent.atomic.AtomicInteger; + +import static io.dongtai.iast.core.utils.TaintPoolUtils.getStringHash; + +public class ValidatorImpl { + + /** + * 处理 Validator 点的事件 + * + * @param event Validator 点事件 + */ + public static void solveValidator(MethodEvent event, ValidatorNode validatorNode, AtomicInteger invokeIdSequencer) { + if (EngineManager.TAINT_HASH_CODES.isEmpty()) { + return; + } + Set sources = validatorNode.getSources(); + if (sources.isEmpty()) { + return; + } + + for (TaintPosition position : sources) { + Long hash = null; + Integer len = null; + if (position.isObject()) { + if (TaintPoolUtils.isNotEmpty(event.objectInstance) + && TaintPoolUtils.isAllowTaintType(event.objectInstance) + && TaintPoolUtils.poolContains(event.objectInstance, event)) { + hash = getStringHash(event.objectInstance); + len = TaintRangesBuilder.getLength(event.objectInstance); + } + } else if (position.isParameter()) { + int parameterIndex = position.getParameterIndex(); + if (parameterIndex >= event.parameterInstances.length) { + continue; + } + Object parameter = event.parameterInstances[parameterIndex]; + if (TaintPoolUtils.isNotEmpty(parameter) + && TaintPoolUtils.isAllowTaintType(parameter) + && TaintPoolUtils.poolContains(parameter, event)) { + hash = getStringHash(parameter); + len = TaintRangesBuilder.getLength(parameter); + } + } + + if (null != len && null != hash){ + TaintRanges tr = new TaintRanges(new TaintRange("validated", 0, len)); + if (validatorNode.hasTags()) { + String[] tags = validatorNode.getTags(); + for (String tag : tags) { + tr.add(new TaintRange(tag, 0, len)); + } + } + event.sourceRanges.add(new MethodEvent.MethodEventTargetRange(hash, tr)); + TaintRanges taintRanges = EngineManager.TAINT_RANGES_POOL.get().get(hash); + if (null == taintRanges){ + EngineManager.TAINT_RANGES_POOL.add(hash, tr); + }else { + taintRanges.addAll(tr); + } + } + } + + event.source = false; + event.setCallStacks(StackUtils.createCallStack(4)); + + int invokeId = invokeIdSequencer.getAndIncrement(); + event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.VALIDATOR.getName()); + EngineManager.TRACK_MAP.addTrackMethod(invokeId, event); + } + +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java index 7d64f461c..391d74b15 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java @@ -110,6 +110,7 @@ public static JSONObject toJson(MethodEvent event) { List targetPositions = new ArrayList(); value.put("invokeId", event.getInvokeId()); + value.put("policyType", event.getPolicyType()); value.put("source", event.isSource()); value.put("originClassName", event.getOriginClassName()); value.put("className", event.getMatchedClassName()); @@ -167,6 +168,14 @@ public static JSONObject toJson(MethodEvent event) { } } + if (event.sourceRanges.size() > 0) { + JSONArray tr = new JSONArray(); + value.put("sourceRange", tr); + for (MethodEvent.MethodEventTargetRange range : event.sourceRanges) { + tr.add(range.toJson()); + } + } + if (event.sourceTypes != null && event.sourceTypes.size() > 0) { JSONArray st = new JSONArray(); value.put("sourceType", st); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java index 7a3eb43e0..eb8009aab 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java @@ -24,6 +24,11 @@ public class MethodEvent { */ private int invokeId; + /** + * policy type + */ + private String policyType; + /** * is source policy node */ @@ -88,6 +93,8 @@ public class MethodEvent { public List targetRanges = new ArrayList(); + public List sourceRanges = new ArrayList(); + public List sourceTypes; private StackTraceElement callStack; @@ -172,6 +179,14 @@ public void setInvokeId(int invokeId) { this.invokeId = invokeId; } + public String getPolicyType() { + return policyType; + } + + public void setPolicyType(String policyType) { + this.policyType = policyType; + } + public boolean isSource() { return source; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java index a6a753d0e..ffadfc5fa 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java @@ -8,6 +8,7 @@ public class Policy { private final List sources = new ArrayList(); private final List propagators = new ArrayList(); private final List sinks = new ArrayList(); + private final List validators = new ArrayList(); private final Map policyNodesMap = new HashMap(); private final Set classHooks = new HashSet(); private final Set ancestorClassHooks = new HashSet(); @@ -43,6 +44,11 @@ public void addSink(SinkNode sink) { addPolicyNode(sink); } + public void addValidator(ValidatorNode validator) { + this.validators.add(validator); + addPolicyNode(validator); + } + public PolicyNode getPolicyNode(String policyKey) { return this.policyNodesMap.get(policyKey); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java index 6d0f1f7df..ac810cd1a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java @@ -71,6 +71,7 @@ public static Policy build(JSONArray policyConfig) throws PolicyException { buildSource(policy, nodeType, node); buildPropagator(policy, nodeType, node); buildSink(policy, nodeType, node); + buildValidator(policy, nodeType, node); } catch (PolicyException e) { DongTaiLog.warn(ErrorCode.get("POLICY_CONFIG_INVALID"), e); } @@ -132,6 +133,21 @@ public static void buildSink(Policy policy, PolicyNodeType type, JSONObject node policy.addSink(sinkNode); } + public static void buildValidator(Policy policy, PolicyNodeType type, JSONObject node) throws PolicyException { + if (!PolicyNodeType.VALIDATOR.equals(type)) { + return; + } + + Set sources = parseSource(node, type); + MethodMatcher methodMatcher = buildMethodMatcher(node); + ValidatorNode validatorNode = new ValidatorNode(sources, methodMatcher); + setInheritable(node, validatorNode); + List tags = parseTags(node, validatorNode); + validatorNode.setTags(tags.get(0)); + validatorNode.setUntags(tags.get(1)); + policy.addValidator(validatorNode); + } + private static PolicyNodeType parseNodeType(JSONObject node) throws PolicyException { try { int type = node.getInt(KEY_TYPE); @@ -149,11 +165,11 @@ private static Set parseSource(JSONObject node, PolicyNodeType ty try { return TaintPosition.parse(node.getString(KEY_SOURCE)); } catch (JSONException e) { - if (!PolicyNodeType.SOURCE.equals(type) && !PolicyNodeType.FILTER.equals(type)) { + if (!PolicyNodeType.SOURCE.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_SOURCE_INVALID + ": " + node.toString(), e); } } catch (TaintPositionException e) { - if (!PolicyNodeType.SOURCE.equals(type) && !PolicyNodeType.FILTER.equals(type)) { + if (!PolicyNodeType.SOURCE.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_SOURCE_INVALID + ": " + node.toString(), e); } } @@ -164,15 +180,10 @@ private static Set parseTarget(JSONObject node, PolicyNodeType ty try { return TaintPosition.parse(node.getString(KEY_TARGET)); } catch (JSONException e) { - if (!PolicyNodeType.FILTER.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_TARGET_INVALID + ": " + node.toString(), e); - } } catch (TaintPositionException e) { - if (!PolicyNodeType.FILTER.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_TARGET_INVALID + ": " + node.toString(), e); - } } - return new HashSet(); } private static void setInheritable(JSONObject node, PolicyNode policyNode) throws PolicyException { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java index 41f23c503..f6aee387c 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java @@ -3,7 +3,7 @@ public enum PolicyNodeType { SOURCE(2, "source"), PROPAGATOR(1, "propagator"), - FILTER(3, "filter"), + VALIDATOR(3, "validator"), SINK(4, "sink"), ; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java new file mode 100644 index 000000000..ee0629801 --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java @@ -0,0 +1,59 @@ +package io.dongtai.iast.core.handler.hookpoint.models.policy; + +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintCommandRunner; + +import java.util.Set; + +public class ValidatorNode extends PolicyNode { + + private Set sources; + private TaintCommandRunner commandRunner; + private String[] tags; + private String[] untags; + + public ValidatorNode(Set sources, MethodMatcher methodMatcher) { + super(methodMatcher); + this.sources = sources; + } + + @Override + public PolicyNodeType getType() { + return PolicyNodeType.VALIDATOR; + } + + public Set getSources() { + return this.sources; + } + + public void setSources(Set sources) { + this.sources = sources; + } + + public String[] getTags() { + return this.tags; + } + + public boolean hasTags() { + return this.tags != null && this.tags.length > 0; + } + + public void setTags(String[] tags) { + this.tags = tags; + } + + public String[] getUntags() { + return this.untags; + } + + public void setUntags(String[] untags) { + this.untags = untags; + } + + public TaintCommandRunner getCommandRunner() { + return