Skip to content

Commit

Permalink
fix bug #226
Browse files Browse the repository at this point in the history
  • Loading branch information
‘niuerzhuang’ committed Jan 18, 2022
1 parent fcceb88 commit 84f384f
Show file tree
Hide file tree
Showing 8 changed files with 145 additions and 125 deletions.
5 changes: 5 additions & 0 deletions dongtai-spring-api/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@
<version>5.2.8.RELEASE</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.secnium.iast</groupId>
<artifactId>iast-log</artifactId>
<version>1.2.0</version>
</dependency>
</dependencies>

<build>
Expand Down
195 changes: 99 additions & 96 deletions dongtai-spring-api/src/main/java/cn/huoxian/iast/spring/SpringApplicationContext.java
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package cn.huoxian.iast.spring;

import com.secnium.iast.log.DongTaiLog;
import org.springframework.aop.support.AopUtils;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
Expand All @@ -24,114 +25,116 @@ public static List<ApiDataModel> getAPIList(WebApplicationContext applicationCon
Map<String, RequestMappingHandlerMapping> requestMappings = BeanFactoryUtils.beansOfTypeIncludingAncestors(applicationContext, RequestMappingHandlerMapping.class, true, false);
LocalVariableTableParameterNameDiscoverer methodParameters = new LocalVariableTableParameterNameDiscoverer();
List<ApiDataModel> apiList = new ArrayList<>();
for (RequestMappingHandlerMapping handlerMapping : requestMappings.values()) {
if (handlerMapping != null) {
Map<RequestMappingInfo, HandlerMethod> methodMap = handlerMapping.getHandlerMethods();
for (RequestMappingInfo info : methodMap.keySet()) {
ApiDataModel apiDataModel = new ApiDataModel();
HandlerMethod handlerMethod = methodMap.get(info);
String clazz = handlerMethod.getBeanType().toString().substring(6);
apiDataModel.setClazz(clazz);
String method = info.getMethodsCondition().toString().replace("[", "").replace("]", "");
String[] methods;
if ("".equals(method)) {
methods = new String[2];
methods[0] = "GET";
methods[1] = "POST";
} else {
methods = new String[1];
methods[0] = method;
RequestMappingHandlerMapping handlerMapping = requestMappings.get("requestMappingHandlerMapping");
if (handlerMapping != null) {
Map<RequestMappingInfo, HandlerMethod> methodMap = handlerMapping.getHandlerMethods();
for (RequestMappingInfo info : methodMap.keySet()) {
ApiDataModel apiDataModel = new ApiDataModel();
HandlerMethod handlerMethod = methodMap.get(info);
String clazz = handlerMethod.getBeanType().toString().substring(6);
apiDataModel.setClazz(clazz);
String method = info.getMethodsCondition().toString().replace("[", "").replace("]", "");
String[] methods;
if ("".equals(method)) {
methods = new String[]{"GET", "POST"};
}else if (method.contains(" || ")){
methods = method.split(" \\|\\| ");
} else {
methods = new String[]{method};
}
apiDataModel.setMethod(methods);
Method declaredMethod = null;
try {
HandlerMethod handlerMethodData = methodMap.get(info);
String beanType = handlerMethodData.getBeanType().toString().substring(6);
apiDataModel.setController(beanType);
Method methodData = handlerMethodData.getMethod();
String methodName = methodData.getName();
Parameter[] parameters = methodData.getParameters();
List<Class<?>> parameterList = new ArrayList<>();
for (Parameter parameter : parameters
) {
parameterList.add(parameter.getType());
}
apiDataModel.setMethod(methods);
Method declaredMethod = null;
try {
HandlerMethod handlerMethodData = methodMap.get(info);
String beanType = handlerMethodData.getBeanType().toString().substring(6);
apiDataModel.setController(beanType);
Method methodData = handlerMethodData.getMethod();
String methodName = methodData.getName();
Parameter[] parameters = methodData.getParameters();
List<Class<?>> parameterList = new ArrayList<>();
