diff --git a/.github/workflows/code-check.yml b/.github/workflows/code-check.yml index 53d3c644a..b9e82cff3 100644 --- a/.github/workflows/code-check.yml +++ b/.github/workflows/code-check.yml @@ -157,24 +157,18 @@ jobs: ossutil cp -rf dongtai-agent/src/main/resources/bin/agent_latest.tar.gz oss://dongtai-helm-charts/agent_${{ steps.version.outputs.GITHUB_REF }}/java/latest/ --meta x-oss-object-acl:public-read fi - - name: Set the value - id: release - run: | - if [ ${{ steps.version.outputs.GITHUB_REF }} = develop ] ; then echo "helm_ns=test" >> $GITHUB_ENV; echo "helm_mysql=test" >> $GITHUB_ENV - elif [ ${{ steps.version.outputs.GITHUB_REF }} = beta ] ; then echo "helm_ns=beta" >> $GITHUB_ENV; echo "helm_mysql=beta" >> $GITHUB_ENV - else echo "helm_ns=main" >> $GITHUB_ENV ; echo "helm_mysql=temp" >> $GITHUB_ENV ;fi + - name: deploy to cluster A + uses: tscuite/kubectl-helm-action@main + env: + MAX: false + PROJECT: agent + TOKEN_SCA: ${{ secrets.TOKEN_SCA }} + KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} - - name: deploy to cluster - uses: wahyd4/kubectl-helm-action@master + - name: deploy to cluster B + uses: tscuite/kubectl-helm-action@main env: + MAX: true + PROJECT: agent + TOKEN_SCA: ${{ secrets.MAX_TOKEN_SCA }} KUBE_CONFIG_DATA: ${{ secrets.KUBE_CONFIG_TEST_DATA }} - with: - args: | - git clone https://github.com/HXSecurity/DongTai.git - helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }} ./DongTai/deploy/kubernetes/helm/ \ - --set sca.sca_token=${{ secrets.TOKEN_SCA }} --set usb.usb_token=${{ secrets.TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}.huoxian.cn \ - --set tag=${{ steps.version.outputs.GITHUB_REF }}-latest --set build.agent_number=iast${{github.run_number}} --set develop.agentZip=${{ env.helm_ns }} --values https://charts.dongtai.io/devops.yaml - helm upgrade --install huoxian --create-namespace -n iast-${{ env.helm_ns }}-max ./DongTai/deploy/kubernetes/helm/ \ - --set max=true --set sca.sca_token=${{ secrets.MAX_TOKEN_SCA }} --set usb.usb_token=${{ secrets.MAX_TOKEN_SCA }} --set mysql.host=iast-mysql-${{ env.helm_mysql }}-max.huoxian.cn \ - --set tag=max-${{ steps.version.outputs.GITHUB_REF }}-latest --set develop.agentZip=${{ env.helm_ns }} \ - --set build.agent_number=iast${{github.run_number}} --values https://charts.dongtai.io/devops.yaml diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java index d793dddb2..c1a423899 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java @@ -17,7 +17,6 @@ public class IastProperties { public final static Map ATTACH_ARG_MAP = new HashMap() {{ put("debug", PropertyConstant.PROPERTY_DEBUG); - put("app_create", PropertyConstant.PROPERTY_APP_CREATE); put("app_name", PropertyConstant.PROPERTY_APP_NAME); put("app_version", PropertyConstant.PROPERTY_APP_VERSION); put("app_template", PropertyConstant.PROPERTY_APP_TEMPLATE); @@ -129,20 +128,6 @@ public boolean isDebug() { return "true".equalsIgnoreCase(getDebugFlag()); } - public Integer isAutoCreateProject() { - if (null == isAutoCreateProject) { - String result = System.getProperty(PropertyConstant.PROPERTY_APP_CREATE, - System.getProperty("project.create", cfg.getProperty("project.create", "false")) - ); - if ("true".equalsIgnoreCase(result)) { - isAutoCreateProject = 1; - } else { - isAutoCreateProject = 0; - } - } - return isAutoCreateProject; - } - public String getProjectName() { if (null == projectName) { String[] names = new String[]{ diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java index 8b0a9170e..3a88b2776 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java @@ -65,7 +65,6 @@ private String generateAgentRegisterMsg() { object.put("serverPath", ServerDetect.getWebServerPath()); object.put("serverAddr", ""); object.put("serverPort", ""); - object.put("autoCreateProject", IastProperties.getInstance().isAutoCreateProject()); object.put("projectVersion", IastProperties.getInstance().getProjectVersion()); object.put("projectTemplateId", IastProperties.getInstance().getProjectTemplate()); diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java index 39a3ff44a..73a81933d 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java @@ -24,6 +24,8 @@ private