Merge pull request #611 from bytedance/rasp-feat-asmhook-guoyj

Rasp feat asmhook guoyj
bytedance · May 16, 2024 · 2fad340 · 2fad340
2 parents 0ec77d5 + 9052f29
commit 2fad340
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 87 deletions.
diff --git a/rasp/jvm/JVMProbe/build.gradle b/rasp/jvm/JVMProbe/build.gradle
@@ -19,6 +19,8 @@ dependencies {
     implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: '2.14.0'
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.11'
     implementation group: 'com.lmax', name: 'disruptor', version: '3.4.4'
+    implementation 'com.google.code.gson:gson:2.8.9'
+    implementation 'com.esotericsoftware.yamlbeans:yamlbeans:1.14'
     api group: 'org.javassist', name: 'javassist', version: '3.29.0-GA'
 }
 
@@ -45,6 +47,8 @@ shadowJar {
     relocate 'org.apache.commons', 'rasp.org.apache.commons'
     relocate 'org.yaml.snakeyaml', 'rasp.org.yaml.snakeyaml'
     relocate 'com.lmax.disruptor', 'rasp.com.lmax.disruptor'
+    relocate 'com.google','rasp.com.google'
+    relocate 'com.esotericsoftware', 'rasp.com.esotericsoftware'
     relocate 'com.fasterxml.jackson', 'rasp.com.fasterxml.jackson'
     relocate 'javassist', 'rasp.javassist'
     relocate 'META-INF/native/libnetty', 'META-INF/native/librasp_netty'

diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java
@@ -4,8 +4,13 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
 import com.lmax.disruptor.EventHandler;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.io.StringReader;
+import com.esotericsoftware.yamlbeans.YamlReader;
 
 import com.lmax.disruptor.dsl.Disruptor;
+import com.lmax.disruptor.EventFactory;
 import com.lmax.disruptor.util.DaemonThreadFactory;
 import com.security.smith.asm.SmithClassVisitor;
 import com.security.smith.asm.SmithClassWriter;
@@ -175,18 +180,27 @@ public void init() {
         heartbeat = new Heartbeat();
 
         client = new Client(this);
+
+        disruptor = new Disruptor<>(new EventFactory<Trace>() {
+            @Override
+            public Trace newInstance() {
+                return new Trace();
+            }
+        }, TRACE_BUFFER_SIZE, DaemonThreadFactory.INSTANCE);
 
-        disruptor = new Disruptor<>(Trace::new, TRACE_BUFFER_SIZE, DaemonThreadFactory.INSTANCE);
         rulemgr = new Rule_Mgr();
         ruleconfig = new Rule_Config(rulemgr);
 
-        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
+        smithProxy = new SmithProbeProxy();
+
         InputStream inputStream = getResourceAsStream("class.yaml");
 
         if(inputStream != null) {
             SmithLogger.logger.info("find class.yaml");
             try {
-                for (SmithClass smithClass : objectMapper.readValue(inputStream, SmithClass[].class)) {
+                Reader xreader = new InputStreamReader(inputStream);
+                YamlReader yamlReader = new YamlReader(xreader);
+                for (SmithClass smithClass : yamlReader.read(SmithClass[].class)) {
                     smithClasses.put(smithClass.getName(), smithClass);
                 }
             } catch (IOException e) {
@@ -196,10 +210,7 @@ public void init() {
         else {
             SmithLogger.logger.info("not find class.yaml");
         }
-
-        //smithProxy = SmithProbeProxy.getInstance();
-        smithProxy = new SmithProbeProxy();
-
+
         SmithLogger.logger.info("probe init leave");
     }
 
@@ -286,7 +297,6 @@ public void uninit() {
 
         smithProxy.uninit();
         smithProxy = null;
-        //SmithProbeProxy.delInstance();
 
         disruptor.shutdown();
 
@@ -334,7 +344,6 @@ private void reloadClasses() {
 
     private void reloadClasses(Collection<String> classes) {
         Class<?>[] loadedClasses = inst.getAllLoadedClasses();
-        //Class<?>[] cls = Arrays.stream(loadedClasses).filter(c -> classes.contains(c.getName())).toArray(Class<?>[]::new);
 
         List<Class<?>> resultList = new ArrayList<>();
         for (Class<?> loadedClass : loadedClasses) {
@@ -596,7 +605,7 @@ public byte[] transform(ClassLoader loader, String className, Class<?> classBein
 
 
             classReader.accept(classVisitor, ClassReader.EXPAND_FRAMES);  
-
+ 
             return classWriter.toByteArray();
         } catch (Exception e) {
             SmithLogger.exception(e);
@@ -613,12 +622,12 @@ public void onConfig(String config) {
 
         smithClasses.clear();
 