for (Parameter parameter : parameters
) {
parameterList.add(parameter.getType());
}
int parameterListSize = parameterList.size();
Class<?>[] classes = new Class[parameterListSize];
for (int i = 0; i < parameterListSize; i++) {
classes[i] = parameterList.get(i);
int parameterListSize = parameterList.size();
Class<?>[] classes = new Class[parameterListSize];
for (int i = 0; i < parameterListSize; i++) {
classes[i] = parameterList.get(i);
}
declaredMethod = AopUtils.getTargetClass(applicationContext.getBean(handlerMethod.getBean().toString())).getDeclaredMethod(methodName, classes);
parameters = declaredMethod.getParameters();
List<Map<String, String>> parameterMaps = new ArrayList<>();
String[] params = methodParameters.getParameterNames(methodData);
int i = 0;
for (Parameter parameter : parameters
) {
Map<String, String> parameterMap = new HashMap<>();
String classType = parameter.getType().toString();
if (classType.contains(" ")) {
classType = classType.substring(classType.indexOf(" ") + 1);
}
declaredMethod = AopUtils.getTargetClass(applicationContext.getBean(handlerMethod.getBean().toString())).getDeclaredMethod(methodName, classes);
parameters = declaredMethod.getParameters();
List<Map<String, String>> parameterMaps = new ArrayList<>();
String[] params = methodParameters.getParameterNames(methodData);
int i = 0;
for (Parameter parameter : parameters
Annotation[] declaredAnnotations = parameter.getDeclaredAnnotations();
StringBuilder annos = new StringBuilder();
for (Annotation annotation : declaredAnnotations
) {
Map<String, String> parameterMap = new HashMap<>();
String classType = parameter.getType().toString();
if (classType.contains(" ")) {
classType = classType.substring(classType.indexOf(" ") + 1);
}
Annotation[] declaredAnnotations = parameter.getDeclaredAnnotations();
StringBuilder annos = new StringBuilder();
for (Annotation annotation : declaredAnnotations
) {
String anno = annotation.annotationType().toString();
anno = anno.substring(anno.lastIndexOf(".") + 1);
switch (anno) {
case "PathVariable":
anno = "restful访问参数";
break;
case "RequestHeader":
anno = "Header参数";
break;
case "CookieValue":
anno = "Cookie参数";
break;
case "RequestParam":
anno = "GET请求参数";
break;
case "RequestBody":
anno = "POST请求的body参数";
break;
case "Validated":
anno = "GET请求参数对象";
break;
}
annos.append(anno);
String anno = annotation.annotationType().toString();
anno = anno.substring(anno.lastIndexOf(".") + 1);
switch (anno) {
case "PathVariable":
anno = "restful访问参数";
break;
case "RequestHeader":
anno = "Header参数";
break;
case "CookieValue":
anno = "Cookie参数";
break;
case "RequestParam":
anno = "GET请求参数";
break;
case "RequestBody":
anno = "POST请求的body参数";
break;
case "Validated":
anno = "GET请求参数对象";
break;
}
assert params != null;
parameterMap.put("name", params[i]);
parameterMap.put("type", classType);
parameterMap.put("annotation", String.valueOf(annos));
parameterMaps.add(parameterMap);
i = i + 1;
annos.append(anno);
}
apiDataModel.setParameters(parameterMaps);
String returnType = declaredMethod.getReturnType().toString();
if (returnType.contains("class ")) {
returnType = declaredMethod.getReturnType().toString().substring(6);
if (params != null){
parameterMap.put("name", params[i]);
}else {
parameterMap.put("name", "null");
}
apiDataModel.setReturnType(returnType);
} catch (NoSuchMethodException ignore) {
parameterMap.put("type", classType);
parameterMap.put("annotation", String.valueOf(annos));
parameterMaps.add(parameterMap);
i = i + 1;
}
apiDataModel.setParameters(parameterMaps);
String returnType = declaredMethod.getReturnType().toString();
if (returnType.contains("class ")) {
returnType = declaredMethod.getReturnType().toString().substring(6);
}
apiDataModel.setReturnType(returnType);
} catch (NoSuchMethodException e) {
DongTaiLog.error(e.getMessage());
}