ConfigBuilder() { Config.create(ConfigKey.ENABLE_LOGGER)); this.configMap.put(ConfigKey.LOGGER_LEVEL, Config.create(ConfigKey.LOGGER_LEVEL)); + this.configMap.put(ConfigKey.VALIDATED_SINK, + Config.create(ConfigKey.VALIDATED_SINK).setDefaultValue(false)); } public static ConfigBuilder getInstance() { @@ -62,6 +64,7 @@ public void update(JSONObject config) { updateString(config, ConfigKey.JsonKey.JSON_VERSION_HEADER_KEY); updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_LOGGER); updateString(config, ConfigKey.JsonKey.JSON_LOGGER_LEVEL); + updateBool(config, ConfigKey.JsonKey.JSON_VALIDATED_SINK); updateRequestDenyList(config); } diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java index 809f98778..020261ef4 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java @@ -8,6 +8,7 @@ public enum ConfigKey { VERSION_HEADER_KEY, ENABLE_LOGGER, LOGGER_LEVEL, + VALIDATED_SINK, ; public enum JsonKey { @@ -18,6 +19,7 @@ public enum JsonKey { JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY), JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER), JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL), + JSON_VALIDATED_SINK("report_validated_sink", VALIDATED_SINK), ; private final String key; diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java index 8c2c694ee..ce6a76eff 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java @@ -1,7 +1,7 @@ package io.dongtai.iast.common.constants; public class AgentConstant { - public static final String VERSION_VALUE = "v1.12.0"; + public static final String VERSION_VALUE = "v1.13.0"; public static final String LANGUAGE = "JAVA"; public static final String THREAD_NAME_PREFIX = "DongTai-IAST-"; public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-"; diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java index b7e54b30a..281319bed 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java @@ -2,7 +2,6 @@ public class PropertyConstant { public static final String PROPERTY_DEBUG = "dongtai.debug"; - public static final String PROPERTY_APP_CREATE = "dongtai.app.create"; public static final String PROPERTY_APP_NAME = "dongtai.app.name"; public static final String PROPERTY_APP_VERSION = "dongtai.app.version"; public static final String PROPERTY_APP_TEMPLATE = "dongtai.app.template"; @@ -32,5 +31,5 @@ public class PropertyConstant { public static final String PROPERTY_POLICY_PATH = "dongtai.policy.path"; public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path"; public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins"; - public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled_features"; + public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled.features"; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java index 4c647cad4..25710a51c 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java @@ -62,6 +62,13 @@ public static IastClassFileTransformer getInstance(Instrumentation inst, PolicyM return INSTANCE; } + public static IastClassFileTransformer getInstance() { + if (null != INSTANCE) { + return INSTANCE; + } + return null; + } + IastClassFileTransformer(Instrumentation inst, PolicyManager policyManager) { this.inst = inst; this.isDumpClass = EngineManager.getInstance().isEnableDumpClass(); @@ -112,29 +119,34 @@ public byte[] transform(final ClassLoader loader, final Class classBeingRedefined, final ProtectionDomain protectionDomain, final byte[] srcByteCodeArray) { + String threadName = Thread.currentThread().getName(); + if (threadName.startsWith("DongTai-IAST-Core")) { + return null; + } + + if (internalClassName == null + || internalClassName.startsWith("io/dongtai/") + || internalClassName.startsWith("com/secnium/iast/") + || internalClassName.startsWith("java/lang/iast/") + || internalClassName.startsWith("cn/huoxian/iast/") + || internalClassName.startsWith("META-INF/") + || "module-info".equals(internalClassName)) { + return null; + } + + if (null != loader && loader.toString().toLowerCase().contains("rasp")) { + return null; + } + try { ScopeManager.SCOPE_TRACKER.getPolicyScope().enterAgent(); - if (internalClassName == null - || internalClassName.startsWith("io/dongtai/") - || internalClassName.startsWith("com/secnium/iast/") - || internalClassName.startsWith("java/lang/iast/") - || internalClassName.startsWith("cn/huoxian/iast/") - || internalClassName.startsWith("META-INF/") - || "module-info".equals(internalClassName)) { - return