this.commandRunner; + } + + public void setCommandRunner(TaintCommandRunner r) { + this.commandRunner = r; + } +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java index 287998967..1f1fcc1e8 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java @@ -17,7 +17,7 @@ public TaintRanges(ArrayList taintRanges) { this.taintRanges = taintRanges; } - public TaintRanges(TaintRange ...taintRanges) { + public TaintRanges(TaintRange... taintRanges) { this.taintRanges = new ArrayList(Arrays.asList(taintRanges)); } @@ -87,6 +87,18 @@ public boolean hasDisallowedTaintTags(TaintTag[] tags) { return false; } + public boolean hasValidatedTags(TaintTag[] tags) { + if (tags == null) { + return false; + } + for (TaintTag tag : tags) { + if (tag.equals(TaintTag.VALIDATED.getKey())) { + return true; + } + } + return false; + } + public TaintRanges clone() { TaintRanges taintRanges = new TaintRanges(); int size = this.taintRanges.size(); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java index 729e88b49..8ede07e7a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java @@ -34,6 +34,7 @@ public enum TaintTag { VBSCRIPT_ENCODED("vbscript-encoded"), HTTP_TOKEN_LIMITED_CHARS("http-token-limited-chars"), NUMERIC_LIMITED_CHARS("numeric-limited-chars"), + VALIDATED("validated"), ; private final String key; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java index b791c8e45..83e3c0657 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; import io.dongtai.log.DongTaiLog; @@ -44,6 +45,7 @@ public static void solveSyncInvoke(MethodEvent event, Object invocation, String event.setCallStacks(StackUtils.createCallStack(4)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } catch (NoSuchMethodException ignore) { } catch (Throwable e) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java index 7a377a8da..e163b66ea 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; import io.dongtai.log.DongTaiLog; @@ -51,6 +52,7 @@ public static void solveSyncInvoke(MethodEvent event, AtomicInteger invokeIdSequ event.setCallStacks(StackUtils.createCallStack(4)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } catch (NoSuchFieldException ignore) { } catch (NoSuchMethodException ignore) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java index 3104929a2..74d9301a0 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.SpyDispatcherImpl; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SinkNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges; @@ -12,6 +13,7 @@ import io.dongtai.iast.core.handler.hookpoint.vulscan.IVulScan; import io.dongtai.iast.core.handler.hookpoint.vulscan.VulnType; import io.dongtai.iast.core.handler.hookpoint.vulscan.dynamic.xxe.XXECheck; +import io.dongtai.iast.core.utils.PropertyUtils; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; @@ -109,6 +111,7 @@ public void scan(MethodEvent event, SinkNode sinkNode) { event.setCallStacks(stackTraceElements); int invokeId = SpyDispatcherImpl.INVOKE_ID_SEQUENCER.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SINK.getName()); event.setTaintPositions(sinkNode.getSources(), null); event.setStacks(stackTraceElements); @@ -175,9 +178,13 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) { if (tr == null || tr.isEmpty()) { continue; } + + boolean commonCondition = tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed); - if (tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed)) { - tagsHit = true; + if (PropertyUtils.isDisabledValidated()) { + tagsHit = commonCondition && !tr.hasValidatedTags(disallowed); + } else { + tagsHit = commonCondition; } } if (!tagsHit) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index 6ee3c2e7a..a258d0e06 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -223,4 +223,12 @@ public static Boolean isDisabledCustomModel() { } return isDisabledCustomModel; } + + public static Boolean isDisabledValidated() { + if (null == isDisabledCustomModel){ + List disabledFeatures = getDisabledFeatures(); + isDisabledCustomModel = disabledFeatures.contains("validated"); + } + return isDisabledCustomModel; + } } diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java index 8866b53cb..997374db4 100644 --- a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java +++ b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java @@ -187,6 +187,14 @@ public void leaveSink() { } + /** + * + */ + @Override + public