Merge branch 'master' of github.com:baidu/openrasp

.gitignore

@@ -4,3 +4,4 @@
 rasp-cloud.tar.gz
 rasp-java.tar.gz
 rasp-java.zip
+integration-test

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "openrasp-v8"]
+	path = openrasp-v8
+	url = https://github.com/baidu-security/openrasp-v8.git

.travis.yml

@@ -122,6 +122,18 @@ matrix:
     - env: OPENRASP_LANG=java SERVER=tomcat8-jdk11
       language: java
       jdk: oraclejdk11
+    - env: OPENRASP_LANG=java SERVER=jboss7
+      language: java
+      jdk: openjdk7
+    - env: OPENRASP_LANG=java SERVER=wildfly8
+      language: java
+      jdk: openjdk7
+    - env: OPENRASP_LANG=java SERVER=wildfly10
+      language: java
+      jdk: openjdk8
+    - env: OPENRASP_LANG=java SERVER=resin4
+      language: java
+      jdk: openjdk7
 before_script:
   - bash ./travis/$OPENRASP_LANG/before_script.sh
 script:

agent/java/boot/pom.xml

@@ -7,15 +7,15 @@
     <parent>
         <groupId>com.baidu.openrasp</groupId>
         <artifactId>openrasp</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0</version>
     </parent>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
     <artifactId>rasp-boot</artifactId>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
     <packaging>jar</packaging>
 
     <build>

agent/java/engine/lib/com/baidu/openrasp/v8/1.0-SNAPSHOT/v8-1.0-SNAPSHOT.pom

@@ -0,0 +1,18 @@
+<project>
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.baidu.openrasp</groupId>
+  <artifactId>v8</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.12</version>
+      <scope>test</scope>
+    </dependency>
+	</dependencies>
+  <properties>
+    <maven.compiler.source>1.6</maven.compiler.source>
+    <maven.compiler.target>1.6</maven.compiler.target>
+  </properties>
+</project>

agent/java/engine/pom.xml

@@ -7,15 +7,15 @@
     <parent>
         <groupId>com.baidu.openrasp</groupId>
         <artifactId>openrasp</artifactId>
-        <version>1.0.0</version>
+        <version>1.1.0</version>
     </parent>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
     <artifactId>rasp-engine</artifactId>
-    <version>1.0.0</version>
+    <version>1.1.0</version>
     <packaging>jar</packaging>
 
     <repositories>
@@ -47,11 +47,6 @@
             <artifactId>cmdparser</artifactId>
             <version>1.0</version>
         </dependency>
-        <dependency>
-            <groupId>com.baidu.openrasp</groupId>
-            <artifactId>rhino-shim</artifactId>
-            <version>1.0</version>
-        </dependency>
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
@@ -62,6 +57,16 @@
             <artifactId>commons-lang3</artifactId>
             <version>3.5</version>
         </dependency>
+        <dependency>
+            <groupId>com.baidu.openrasp</groupId>
+            <artifactId>v8</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>com.jsoniter</groupId>
+            <artifactId>jsoniter</artifactId>
+            <version>0.9.23</version>
+        </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
@@ -77,11 +82,6 @@
             <artifactId>log4j</artifactId>
             <version>1.2.17</version>
         </dependency>
-        <dependency>
-            <groupId>com.baidu.openrasp</groupId>
-            <artifactId>rhino</artifactId>
-            <version>1.0</version>
-        </dependency>
         <dependency>
             <groupId>org.javassist</groupId>
             <artifactId>javassist</artifactId>

agent/java/engine/src/main/java/com/baidu/openrasp/EngineBoot.java

@@ -16,10 +16,11 @@
 
 package com.baidu.openrasp;
 
+import com.baidu.openrasp.cloud.CloudManager;
 import com.baidu.openrasp.cloud.utils.CloudUtils;
 import com.baidu.openrasp.messaging.LogConfig;
 import com.baidu.openrasp.plugin.checker.CheckerManager;
-import com.baidu.openrasp.plugin.js.engine.JsPluginManager;
+import com.baidu.openrasp.plugin.js.JS;
 import com.baidu.openrasp.tool.model.BuildRASPModel;
 import com.baidu.openrasp.transformer.CustomClassTransformer;
 import org.apache.log4j.Logger;
@@ -57,7 +58,9 @@ public void start(String mode, Instrumentation inst) throws Exception {
         }
         readVersion();
         // 初始化插件系统
-        JsPluginManager.init();
+        if (!JS.Initialize()) {
+            return;
+        }
         CheckerManager.init();
         initTransformer(inst);
         String message = "OpenRASP Engine Initialized [" + projectVersion + " (build: GitCommit=" + gitCommit + " date="
@@ -68,10 +71,11 @@ public void start(String mode, Instrumentation inst) throws Exception {
 