null; - } - if (" com/alibaba/fastjson/JSON".substring(1).equals(internalClassName)) { FastjsonCheck.setJsonClassLoader(loader); } else if (" com/alibaba/fastjson/parser/ParserConfig".substring(1).equals(internalClassName)) { FastjsonCheck.setParseConfigClassLoader(loader); } - if (null != loader && loader.toString().toLowerCase().contains("rasp")) { - return null; - } - if (loader != null && protectionDomain != null) { final CodeSource codeSource = protectionDomain.getCodeSource(); if (codeSource == null) { @@ -156,7 +168,6 @@ public byte[] transform(final ClassLoader loader, ClassContext classContext = new ClassContext(cr, loader); if (Modifier.isInterface(classContext.getModifier())) { - sourceCodeBak = null; return null; } final String className = classContext.getClassName(); @@ -186,11 +197,9 @@ public byte[] transform(final ClassLoader loader, return dumpClassIfNecessary(cr.getClassName(), cw.toByteArray(), srcByteCodeArray); } } - sourceCodeBak = null; } catch (Throwable throwable) { DongTaiLog.warn(ErrorCode.get("TRANSFORM_CLASS_FAILED"), internalClassName, throwable); } finally { - classDiagram.setLoader(null); ScopeManager.SCOPE_TRACKER.getPolicyScope().leaveAgent(); } @@ -347,5 +356,9 @@ public void reTransform() { public static HashMap getTransformMap() { return transformMap; } + + public IastClassDiagram getClassDiagram() { + return classDiagram; + } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java index 140c3541c..70893d37c 100755 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java @@ -219,6 +219,12 @@ static Method getAsmMethod(final Class clazz, SpyDispatcher.class, "isFirstLevelSink" ); + + Method SPY$enterValidator = InnerHelper.getAsmMethod( + SpyDispatcher.class, + "enterValidator" + ); + Method SPY$enterIgnoreInternal = InnerHelper.getAsmMethod( SpyDispatcher.class, "enterIgnoreInternal" diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java index 184573b53..dd8794487 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java @@ -54,6 +54,7 @@ public class ClassVisit extends AbstractClassVisitor { new SourceAdapter(), new PropagatorAdapter(), new SinkAdapter(), + new ValidatorAdapter(), }; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java new file mode 100644 index 000000000..991028a88 --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/ValidatorAdapter.java @@ -0,0 +1,54 @@ +package io.dongtai.iast.core.bytecode.enhance.plugin.core.adapter; + +import io.dongtai.iast.core.bytecode.enhance.MethodContext; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNode; +import io.dongtai.iast.core.handler.hookpoint.models.policy.ValidatorNode; +import org.objectweb.asm.Label; +import org.objectweb.asm.MethodVisitor; +import org.objectweb.asm.Opcodes; + +import java.util.Set; + +public class ValidatorAdapter extends MethodAdapter { + /** + * @param adapter + * @param mv + * @param context + * @param policyNodes + */ + @Override + public void onMethodEnter(MethodAdviceAdapter adapter, MethodVisitor mv, MethodContext context, Set policyNodes) { + } + + /** + * @param adapter + * @param mv + * @param opcode + * @param context + * @param policyNodes + */ + @Override + public void onMethodExit(MethodAdviceAdapter adapter, MethodVisitor mv, int opcode, MethodContext context, Set policyNodes) { + for (PolicyNode policyNode : policyNodes) { + if (!(policyNode instanceof ValidatorNode)) { + continue; + } + + Label elseLabel = new Label(); + Label endLabel = new Label(); + + isEnterScope(adapter); + mv.visitJumpInsn(Opcodes.IFEQ, elseLabel); + + adapter.trackMethod(opcode, policyNode, true); + + adapter.mark(elseLabel); + adapter.mark(endLabel); + } + } + + private void isEnterScope(MethodAdviceAdapter adapter) { + adapter.invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher); + adapter.invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$enterValidator); + } +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java index 081c97336..40877056a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java @@ -394,7 +394,8 @@ public void collectDubboResponse(Object result, byte status) { } if (!ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_REQUEST).isFirst() - || !ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).in()) { + || !ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).in() + || ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_REQUEST).in()) { return; } @@ -558,6 +559,17 @@ public void leaveSink() { } } + /** + * mark for enter validator entry point + */ + @Override + public boolean enterValidator() { + if (!EngineManager.isEngineRunning()) { + return false; + } + return !ScopeManager.SCOPE_TRACKER.inAgent() && ScopeManager.SCOPE_TRACKER.inEnterEntry(); + } + /** * Determines whether it is a layer 1 Sink entry * @@ -674,6 +686,9 @@ public boolean collectMethod(Object instance, Object[] parameters, Object retObj } else if ((policyNode instanceof SinkNode)) { SinkImpl.solveSink(event, (SinkNode) policyNode); return true; + } else if ((policyNode instanceof ValidatorNode)) { + ValidatorImpl.solveValidator(event,(ValidatorNode)policyNode, INVOKE_ID_SEQUENCER); + return true; } return false; @@ -731,7 +746,7 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation, @Override public boolean isSkipCollectDubbo(Object invocation) { if (BlackUrlBypass.isBlackUrl()) { - Method setAttachmentMethod = null; + Method setAttachmentMethod; try { setAttachmentMethod = invocation.getClass().getMethod("setAttachment", String.class, String.class); setAttachmentMethod.setAccessible(true); @@ -746,7 +761,7 @@ public boolean isSkipCollectDubbo(Object invocation) { @Override public boolean isSkipCollectFeign(Object instance) { if (BlackUrlBypass.isBlackUrl()) { - Field metadataField = null; + Field metadataField; try { metadataField = instance.getClass().getDeclaredField("metadata"); metadataField.setAccessible(true); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java index b6b6496c7..8c512c239 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java @@ -8,6 +8,7 @@ import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.IastClassLoader; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRange; @@ -178,6 +179,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation, int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SOURCE.getName()); event.source = true; event.setCallStacks(StackUtils.createCallStack(4)); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java index 33168fe7c..0abf9e8c5 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java @@ -2,6 +2,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.PropagatorNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.*; @@ -63,6 +64,7 @@ private static void addPropagator(PropagatorNode propagatorNode, MethodEvent eve event.setCallStacks(StackUtils.createCallStack(6)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java index 60a169aaf..837298265 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java @@ -2,6 +2,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder; @@ -37,6 +38,7 @@ public static void solveSource(MethodEvent event, SourceNode sourceNode, AtomicI int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SOURCE.getName()); boolean valid = trackTarget(event, sourceNode); if (!valid) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java new file mode 100644 index 000000000..1e76b0aad --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java @@ -0,0 +1,90 @@ +package io.dongtai.iast.core.handler.hookpoint.controller.impl; + +import io.dongtai.iast.core.EngineManager; +import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; +import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; +import io.dongtai.iast.core.handler.hookpoint.models.policy.ValidatorNode; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRange; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges; +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRangesBuilder; +import io.dongtai.iast.core.handler.hookpoint.models.taint.tag.TaintTag; +import io.dongtai.iast.core.utils.StackUtils; +import io.dongtai.iast.core.utils.TaintPoolUtils; + +import java.util.Set; +import java.util.concurrent.atomic.AtomicInteger; + +import static io.dongtai.iast.core.utils.TaintPoolUtils.getStringHash; + +public class ValidatorImpl { + + /** + * 处理 Validator 点的事件 + * + * @param event Validator 点事件 + */ + public static void solveValidator(MethodEvent event, ValidatorNode validatorNode, AtomicInteger invokeIdSequencer) { + if (EngineManager.TAINT_HASH_CODES.isEmpty()) { + return; + } + Set sources = validatorNode.getSources(); + if (sources.isEmpty()) { + return; + } + + for (TaintPosition position : sources) { + Long hash = null; + Integer len = null; + if (position.isObject()) { + if (TaintPoolUtils.isNotEmpty(event.objectInstance) + && TaintPoolUtils.isAllowTaintType(event.objectInstance) + && TaintPoolUtils.poolContains(event.objectInstance, event)) { + hash = getStringHash(event.objectInstance); + len = TaintRangesBuilder.getLength(event.objectInstance); + event.setObjectValue(event.objectInstance, true); + } + } else if (position.isParameter()) { + int parameterIndex = position.getParameterIndex(); + if (parameterIndex >= event.parameterInstances.length) { + continue; + } + Object parameter = event.parameterInstances[parameterIndex]; + if (TaintPoolUtils.isNotEmpty(parameter) + && TaintPoolUtils.isAllowTaintType(parameter) + && TaintPoolUtils.poolContains(parameter, event)) { + hash = getStringHash(parameter); + len = TaintRangesBuilder.getLength(parameter); + event.addParameterValue(parameterIndex, parameter, true); + } + } else return; + + if (null != len && null != hash){ + TaintRanges tr = new TaintRanges(new TaintRange(TaintTag.VALIDATED.getKey(), 0, len)); + if (validatorNode.hasTags()) { + String[] tags = validatorNode.getTags(); + for (String tag : tags) { + tr.add(new TaintRange(tag, 0, len)); + } + } + event.sourceRanges.add(new MethodEvent.MethodEventTargetRange(hash, tr)); + TaintRanges taintRanges = EngineManager.TAINT_RANGES_POOL.get().get(hash); + if (null == taintRanges){ + EngineManager.TAINT_RANGES_POOL.add(hash, tr); + }else { + taintRanges.addAll(tr); + } + }else return; + } + + event.source = false; + event.setCallStacks(StackUtils.createCallStack(4)); + event.setTaintPositions(validatorNode.getSources(), null); + + int invokeId = invokeIdSequencer.getAndIncrement(); + event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.VALIDATOR.getName()); + EngineManager.TRACK_MAP.addTrackMethod(invokeId, event); + } + +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java index 7d64f461c..391d74b15 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java @@ -110,6 +110,7 @@ public static JSONObject toJson(MethodEvent event) { List targetPositions = new ArrayList(); value.put("invokeId", event.getInvokeId()); + value.put("policyType", event.getPolicyType()); value.put("source", event.isSource()); value.put("originClassName", event.getOriginClassName()); value.put("className", event.getMatchedClassName()); @@ -167,6 +168,14 @@ public static JSONObject toJson(MethodEvent event) { } } + if (event.sourceRanges.size() > 0) { + JSONArray tr = new JSONArray(); + value.put("sourceRange", tr); + for (MethodEvent.MethodEventTargetRange range : event.sourceRanges) { + tr.add(range.toJson()); + } + } + if (event.sourceTypes != null && event.sourceTypes.size() > 0) { JSONArray st = new JSONArray(); value.put("sourceType", st); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java index 7a3eb43e0..eb8009aab 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java @@ -24,6 +24,11 @@ public class MethodEvent { */ private int invokeId; + /** + * policy type + */ + private String policyType; + /** * is source policy node */ @@ -88,6 +93,8 @@ public class MethodEvent { public List targetRanges = new ArrayList(); + public List sourceRanges = new ArrayList(); + public List sourceTypes; private StackTraceElement callStack; @@ -172,6 +179,14 @@ public void setInvokeId(int invokeId) { this.invokeId = invokeId; } + public String getPolicyType() { + return policyType; + } + + public void setPolicyType(String policyType) { + this.policyType = policyType; + } + public boolean isSource() { return source; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java index a6a753d0e..ffadfc5fa 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java @@ -8,6 +8,7 @@ public class Policy { private final List sources = new ArrayList(); private final List propagators = new ArrayList(); private final List sinks = new ArrayList(); + private final List validators = new ArrayList(); private final Map policyNodesMap = new HashMap(); private final Set classHooks = new HashSet(); private final Set ancestorClassHooks = new HashSet(); @@ -43,6 +44,11 @@ public void addSink(SinkNode sink) { addPolicyNode(sink); } + public void addValidator(ValidatorNode