boolean enterValidator() { + return false; + } + /** * Determines whether it is a layer 1 Sink entry * diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java index 1eb0746ae..b02fbe0ed 100644 --- a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java +++ b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java @@ -123,6 +123,8 @@ void collectDubboRequestSource(Object handler, Object invocation, String methodN */ void leaveSink(); + boolean enterValidator(); + /** * Determines whether it is a layer 1 Sink entry * From 710cfb52f39295832f27a7b8ff427cf3efdb8d85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 1 Aug 2023 10:47:55 +0800 Subject: [PATCH 05/14] feature: add validator handler. --- .../core/handler/hookpoint/controller/impl/ValidatorImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java index c1b045bc7..7b55a78a4 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -8,6 +8,7 @@ import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRange; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder; +import io.dongtai.iast.core.handler.hookpoint.models.taint.tag.TaintTag; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; @@ -57,7 +58,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode } if (null != len && null != hash){ - TaintRanges tr = new TaintRanges(new TaintRange("validated", 0, len)); + TaintRanges tr = new TaintRanges(new TaintRange(TaintTag.VALIDATED.getKey(), 0, len)); if (validatorNode.hasTags()) { String[] tags = validatorNode.getTags(); for (String tag : tags) { From 87a3cab9902a09f1d74451bd361b2579e526fd94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 1 Aug 2023 10:53:19 +0800 Subject: [PATCH 06/14] feature: add validator handler. --- .../handler/hookpoint/models/policy/PolicyNodeTypeTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java b/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java index fd9316783..b4c4e1a4b 100644 --- a/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java +++ b/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java @@ -14,7 +14,7 @@ public void testGet() { put(0, null); put(1, PolicyNodeType.PROPAGATOR); put(2, PolicyNodeType.SOURCE); - put(3, PolicyNodeType.FILTER); + put(3, PolicyNodeType.VALIDATOR); put(4, PolicyNodeType.SINK); put(5, null); }}; From 6f23a4443c3e04b42bc6df6da22102f0a59586fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 1 Aug 2023 11:21:22 +0800 Subject: [PATCH 07/14] feature: add validator handler. --- .../controller/impl/ValidatorImpl.java | 4 ++-- .../hookpoint/models/policy/PolicyBuilder.java | 3 +-- .../hookpoint/models/policy/ValidatorNode.java | 18 ------------------ 3 files changed, 3 insertions(+), 22 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java index 7b55a78a4..feb35f6a3 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -55,7 +55,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode hash = getStringHash(parameter); len = TaintRangesBuilder.getLength(parameter); } - } + } else return; if (null != len && null != hash){ TaintRanges tr = new TaintRanges(new TaintRange(TaintTag.VALIDATED.getKey(), 0, len)); @@ -72,7 +72,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode }else { taintRanges.addAll(tr); } - } + }else return; } event.source = false; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java index ac810cd1a..dec181946 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java @@ -144,7 +144,6 @@ public static void buildValidator(Policy policy, PolicyNodeType type, JSONObject setInheritable(node, validatorNode); List tags = parseTags(node, validatorNode); validatorNode.setTags(tags.get(0)); - validatorNode.setUntags(tags.get(1)); policy.addValidator(validatorNode); } @@ -273,7 +272,7 @@ private static List parseTags(JSONObject node, PolicyNode policyNode) } try { - if (node.has(KEY_TAGS)) { + if (node.has(KEY_UNTAGS)) { JSONArray uts = node.getJSONArray(KEY_UNTAGS); for (Object o : uts) { String ut = (String) o; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java index ee0629801..1527576a2 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java @@ -7,9 +7,7 @@ public class ValidatorNode extends PolicyNode { private Set sources; - private TaintCommandRunner commandRunner; private String[] tags; - private String[] untags; public ValidatorNode(Set sources, MethodMatcher methodMatcher) { super(methodMatcher); @@ -40,20 +38,4 @@ public boolean