     @Override
     public void release(String mode) {
+        CloudManager.stop();
         if (transformer != null) {
             transformer.release();
         }
-        JsPluginManager.release();
+        JS.Dispose();
         CheckerManager.release();
         String message = "OpenRASP Engine Released [" + projectVersion + " (build: GitCommit=" + gitCommit + " date="
                 + buildTime + ")]";

agent/java/engine/src/main/java/com/baidu/openrasp/HookHandler.java

@@ -21,10 +21,9 @@
 import com.baidu.openrasp.cloud.utils.CloudUtils;
 import com.baidu.openrasp.config.Config;
 import com.baidu.openrasp.exceptions.SecurityException;
-import com.baidu.openrasp.hook.XXEHook;
+import com.baidu.openrasp.hook.xxe.XXEHook;
 import com.baidu.openrasp.plugin.checker.CheckParameter;
 import com.baidu.openrasp.plugin.checker.CheckerManager;
-import com.baidu.openrasp.plugin.js.engine.JSContext;
 import com.baidu.openrasp.request.AbstractRequest;
 import com.baidu.openrasp.request.DubboRequest;
 import com.baidu.openrasp.request.HttpServletRequest;
@@ -178,7 +177,7 @@ public static void checkRequest(Object servlet, Object request, Object response)
             requestCache.set(requestContainer);
             responseCache.set(responseContainer);
             XXEHook.resetLocalExpandedSystemIds();
-            doCheck(CheckParameter.Type.REQUEST, JSContext.getUndefinedValue());
+            doCheck(CheckParameter.Type.REQUEST, new Object());
         }
     }
 
@@ -195,7 +194,7 @@ public static void checkDubboRequest(Object request) {
             DubboRequest requestContainer = new DubboRequest(request);
             requestCache.set(requestContainer);
             XXEHook.resetLocalExpandedSystemIds();
-            doCheck(CheckParameter.Type.DUBBOREQUEST, JSContext.getUndefinedValue());
+            doCheck(CheckParameter.Type.REQUEST, new Object());
         }
     }
 

agent/java/engine/src/main/java/com/baidu/openrasp/cloud/CloudManager.java

@@ -21,6 +21,8 @@
 import com.baidu.openrasp.detector.ServerDetector;
 import org.apache.log4j.Logger;
 
+import java.util.LinkedList;
+
 /**
  * @description: 初始化云控配置
  * @author: anyang
@@ -29,6 +31,8 @@
 public class CloudManager {
     public static final Logger LOGGER = Logger.getLogger(CloudManager.class.getPackage().getName() + ".log");
 
+    private static LinkedList<CloudTimerTask> tasks = new LinkedList<CloudTimerTask>();
+
     public static void init() {
         //注册成功之后初始化创建http appender
         DynamicConfigAppender.createRootHttpAppender();
@@ -37,8 +41,17 @@ public static void init() {
         DynamicConfigAppender.createHttpAppender(AppenderMappedLogger.HTTP_POLICY_ALARM.getLogger(),
                 AppenderMappedLogger.HTTP_POLICY_ALARM.getAppender());
         ServerDetector.checkServerPolicy();
-        new KeepAlive();
-        new StatisticsReport();
+        tasks.add(new KeepAlive());
+        tasks.add(new StatisticsReport());
+        for (CloudTimerTask task : tasks) {
+            task.start();
+        }
+    }
+
+    public static void stop() {
+        for (CloudTimerTask task : tasks) {
+            task.stop();
+        }
     }
 
 }

agent/java/engine/src/main/java/com/baidu/openrasp/cloud/CloudTimerTask.java

@@ -0,0 +1,46 @@
+package com.baidu.openrasp.cloud;
+
+/**
+ * Created by tyy on 19-5-17.
+ *
+ * 云控定时任务基类
+ */
+public abstract class CloudTimerTask implements Runnable {
+
+    private int sleepTime;
+
+    private boolean isAlive = true;
+
+    public CloudTimerTask(int sleepTime) {
+        this.sleepTime = sleepTime;
+    }
+
+    public void start() {
+        Thread taskThread = new Thread(this);
+        taskThread.setDaemon(true);
+        taskThread.start();
+    }
+
+    public void stop() {
+        this.isAlive = false;
+    }
+
+    public void run() {
+        while (isAlive) {
+            try {
+                execute();
+                Thread.sleep(sleepTime * 1000);
+            } catch (Throwable t) {
+                handleError(t);
+            }
+        }
+    }
+
+    abstract public void execute();
+
+    abstract public void handleError(Throwable t);
+
+    public void setAlive(boolean alive) {
+        isAlive = alive;
+    }
+}