validator) { + this.validators.add(validator); + addPolicyNode(validator); + } + public PolicyNode getPolicyNode(String policyKey) { return this.policyNodesMap.get(policyKey); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java index 6d0f1f7df..dec181946 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilder.java @@ -71,6 +71,7 @@ public static Policy build(JSONArray policyConfig) throws PolicyException { buildSource(policy, nodeType, node); buildPropagator(policy, nodeType, node); buildSink(policy, nodeType, node); + buildValidator(policy, nodeType, node); } catch (PolicyException e) { DongTaiLog.warn(ErrorCode.get("POLICY_CONFIG_INVALID"), e); } @@ -132,6 +133,20 @@ public static void buildSink(Policy policy, PolicyNodeType type, JSONObject node policy.addSink(sinkNode); } + public static void buildValidator(Policy policy, PolicyNodeType type, JSONObject node) throws PolicyException { + if (!PolicyNodeType.VALIDATOR.equals(type)) { + return; + } + + Set sources = parseSource(node, type); + MethodMatcher methodMatcher = buildMethodMatcher(node); + ValidatorNode validatorNode = new ValidatorNode(sources, methodMatcher); + setInheritable(node, validatorNode); + List tags = parseTags(node, validatorNode); + validatorNode.setTags(tags.get(0)); + policy.addValidator(validatorNode); + } + private static PolicyNodeType parseNodeType(JSONObject node) throws PolicyException { try { int type = node.getInt(KEY_TYPE); @@ -149,11 +164,11 @@ private static Set parseSource(JSONObject node, PolicyNodeType ty try { return TaintPosition.parse(node.getString(KEY_SOURCE)); } catch (JSONException e) { - if (!PolicyNodeType.SOURCE.equals(type) && !PolicyNodeType.FILTER.equals(type)) { + if (!PolicyNodeType.SOURCE.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_SOURCE_INVALID + ": " + node.toString(), e); } } catch (TaintPositionException e) { - if (!PolicyNodeType.SOURCE.equals(type) && !PolicyNodeType.FILTER.equals(type)) { + if (!PolicyNodeType.SOURCE.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_SOURCE_INVALID + ": " + node.toString(), e); } } @@ -164,15 +179,10 @@ private static Set parseTarget(JSONObject node, PolicyNodeType ty try { return TaintPosition.parse(node.getString(KEY_TARGET)); } catch (JSONException e) { - if (!PolicyNodeType.FILTER.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_TARGET_INVALID + ": " + node.toString(), e); - } } catch (TaintPositionException e) { - if (!PolicyNodeType.FILTER.equals(type)) { throw new PolicyException(PolicyException.ERR_POLICY_NODE_TARGET_INVALID + ": " + node.toString(), e); - } } - return new HashSet(); } private static void setInheritable(JSONObject node, PolicyNode policyNode) throws PolicyException { @@ -262,7 +272,7 @@ private static List parseTags(JSONObject node, PolicyNode policyNode) } try { - if (node.has(KEY_TAGS)) { + if (node.has(KEY_UNTAGS)) { JSONArray uts = node.getJSONArray(KEY_UNTAGS); for (Object o : uts) { String ut = (String) o; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java index 41f23c503..f6aee387c 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeType.java @@ -3,7 +3,7 @@ public enum PolicyNodeType { SOURCE(2, "source"), PROPAGATOR(1, "propagator"), - FILTER(3, "filter"), + VALIDATOR(3, "validator"), SINK(4, "sink"), ; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java new file mode 100644 index 000000000..1527576a2 --- /dev/null +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/ValidatorNode.java @@ -0,0 +1,41 @@ +package io.dongtai.iast.core.handler.hookpoint.models.policy; + +import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintCommandRunner; + +import java.util.Set; + +public class ValidatorNode extends PolicyNode { + + private Set sources; + private String[] tags; + + public ValidatorNode(Set sources, MethodMatcher methodMatcher) { + super(methodMatcher); + this.sources = sources; + } + + @Override + public PolicyNodeType getType() { + return PolicyNodeType.VALIDATOR; + } + + public Set getSources() { + return this.sources; + } + + public void setSources(Set sources) { + this.sources = sources; + } + + public String[] getTags() { + return this.tags; + } + + public boolean hasTags() { + return this.tags != null && this.tags.length > 0; + } + + public void setTags(String[] tags) { + this.tags = tags; + } +} diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java index 287998967..1f1fcc1e8 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java @@ -17,7 +17,7 @@ public TaintRanges(ArrayList taintRanges) { this.taintRanges = taintRanges; } - public TaintRanges(TaintRange ...taintRanges) { + public TaintRanges(TaintRange... taintRanges) { this.taintRanges = new ArrayList(Arrays.asList(taintRanges)); } @@ -87,6 +87,18 @@ public boolean hasDisallowedTaintTags(TaintTag[] tags) { return false; } + public boolean hasValidatedTags(TaintTag[] tags) { + if (tags == null) { + return false; + } + for (TaintTag tag : tags) { + if (tag.equals(TaintTag.VALIDATED.getKey())) { + return true; + } + } + return false; + } + public TaintRanges clone() { TaintRanges taintRanges = new TaintRanges(); int size = this.taintRanges.size(); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java index 729e88b49..8ede07e7a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java @@ -34,6 +34,7 @@ public enum TaintTag { VBSCRIPT_ENCODED("vbscript-encoded"), HTTP_TOKEN_LIMITED_CHARS("http-token-limited-chars"), NUMERIC_LIMITED_CHARS("numeric-limited-chars"), + VALIDATED("validated"), ; private final String key; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java index b791c8e45..83e3c0657 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; import io.dongtai.log.DongTaiLog; @@ -44,6 +45,7 @@ public static void solveSyncInvoke(MethodEvent event, Object invocation, String event.setCallStacks(StackUtils.createCallStack(4)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } catch (NoSuchMethodException ignore) { } catch (Throwable e) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java index 7a377a8da..e163b66ea 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.context.ContextManager; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; import io.dongtai.log.DongTaiLog; @@ -51,6 +52,7 @@ public static void solveSyncInvoke(MethodEvent event, AtomicInteger invokeIdSequ event.setCallStacks(StackUtils.createCallStack(4)); int invokeId = invokeIdSequencer.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.PROPAGATOR.getName()); EngineManager.TRACK_MAP.get().put(invokeId, event); } catch (NoSuchFieldException ignore) { } catch (NoSuchMethodException ignore) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java index 3104929a2..a5d19e210 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java @@ -3,6 +3,7 @@ import io.dongtai.iast.core.EngineManager; import io.dongtai.iast.core.handler.hookpoint.SpyDispatcherImpl; import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent; +import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNodeType; import io.dongtai.iast.core.handler.hookpoint.models.policy.SinkNode; import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges; @@ -12,6 +13,7 @@ import io.dongtai.iast.core.handler.hookpoint.vulscan.IVulScan; import io.dongtai.iast.core.handler.hookpoint.vulscan.VulnType; import io.dongtai.iast.core.handler.hookpoint.vulscan.dynamic.xxe.XXECheck; +import io.dongtai.iast.core.utils.PropertyUtils; import io.dongtai.iast.core.utils.StackUtils; import io.dongtai.iast.core.utils.TaintPoolUtils; @@ -109,6 +111,7 @@ public void scan(MethodEvent event, SinkNode sinkNode) { event.setCallStacks(stackTraceElements); int invokeId = SpyDispatcherImpl.INVOKE_ID_SEQUENCER.getAndIncrement(); event.setInvokeId(invokeId); + event.setPolicyType(PolicyNodeType.SINK.getName()); event.setTaintPositions(sinkNode.getSources(), null); event.setStacks(stackTraceElements); @@ -175,9 +178,13 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) { if (tr == null || tr.isEmpty()) { continue; } + + boolean commonCondition = tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed); - if (tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed)) { - tagsHit = true; + if (PropertyUtils.validatedSink()) { + tagsHit = commonCondition && !tr.hasValidatedTags(disallowed); + } else { + tagsHit = commonCondition; } } if (!tagsHit) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java b/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java index c3d6b877e..bb83ffee3 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/init/impl/TransformEngine.java @@ -73,6 +73,9 @@ public void