hasTags() { public void setTags(String[] tags) { this.tags = tags; } - - public String[] getUntags() { - return this.untags; - } - - public void setUntags(String[] untags) { - this.untags = untags; - } - - public TaintCommandRunner getCommandRunner() { - return this.commandRunner; - } - - public void setCommandRunner(TaintCommandRunner r) { - this.commandRunner = r; - } } From 131fefac3346c856a0b08646a4ef99f5aa85e195 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 7 Aug 2023 16:42:35 +0800 Subject: [PATCH 08/14] feature: add validator handler. --- .../java/io/dongtai/iast/common/config/ConfigBuilder.java | 3 +++ .../main/java/io/dongtai/iast/common/config/ConfigKey.java | 2 ++ .../handler/hookpoint/controller/impl/ValidatorImpl.java | 2 ++ .../vulscan/dynamic/DynamicPropagatorScanner.java | 2 +- .../java/io/dongtai/iast/core/utils/PropertyUtils.java | 7 ++++--- 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java index 39a3ff44a..73a81933d 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java @@ -24,6 +24,8 @@ private ConfigBuilder() { Config.create(ConfigKey.ENABLE_LOGGER)); this.configMap.put(ConfigKey.LOGGER_LEVEL, Config.create(ConfigKey.LOGGER_LEVEL)); + this.configMap.put(ConfigKey.VALIDATED_SINK, + Config.create(ConfigKey.VALIDATED_SINK).setDefaultValue(false)); } public static ConfigBuilder getInstance() { @@ -62,6 +64,7 @@ public void update(JSONObject config) { updateString(config, ConfigKey.JsonKey.JSON_VERSION_HEADER_KEY); updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_LOGGER); updateString(config, ConfigKey.JsonKey.JSON_LOGGER_LEVEL); + updateBool(config, ConfigKey.JsonKey.JSON_VALIDATED_SINK); updateRequestDenyList(config); } diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java index 809f98778..92ffa4626 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java @@ -8,6 +8,7 @@ public enum ConfigKey { VERSION_HEADER_KEY, ENABLE_LOGGER, LOGGER_LEVEL, + VALIDATED_SINK, ; public enum JsonKey { @@ -18,6 +19,7 @@ public enum JsonKey { JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY), JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER), JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL), + JSON_VALIDATED_SINK("report_validated_sink", LOGGER_LEVEL), ; private final String key; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java index feb35f6a3..d42d56ca6 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -42,6 +42,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode && TaintPoolUtils.poolContains(event.objectInstance, event)) { hash = getStringHash(event.objectInstance); len = TaintRangesBuilder.getLength(event.objectInstance); + event.setObjectValue(event.objectInstance, true); } } else if (position.isParameter()) { int parameterIndex = position.getParameterIndex(); @@ -54,6 +55,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode && TaintPoolUtils.poolContains(parameter, event)) { hash = getStringHash(parameter); len = TaintRangesBuilder.getLength(parameter); + event.addParameterValue(parameterIndex, parameter, true); } } else return; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java index 74d9301a0..a5d19e210 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java @@ -181,7 +181,7 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) { boolean commonCondition = tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed); - if (PropertyUtils.isDisabledValidated()) { + if (PropertyUtils.validatedSink()) { tagsHit = commonCondition && !tr.hasValidatedTags(disallowed); } else { tagsHit = commonCondition; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index a258d0e06..401aa3a6f 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -1,5 +1,7 @@ package io.dongtai.iast.core.utils; +import io.dongtai.iast.common.config.ConfigBuilder; +import io.dongtai.iast.common.config.ConfigKey; import io.dongtai.iast.common.constants.PropertyConstant; import io.dongtai.log.DongTaiLog; import io.dongtai.log.ErrorCode; @@ -224,10 +226,9 @@ public static Boolean isDisabledCustomModel() { return isDisabledCustomModel; } - public static Boolean isDisabledValidated() { + public static Boolean validatedSink() { if (null == isDisabledCustomModel){ - List disabledFeatures = getDisabledFeatures(); - isDisabledCustomModel = disabledFeatures.contains("validated"); + isDisabledCustomModel = ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK); } return