PatternsRequestCondition patternsCondition = info.getPatternsCondition();
Set<String> patterns = patternsCondition.getPatterns();
if (patterns.size() > 1) {
for (String s : patterns
) {
String uri =applicationContext.getApplicationName() + s.replace("[", "").replace("]", "");
apiDataModel.setUrl(uri);
apiList.add(apiDataModel);
}
} else {
String uri = applicationContext.getApplicationName() + info.getPatternsCondition().toString().replace("[", "").replace("]", "");
PatternsRequestCondition patternsCondition = info.getPatternsCondition();
Set<String> patterns = patternsCondition.getPatterns();
if (patterns.size() > 1) {
for (String s : patterns
) {
String uri = applicationContext.getApplicationName() + s.replace("[", "").replace("]", "");
apiDataModel.setUrl(uri);
apiList.add(apiDataModel);
}
} else {
String uri = applicationContext.getApplicationName() + info.getPatternsCondition().toString().replace("[", "").replace("]", "");
apiDataModel.setUrl(uri);
apiList.add(apiDataModel);
}
}
}
Expand Down
15 changes: 0 additions & 15 deletions iast-agent/src/main/java/com/secnium/iast/agent/util/LogUtils.java
View file

This file was deleted.

3 changes: 1 addition & 2 deletions iast-agent/src/test/java/com/secnium/iast/agent/AgentTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@

import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
import java.util.Arrays;

import com.secnium.iast.agent.util.LogUtils;
import org.junit.Test;

public class AgentTest {
Expand All @@ -17,7 +17,6 @@ public void appendToolsPath() {
pid = "94008";
AttachLauncher.attach(pid, "");
} catch (Throwable e) {
LogUtils.error("Start DongTai Agent failed, exception stack trace: ");
e.printStackTrace();
System.exit(-1);
}
Expand Down
2 changes: 0 additions & 2 deletions iast-agent/src/test/java/com/secnium/iast/agent/manager/EngineManagerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import com.secnium.iast.agent.Agent;
import com.secnium.iast.agent.AttachLauncher;
import com.secnium.iast.agent.util.LogUtils;
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
import org.junit.Test;
Expand All @@ -29,7 +28,6 @@ public void install() {
try {
AttachLauncher.attach(pid, "");
} catch (Throwable e) {
LogUtils.error("Start DongTai Agent failed, exception stack trace: ");
e.printStackTrace();
System.exit(-1);
}
Expand Down
1 change: 0 additions & 1 deletion iast-agent/src/test/java/com/secnium/iast/agent/monitor/EngineMonitor.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import com.secnium.iast.agent.*;
import com.secnium.iast.agent.manager.EngineManager;
import com.secnium.iast.agent.report.AgentRegisterReport;
import com.secnium.iast.agent.util.LogUtils;
import com.secnium.iast.agent.util.http.HttpClientUtils;
import com.secnium.iast.log.DongTaiLog;
import org.json.JSONObject;
Expand Down
15 changes: 6 additions & 9 deletions ...src/main/java/com/secnium/iast/core/enhance/plugins/api/spring/SpringApplicationImpl.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
package com.secnium.iast.core.enhance.plugins.api.spring;

import com.secnium.iast.core.handler.IastClassLoader;
import com.secnium.iast.core.handler.api.GetApiThread;
import com.secnium.iast.core.handler.controller.impl.HttpImpl;
import com.secnium.iast.core.handler.models.MethodEvent;
import com.secnium.iast.log.DongTaiLog;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
Expand All @@ -27,13 +29,8 @@ public static void getWebApplicationContext(MethodEvent event) {
Object applicationContext = event.returnValue;
createClassLoader(applicationContext);
loadApplicationContext();
Map<String, Object> invoke = null;
try {
invoke = (Map<String, Object>) getAPI.invoke(null, applicationContext);
sendReport(invoke);
isSend = true;
} catch (Exception ignored) {
}
GetApiThread getApiThread = new GetApiThread(applicationContext);
getApiThread.start();
}
}

Expand All @@ -47,7 +44,7 @@ private static void createClassLoader(Object applicationContext) {
}
}
} catch (MalformedURLException e) {
e.printStackTrace();
DongTaiLog.error(e.getMessage());
}
}

Expand All @@ -58,7 +55,7 @@ private static void loadApplicationContext() {
proxyClass = iastClassLoader.loadClass("cn.huoxian.iast.spring.SpringApplicationContext");
getAPI = proxyClass.getDeclaredMethod("getAPI", Object.class);
} catch (NoSuchMethodException e) {
e.printStackTrace();
DongTaiLog.error(e.getMessage());
}
}
}
Expand Down
34 changes: 34 additions & 0 deletions iast-core/src/main/java/com/secnium/iast/core/handler/api/GetApiThread.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
package com.secnium.iast.core.handler.api;

import com.secnium.iast.core.enhance.plugins.api.spring.SpringApplicationImpl;
import com.secnium.iast.log.DongTaiLog;

import java.lang.reflect.InvocationTargetException;
import java.util.Map;

import static com.secnium.iast.core.report.ApiReport.sendReport;

public class GetApiThread extends Thread{

private final Object applicationContext;

public GetApiThread(Object applicationContext){
this.applicationContext = applicationContext;
}

@Override
public void run() {
Map<String, Object> invoke = null;
try {
invoke = (Map<String, Object>) SpringApplicationImpl.getAPI.invoke(null, applicationContext);
sendReport(invoke);
} catch (IllegalAccessException e) {
DongTaiLog.error(e);
} catch (InvocationTargetException e) {
DongTaiLog.error(e);
} finally {
SpringApplicationImpl.isSend = true;
}
}

}

0 comments on commit 84f384f

Please sign in to comment.