destroy() { DongTaiLog.error(ErrorCode.get("TRANSFORM_ENGINE_DESTROY_REDEFINE_CLASSES_FAILED"), e); } } + if (IastClassFileTransformer.getInstance() != null) { + IastClassFileTransformer.getInstance().getClassDiagram().setLoader(null); + } inst = null; classFileTransformer = null; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index 6ee3c2e7a..f2ca1ffea 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -1,5 +1,7 @@ package io.dongtai.iast.core.utils; +import io.dongtai.iast.common.config.ConfigBuilder; +import io.dongtai.iast.common.config.ConfigKey; import io.dongtai.iast.common.constants.PropertyConstant; import io.dongtai.log.DongTaiLog; import io.dongtai.log.ErrorCode; @@ -208,7 +210,7 @@ public static List getDisabledPlugins() { } public static List getDisabledFeatures() { - if (null == disabledFeatureList){ + if (null == disabledFeatureList) { disabledFeatureList = Optional.ofNullable(System.getProperty("dongtai.disabled.features")) .map(s -> Arrays.asList(s.split(","))) .orElse(new ArrayList<>()); @@ -217,10 +219,14 @@ public static List getDisabledFeatures() { } public static Boolean isDisabledCustomModel() { - if (null == isDisabledCustomModel){ + if (null == isDisabledCustomModel) { List disabledFeatures = getDisabledFeatures(); isDisabledCustomModel = disabledFeatures.contains("custom-model-collection"); } return isDisabledCustomModel; } + + public static Boolean validatedSink() { + return ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK); + } } diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index b00d6f18c..54aaf120e 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -29979,7 +29979,7 @@ org/apache/catalina/connector/CoyoteAdapter$CatalinaAfterServiceListener org/apache/catalina/connector/CoyoteAdapter$RecycleRequiredException #org/apache/catalina/connector/CoyoteOutputStream #org/apache/catalina/connector/CoyoteInputStream -org/apache/catalina/connector/CoyoteReader +#org/apache/catalina/connector/CoyoteReader org/apache/catalina/connector/InputBuffer org/apache/catalina/connector/MapperListener #org/apache/catalina/connector/OutputBuffer @@ -58862,7 +58862,7 @@ org/springframework/http/converter/feed/AbstractWireFeedHttpMessageConverter org/springframework/http/converter/feed/AtomFeedHttpMessageConverter org/springframework/http/converter/feed/RssChannelHttpMessageConverter org/springframework/http/converter/feed/package-info -org/springframework/http/converter/json/AbstractJackson2HttpMessageConverter +# org/springframework/http/converter/json/AbstractJackson2HttpMessageConverter org/springframework/http/converter/json/Jackson2ObjectMapperBuilder org/springframework/http/converter/json/MappingJackson2HttpMessageConverter org/springframework/http/converter/json/MappingJacksonHttpMessageConverter diff --git a/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java b/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java index fd9316783..b4c4e1a4b 100644 --- a/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java +++ b/dongtai-core/src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyNodeTypeTest.java @@ -14,7 +14,7 @@ public void testGet() { put(0, null); put(1, PolicyNodeType.PROPAGATOR); put(2, PolicyNodeType.SOURCE); - put(3, PolicyNodeType.FILTER); + put(3, PolicyNodeType.VALIDATOR); put(4, PolicyNodeType.SINK); put(5, null); }}; diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java index 8866b53cb..997374db4 100644 --- a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java +++ b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java @@ -187,6 +187,14 @@ public void leaveSink() { } + /** + * + */ + @Override + public boolean enterValidator() { + return false; + } + /** * Determines whether it is a layer 1 Sink entry * diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java index 1eb0746ae..b02fbe0ed 100644 --- a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java +++ b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java @@ -123,6 +123,8 @@ void collectDubboRequestSource(Object handler, Object invocation, String methodN */ void leaveSink(); + boolean enterValidator(); + /** * Determines whether it is a layer 1 Sink entry * diff --git a/pom.xml b/pom.xml index d693d8d8e..19206e061 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 - 1.12.0 + 1.13.0 UTF-8 io.dongtai.iast.thirdparty