-        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
-
         try {
-            for (SmithClass smithClass : objectMapper.readValue(config, SmithClass[].class))
+            YamlReader yamlReader = new YamlReader(new StringReader(config));
+            for (SmithClass smithClass : yamlReader.read(SmithClass[].class)) {
                 smithClasses.put(smithClass.getName(), smithClass);
-        } catch (JsonProcessingException e) {
+            }
+        } catch (IOException e) {
             SmithLogger.exception(e);
         }
 

diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java
@@ -20,8 +20,11 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
 
+import com.google.gson.Gson;
+
 interface EventHandler {
     void onReconnect();
     void onMessage(Message message);
@@ -145,18 +148,11 @@ public void onMessage(Message message) {
             case Operate.FILTER: {
                 SmithLogger.logger.info("filter: " + message.getData().toString());
 
-                ObjectMapper objectMapper = new ObjectMapper()
-                        .setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE)
-                        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-
                 try {
-                    messageHandler.onFilter(
-                            objectMapper.treeToValue(
-                                    message.getData(),
-                                    FilterConfig.class
-                            )
-                    );
-                } catch (JsonProcessingException e) {
+                    Gson gson = new Gson();
+                    FilterConfig config = gson.fromJson(message.getData().toString(), FilterConfig.class);
+                    messageHandler.onFilter(config);
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 
@@ -166,19 +162,11 @@ public void onMessage(Message message) {
             case Operate.BLOCK: {
                 SmithLogger.logger.info("block: " + message.getData().toString());
 
-                ObjectMapper objectMapper = new ObjectMapper()
-                        .setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE)
-                        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-
                 try {
-                    BlockConfig config =   objectMapper.treeToValue(
-                                    message.getData(),
-                                    BlockConfig.class
-                            );
+                    Gson gson = new Gson();
+                    BlockConfig config = gson.fromJson(message.getData().toString(), BlockConfig.class);
                     messageHandler.onBlock(config);
-
-                    config.removeAll();
-                } catch (JsonProcessingException e) {
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 
@@ -188,18 +176,11 @@ public void onMessage(Message message) {
             case Operate.LIMIT: {
                 SmithLogger.logger.info("limit: " + message.getData().toString());
 
-                ObjectMapper objectMapper = new ObjectMapper()
-                        .setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE)
-                        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-
                 try {
-                    messageHandler.onLimit(
-                            objectMapper.treeToValue(
-                                    message.getData(),
-                                    LimitConfig.class
-                            )
-                    );
-                } catch (JsonProcessingException e) {
+                    Gson gson = new Gson();
+                    LimitConfig config = gson.fromJson(message.getData().toString(), LimitConfig.class);
+                    messageHandler.onLimit(config);
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 
@@ -209,18 +190,11 @@ public void onMessage(Message message) {
             case Operate.PATCH: {
                 SmithLogger.logger.info("patch: " + message.getData().toString());
 
-                ObjectMapper objectMapper = new ObjectMapper()
-                        .setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE)
-                        .configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-
                 try {
-                    messageHandler.onPatch(
-                            objectMapper.treeToValue(
-                                    message.getData(),
-                                    PatchConfig.class
-                            )
-                    );
-                } catch (JsonProcessingException e) {
+                    Gson gson = new Gson();
+                    PatchConfig config = gson.fromJson(message.getData().toString(), PatchConfig.class);
+                    messageHandler.onPatch(config);
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 
@@ -229,13 +203,11 @@ public void onMessage(Message message) {
             case Operate.CLASSFILTERSTART: {
                  SmithLogger.logger.info("rule upload start: " + message.getData().toString());
 
-                 ObjectMapper objectMapper = new ObjectMapper();
-                objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES,false);
-
                 try {
-                    Rule_Version ruleVersion = objectMapper.readValue(message.getData().toString(), Rule_Version.class);
+                    Gson gson = new Gson();
+                    Rule_Version ruleVersion = gson.fromJson(message.getData().toString(), Rule_Version.class);
                     messageHandler.setRuleVersion(ruleVersion);
-                } catch (JsonProcessingException e) {
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 
@@ -244,13 +216,11 @@ public void onMessage(Message message) {
             case Operate.CLASSFILTER: {
                  SmithLogger.logger.info("rule upload: " + message.getData().toString());
 
