fix ssrf detection

agent/java/src/main/java/com/fuxi/javaagent/hook/ProcessBuilderHook.java

@@ -85,19 +85,22 @@ protected void onMethodEnter() {
      */
     public static void checkCommand(List<String> command) {
         if (command != null && !command.isEmpty()) {
+            Scriptable params = null;
             try {
                 JSContext cx = JSContextFactory.enterAndInitContext();
-                Scriptable params = cx.newObject(cx.getScope());
+                params = cx.newObject(cx.getScope());
                 Scriptable commandArray = cx.newArray(cx.getScope(), command.toArray());
                 params.put("command", params, commandArray);
                 List<String> stackInfo = StackTrace.getStackTraceArray(Config.REFLECTION_STACK_START_INDEX,
                         Config.getConfig().getPluginMaxStack());
                 Scriptable stackArray = cx.newArray(cx.getScope(), stackInfo.toArray());
                 params.put("stack", params, stackArray);
-                HookHandler.doCheck(CheckParameter.Type.COMMAND, params);
             } catch (Throwable t) {
                 HookHandler.LOGGER.warn(t.getMessage());
             }
+            if(params != null) {
+                HookHandler.doCheck(CheckParameter.Type.COMMAND, params);
+            }
         }
     }
 }

agent/java/src/main/java/com/fuxi/javaagent/hook/ssrf/CommonHttpClientHook.java

@@ -53,16 +53,20 @@ protected void onMethodEnter() {
     }
 
     public static void checkHttpConnection(Object httpMethod) {
+        String host = null;
+        Object uri = null;
         try {
             if (httpMethod != null) {
-                Object uri = Reflection.invokeMethod(httpMethod, "getURI", new Class[]{});
+                uri = Reflection.invokeMethod(httpMethod, "getURI", new Class[]{});
                 if (uri != null) {
-                    String host = Reflection.invokeStringMethod(uri, "getHost", new Class[]{});
-                    checkHttpUrl(uri.toString(), host,"commons_httpclient");
+                    host = Reflection.invokeStringMethod(uri, "getHost", new Class[]{});
                 }
             }
         } catch (Throwable t) {
             HookHandler.LOGGER.warn(t.getMessage());
         }
+        if (host != null) {
+            checkHttpUrl(uri.toString(), host, "commons_httpclient");
+        }
     }
 }

agent/java/src/main/java/com/fuxi/javaagent/hook/ssrf/HttpClientHook.java

@@ -62,6 +62,8 @@ public static void checkHttpUri(URI uri) {
         } catch (Throwable t) {
             HookHandler.LOGGER.warn(t.getMessage());
         }
-        checkHttpUrl(url, hostName,"httpclient");
+        if (hostName != null) {
+            checkHttpUrl(url, hostName, "httpclient");
+        }
     }
 }

agent/java/src/main/java/com/fuxi/javaagent/plugin/checker/local/SSRFChecker.java

@@ -39,7 +39,7 @@ public class SSRFChecker extends ConfigurableChecker {
     private static final String CONFIG_KEY_SSRF_OBFUSCATE = "ssrf_obfuscate";
     private static final String CONFIG_KEY_SSRF_INTRANET = "ssrf_intranet";
     private static final String[] INTRANET_DETECTION_SUFFIX = new String[]{".xip.io", ".burpcollaborator.net",
-            ".xip.name", ".requestb.in", ".nip.io", ".vcap.me"};
+            ".xip.name", ".nip.io", ".vcap.me"};
 
     @Override
     public List<EventInfo> checkParam(CheckParameter checkParameter) {
@@ -48,13 +48,17 @@ public List<EventInfo> checkParam(CheckParameter checkParameter) {
         JsonObject config = Config.getConfig().getAlgorithmConfig();
 
         if (!isModuleIgnore(config, CONFIG_KEY_SSRF_INTRANET)) {
+            boolean isFound = false;
             for (String suffix : INTRANET_DETECTION_SUFFIX) {
                 if (hostName.endsWith(suffix)) {
-                    result.add(AttackInfo.createLocalAttackInfo(checkParameter,
-                            getActionElement(config, CONFIG_KEY_SSRF_INTRANET), "访问已知的内网探测域名"));
+                    isFound = true;
                     break;
                 }
             }
+            if (isFound || hostName.equals("requestb.in")) {
+                result.add(AttackInfo.createLocalAttackInfo(checkParameter,
+                        getActionElement(config, CONFIG_KEY_SSRF_INTRANET), "访问已知的内网探测域名"));
+            }
         } else if (!isModuleIgnore(config, CONFIG_KEY_SSRF_AWS)
                 && hostName.equals("169.254.169.254")) {
             result.add(AttackInfo.createLocalAttackInfo(checkParameter,

agent/java/src/main/java/com/fuxi/javaagent/plugin/js/engine/JSContext.java

@@ -80,7 +80,7 @@ public boolean isTimeout() {
     public List<EventInfo> check(CheckParameter parameter) {
         LinkedList<EventInfo> checkResults = new LinkedList<EventInfo>();
         List<CheckProcess> processList = checkPointList.get(parameter.getType().ordinal());
-        if (processList.size() < 1) {
+        if (processList == null || processList.size() < 1) {
             return null;
         }
 
@@ -145,7 +145,7 @@ public List<EventInfo> check(CheckParameter parameter) {
             } else {
                 confidence = new Integer(0);
             }
-            checkResults.add(new AttackInfo(parameter,action, message, name, confidence));
+            checkResults.add(new AttackInfo(parameter, action, message, name, confidence));
         }
         return checkResults;
     }

agent/java/src/main/java/com/fuxi/javaagent/plugin/js/engine/JSContextFactory.java

@@ -150,6 +150,7 @@ public static JSContext enterAndInitContext() {
             for (int i = 0; i < CheckParameter.Type.values().length; i++) {
                 NativeArray functions = (NativeArray) checkPoints.get(CheckParameter.Type.values()[i].toString());
                 if (functions == null) {
+                    checkPointList.add(null);
                     continue;
                 }
                 List<CheckProcess> functionList = new ArrayList<CheckProcess>(functions.size());