From 3b805edad7fb2b0abb70cf5fd6ae2661436e56b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 6 Jun 2023 18:31:53 +0800 Subject: [PATCH 1/2] fix: add property "disabled_features". --- .../java/io/dongtai/iast/agent/Agent.java | 1 + .../io/dongtai/iast/agent/IastProperties.java | 1 + .../common/constants/PropertyConstant.java | 2 +- .../enhance/plugin/PluginRegister.java | 9 ++----- .../iast/core/utils/PropertyUtils.java | 27 ++++++++++++++++++- .../iast/core/utils/TaintPoolUtils.java | 2 +- 6 files changed, 32 insertions(+), 10 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java index d38df004a..121bb71ec 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java @@ -39,6 +39,7 @@ private static String[] parseAgentArgs(String[] args) throws ParseException { attachOptions.addOption(build("log_path", "log_path", "optional: DongTai agent log print path.")); attachOptions.addOption(build("log_disable_collector", "log_disable_collector", "optional: DongTai agent disable log collector.")); attachOptions.addOption(build("disabled_plugins", "disabled_plugins", "optional: DongTai agent disable plugins.")); + attachOptions.addOption(build("disabled_features", "disabled_features", "optional: DongTai agent disable features.")); CommandLineParser parser = new DefaultParser(); HelpFormatter formatter = new HelpFormatter(); diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java index 82e20d931..d793dddb2 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java @@ -34,6 +34,7 @@ public class IastProperties { put("log_disable_collector", PropertyConstant.PROPERTY_LOG_DISABLE_COLLECTOR); put("uuid_path", PropertyConstant.PROPERTY_UUID_PATH); put("disabled_plugins", PropertyConstant.PROPERTY_DISABLED_PLUGINS); + put("disabled_features", PropertyConstant.PROPERTY_DISABLED_FEATURES); }}; private static IastProperties instance; diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java index e6b936ff5..b7e54b30a 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java @@ -25,7 +25,6 @@ public class PropertyConstant { public static final String PROPERTY_JAR_API_URL = "iast.jar.api.url"; public static final String PROPERTY_LOG_ADDRESS = "dongtai.log.address"; public static final String PROPERTY_LOG_PORT = "dongtai.log.port"; - public static final String PROPERTY_FALLBACK_VERSION = "dongtai.fallback.version"; public static final String PROPERTY_DUMP_CLASS_PATH = "iast.dump.class.path"; public static final String PROPERTY_DUMP_CLASS_ENABLE = "iast.dump.class.enable"; public static final String PROPERTY_SERVICE_HEARTBEAT_INTERVAL = "iast.service.heartbeat.interval"; @@ -33,4 +32,5 @@ public class PropertyConstant { public static final String PROPERTY_POLICY_PATH = "dongtai.policy.path"; public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path"; public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins"; + public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled_features"; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java index 775fadc5a..ed7b2e786 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java @@ -12,6 +12,7 @@ import io.dongtai.iast.core.bytecode.enhance.plugin.spring.DispatchApiCollector; import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy; import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyManager; +import io.dongtai.iast.core.utils.PropertyUtils; import org.objectweb.asm.ClassVisitor; import java.util.*; @@ -28,7 +29,7 @@ public class PluginRegister { public PluginRegister() { this.plugins = new ArrayList<>(); - List disabledPlugins = getdisabledPlugins(); + List disabledPlugins = PropertyUtils.getDisabledPlugins(); List allPlugins = new ArrayList<>(Arrays.asList( new DispatchApiCollector(), new DispatchJ2ee(), @@ -43,12 +44,6 @@ public PluginRegister() { this.plugins.add(new DispatchClassPlugin()); } - private List getdisabledPlugins() { - return Optional.ofNullable(System.getProperty("dongtai.disabled.plugins")) - .map(s -> Arrays.asList(s.split(","))) - .orElse(null); - } - public ClassVisitor initial(ClassVisitor classVisitor, ClassContext context, PolicyManager policyManager) { Policy policy = policyManager.getPolicy(); if (policy == null) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index 4d2088c7e..6ee3c2e7a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -6,7 +6,7 @@ import java.io.File; import java.io.FileInputStream; -import java.util.Properties; +import java.util.*; /** * @author dongzhiyong@huoxian.cn @@ -28,6 +28,8 @@ public class PropertyUtils { private String debugFlag; private Integer responseLength; private String policyPath; + private static List disabledFeatureList; + private static Boolean isDisabledCustomModel; private final String propertiesFilePath; @@ -198,4 +200,27 @@ public String getPolicyPath() { } return this.policyPath; } + + public static List getDisabledPlugins() { + return Optional.ofNullable(System.getProperty("dongtai.disabled.plugins")) + .map(s -> Arrays.asList(s.split(","))) + .orElse(null); + } + + public static List getDisabledFeatures() { + if (null == disabledFeatureList){ + disabledFeatureList = Optional.ofNullable(System.getProperty("dongtai.disabled.features")) + .map(s -> Arrays.asList(s.split(","))) + .orElse(new ArrayList<>()); + } + return disabledFeatureList; + } + + public static Boolean isDisabledCustomModel() { + if (null == isDisabledCustomModel){ + List disabledFeatures = getDisabledFeatures(); + isDisabledCustomModel = disabledFeatures.contains("custom-model-collection"); + } + return isDisabledCustomModel; + } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 00fe94da3..029df4a04 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -195,7 +195,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object EngineManager.TAINT_HASH_CODES.add(hash); event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); - if (isMicroservice && !(obj instanceof String)) { + if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { try { Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); for (Field field : declaredFields) { From 1713cf4859a59a58e4eecde05a0f9bfa3958f12a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 7 Jun 2023 10:54:32 +0800 Subject: [PATCH 2/2] fix: custom model property. --- .../iast/core/utils/TaintPoolUtils.java | 38 ++++++++++--------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 029df4a04..465496eed 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -195,23 +195,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object EngineManager.TAINT_HASH_CODES.add(hash); event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); - if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { - try { - Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); - for (Field field : declaredFields) { - if (!Modifier.isStatic(field.getModifiers())) { - trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); - } - } - hash = System.identityHashCode(obj); - if (EngineManager.TAINT_HASH_CODES.contains(hash)) { - event.addSourceHash(hash); - } - } catch (Throwable e) { - DongTaiLog.debug("solve model failed: {}, {}", - e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); - } - } + TaintPoolUtils.customModel(isMicroservice,obj,cls,event,policyNode,depth); } else { hash = getStringHash(obj); if (EngineManager.TAINT_HASH_CODES.contains(hash)) { @@ -221,6 +205,26 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object } } + private static void customModel(Boolean isMicroservice, Object obj, Class cls, MethodEvent event,PolicyNode policyNode,int depth) { + if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { + try { + Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); + for (Field field : declaredFields) { + if (!Modifier.isStatic(field.getModifiers())) { + trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); + } + } + long hash = System.identityHashCode(obj); + if (EngineManager.TAINT_HASH_CODES.contains(hash)) { + event.addSourceHash(hash); + } + } catch (Throwable e) { + DongTaiLog.debug("solve model failed: {}, {}", + e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); + } + } + } + private static void trackArray(MethodEvent event, PolicyNode policyNode, Object arr, int depth, Boolean isMicroservice) { int length = Array.getLength(arr); for (int i = 0; i < length; i++) {