-                ObjectMapper objectMapper = new ObjectMapper();
-                objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES,false);
-
                 try {
-                    Rule_Data ruleData = objectMapper.readValue(message.getData().toString(), Rule_Data.class);
+                    Gson gson = new Gson();
+                    Rule_Data ruleData = gson.fromJson(message.getData().toString(), Rule_Data.class);
                     messageHandler.OnAddRule(ruleData);
-                } catch (JsonProcessingException e) {
+                } catch (Exception e) {
                     SmithLogger.exception(e);
                 }
 

diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Rule_Config.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Rule_Config.java
@@ -9,10 +9,10 @@
 import java.util.concurrent.ExecutionException;
 
 public class Rule_Config {
-    private static ObjectMapper m_objectMapper = new ObjectMapper();
-    private static Rule_Json m_Rule_Json;
+    private ObjectMapper m_objectMapper = new ObjectMapper();
+    private Rule_Json m_Rule_Json;
 
-    private static Rule_Mgr  m_Rule_Mgr;
+    private Rule_Mgr  m_Rule_Mgr;
 
     public Rule_Config() {
         m_Rule_Json = null;
@@ -24,11 +24,11 @@ public Rule_Config(Rule_Mgr RuleMgr) {
         m_Rule_Mgr = RuleMgr;
     }
 
-    public static void setRuleMgr(Rule_Mgr RuleMgr) {
+    public void setRuleMgr(Rule_Mgr RuleMgr) {
         m_Rule_Mgr = RuleMgr;
     }
 
-    public static boolean setVersion(int rule_version) {
+    public boolean setVersion(int rule_version) {
         if(m_Rule_Mgr == null) {
             return false;
         }
@@ -39,7 +39,7 @@ public static boolean setVersion(int rule_version) {
         return true;
     }
 
-    public static void destry() {
+    public void destry() {
         try {
             m_Rule_Json = null;
             m_objectMapper = null;
@@ -49,7 +49,7 @@ public static void destry() {
         }
     }
 
-    public static void printRule(Rule_Scanner RuleScanner) {
+    public void printRule(Rule_Scanner RuleScanner) {
         System.out.println("Add RuleItem:" + RuleScanner);
         System.out.println("ruleId:" + RuleScanner.m_ruleId);
         System.out.println("virusName:" + RuleScanner.m_virusName);
@@ -60,7 +60,7 @@ public static void printRule(Rule_Scanner RuleScanner) {
         System.out.println("parentClassName:" + RuleScanner.m_parentClassName);
     }
 
-    public static boolean addRuleData(Rule_Data ruleData) {
+    public boolean addRuleData(Rule_Data ruleData) {
         boolean bresult = false;
 
         if(m_Rule_Mgr == null) {
@@ -95,7 +95,7 @@ public static boolean addRuleData(Rule_Data ruleData) {
         return bresult;
     }
 
-    public static boolean setRuleConfig(String JsonRule) {
+    public boolean setRuleConfig(String JsonRule) {
         boolean bresult = false;
 
         if(m_Rule_Mgr == null) {

diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Rule_Mgr.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Rule_Mgr.java
@@ -8,19 +8,19 @@
 import java.util.concurrent.locks.ReentrantReadWriteLock;
 
 public class Rule_Mgr {
-    private static int m_rule_version;
-    private static ArrayList<Rule_Scanner>     m_ruleList = new ArrayList<Rule_Scanner>();
-    private static ReadWriteLock m_ruleLock = new ReentrantReadWriteLock();
+    private int m_rule_version;
+    private ArrayList<Rule_Scanner>     m_ruleList = new ArrayList<Rule_Scanner>();
+    private ReadWriteLock m_ruleLock = new ReentrantReadWriteLock();
 
-    public static void setVersion(int rule_version) {
+    public void setVersion(int rule_version) {
         m_rule_version = rule_version;
     }
 
-    public static int getVersion() {
+    public int getVersion() {
         return m_rule_version;
     }
 
-    public static boolean addRule(
+    public boolean addRule(
             Rule_Scanner rule) {
         boolean bresult = false;
 
@@ -42,11 +42,11 @@ public static boolean addRule(
         return bresult;
     }
 
-    public static void delRule_all() {
+    public void delRule_all() {
         try {
             m_ruleLock.writeLock().lock();
             try {
-                
+
                 m_ruleList.clear();
             }
             catch(Exception e) {
@@ -58,15 +58,15 @@ public static void delRule_all() {
         }
     }
 
-    public static void destry() {
+    public void destry() {
         delRule_all();
 
         m_ruleList = null;
 
         m_ruleLock = null;
     }
 
-    public static long matchRule(ClassFilter Data) {
+    public long matchRule(ClassFilter Data) {
         long rule_id = -1;
 
         try {