isDisabledCustomModel; } From fb061cdad7da9329864b1225cbb5b13fbacc1cb9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 7 Aug 2023 18:50:28 +0800 Subject: [PATCH 09/14] feature: add validator handler. --- .../java/io/dongtai/iast/core/utils/PropertyUtils.java | 9 +++------ .../resources/com.secnium.iast.resources/blacklist.txt | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index 401aa3a6f..f2ca1ffea 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -210,7 +210,7 @@ public static List getDisabledPlugins() { } public static List getDisabledFeatures() { - if (null == disabledFeatureList){ + if (null == disabledFeatureList) { disabledFeatureList = Optional.ofNullable(System.getProperty("dongtai.disabled.features")) .map(s -> Arrays.asList(s.split(","))) .orElse(new ArrayList<>()); @@ -219,7 +219,7 @@ public static List getDisabledFeatures() { } public static Boolean isDisabledCustomModel() { - if (null == isDisabledCustomModel){ + if (null == isDisabledCustomModel) { List disabledFeatures = getDisabledFeatures(); isDisabledCustomModel = disabledFeatures.contains("custom-model-collection"); } @@ -227,9 +227,6 @@ public static Boolean isDisabledCustomModel() { } public static Boolean validatedSink() { - if (null == isDisabledCustomModel){ - isDisabledCustomModel = ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK); - } - return isDisabledCustomModel; + return ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK); } } diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index b00d6f18c..07a86e277 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -29979,7 +29979,7 @@ org/apache/catalina/connector/CoyoteAdapter$CatalinaAfterServiceListener org/apache/catalina/connector/CoyoteAdapter$RecycleRequiredException #org/apache/catalina/connector/CoyoteOutputStream #org/apache/catalina/connector/CoyoteInputStream -org/apache/catalina/connector/CoyoteReader +#org/apache/catalina/connector/CoyoteReader org/apache/catalina/connector/InputBuffer org/apache/catalina/connector/MapperListener #org/apache/catalina/connector/OutputBuffer From 6818bdd57f78ca28efcd4c3930a5ce905f5fc28d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 8 Aug 2023 12:13:20 +0800 Subject: [PATCH 10/14] feature: add validator handler. --- .../core/handler/hookpoint/controller/impl/ValidatorImpl.java | 1 + .../src/main/resources/com.secnium.iast.resources/blacklist.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java index d42d56ca6..1e76b0aad 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -79,6 +79,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode event.source = false; event.setCallStacks(StackUtils.createCallStack(4)); + event.setTaintPositions(validatorNode.getSources(), null); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index 07a86e277..54aaf120e 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -58862,7 +58862,7 @@ org/springframework/http/converter/feed/AbstractWireFeedHttpMessageConverter org/springframework/http/converter/feed/AtomFeedHttpMessageConverter org/springframework/http/converter/feed/RssChannelHttpMessageConverter org/springframework/http/converter/feed/package-info -org/springframework/http/converter/json/AbstractJackson2HttpMessageConverter +# org/springframework/http/converter/json/AbstractJackson2HttpMessageConverter org/springframework/http/converter/json/Jackson2ObjectMapperBuilder org/springframework/http/converter/json/MappingJackson2HttpMessageConverter org/springframework/http/converter/json/MappingJacksonHttpMessageConverter From 5d9bba649681cb9151420796fd521c9b076132d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 8 Aug 2023 14:16:24 +0800 Subject: [PATCH 11/14] fix: delete parameter dongtai.app.create. --- .../io/dongtai/iast/agent/IastProperties.java | 15 --------------- .../iast/agent/report/AgentRegisterReport.java | 1 - .../iast/common/constants/PropertyConstant.java | 1 - 3 files changed, 17 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java index d793dddb2..c1a423899 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java @@ -17,7 +17,6 @@ public class IastProperties { public final static Map ATTACH_ARG_MAP = new HashMap() {{ put("debug", PropertyConstant.PROPERTY_DEBUG); - put("app_create", PropertyConstant.PROPERTY_APP_CREATE); put("app_name", PropertyConstant.PROPERTY_APP_NAME); put("app_version", PropertyConstant.PROPERTY_APP_VERSION); put("app_template", PropertyConstant.PROPERTY_APP_TEMPLATE); @@ -129,20 +128,6 @@ public boolean isDebug() { return "true".equalsIgnoreCase(getDebugFlag()); } - public Integer isAutoCreateProject() { - if (null == isAutoCreateProject) { - String result = System.getProperty(PropertyConstant.PROPERTY_APP_CREATE, - System.getProperty("project.create", cfg.getProperty("project.create", "false")) - ); - if ("true".equalsIgnoreCase(result)) { - isAutoCreateProject = 1; - } else { - isAutoCreateProject = 0; - } - } - return isAutoCreateProject; - } - public String getProjectName() { if (null == projectName) { String[] names = new String[]{ diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java index 8b0a9170e..3a88b2776 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java @@ -65,7 +65,6 @@ private String generateAgentRegisterMsg() { object.put("serverPath", ServerDetect.getWebServerPath()); object.put("serverAddr", ""); object.put("serverPort", ""); - object.put("autoCreateProject", IastProperties.getInstance().isAutoCreateProject()); object.put("projectVersion", IastProperties.getInstance().getProjectVersion()); object.put("projectTemplateId", IastProperties.getInstance().getProjectTemplate()); diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java index b7e54b30a..0703c52e6 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java @@ -2,7 +2,6 @@ public class PropertyConstant { public static final String PROPERTY_DEBUG = "dongtai.debug"; - public static final String PROPERTY_APP_CREATE = "dongtai.app.create"; public static final String PROPERTY_APP_NAME = "dongtai.app.name"; public static final String PROPERTY_APP_VERSION = "dongtai.app.version"; public static final String PROPERTY_APP_TEMPLATE = "dongtai.app.template"; From 2b78daed98c6f5c67ab5db095ecfb2f9437ab327 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 8 Aug 2023 15:58:43 +0800 Subject: [PATCH 12/14] fix: validated sink. --- .../src/main/java/io/dongtai/iast/common/config/ConfigKey.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java index 92ffa4626..020261ef4 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java @@ -19,7 +19,7 @@ public enum JsonKey { JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY), JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER), JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL), - JSON_VALIDATED_SINK("report_validated_sink", LOGGER_LEVEL), + JSON_VALIDATED_SINK("report_validated_sink", VALIDATED_SINK), ; private final String key; From 85077fdfbf8d3016a301c8160cae7afe58eead03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 16 Aug 2023 14:55:09 +0800 Subject: [PATCH 13/14] fix: transform class rules. --- .../iast/core/bytecode/IastClassFileTransformer.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java index b1c655f02..25710a51c 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java @@ -120,12 +120,7 @@ public byte[] transform(final ClassLoader loader, final ProtectionDomain protectionDomain, final byte[] srcByteCodeArray) { String threadName = Thread.currentThread().getName(); - if (threadName.startsWith("DongTai-IAST-Core") - || threadName.startsWith("DongTai-IAST-AgentStateMonitor") - || threadName.startsWith("DongTai-IAST-ConfigMonitor") - || threadName.startsWith("DongTai-IAST-FallbackConfigMonitor") - || threadName.startsWith("DongTai-IAST-HearBeatMonitor") - || threadName.startsWith("DongTai-IAST-PerformanceMonitor")) { + if (threadName.startsWith("DongTai-IAST-Core")) { return null; } From 75dab62c018a98b64a2bfdc68de159bd704d5bab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 16 Aug 2023 16:12:11 +0800 Subject: [PATCH 14/14] Release v1.13.0. --- .../java/io/dongtai/iast/common/constants/AgentConstant.java | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java index 8c2c694ee..ce6a76eff 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java @@ -1,7 +1,7 @@ package io.dongtai.iast.common.constants; public class AgentConstant { - public static final String VERSION_VALUE = "v1.12.0"; + public static final String VERSION_VALUE = "v1.13.0"; public static final String LANGUAGE = "JAVA"; public static final String THREAD_NAME_PREFIX = "DongTai-IAST-"; public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-"; diff --git a/pom.xml b/pom.xml index d693d8d8e..19206e061 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 - 1.12.0 + 1.13.0 UTF-8 io.dongtai.iast.thirdparty