diff --git a/dongtai-spring-api/pom.xml b/dongtai-spring-api/pom.xml
index 31b60c350..33d39c170 100644
--- a/dongtai-spring-api/pom.xml
+++ b/dongtai-spring-api/pom.xml
@@ -25,6 +25,11 @@
5.2.8.RELEASE
provided
+
+ com.secnium.iast
+ iast-log
+ 1.2.0
+
diff --git a/dongtai-spring-api/src/main/java/cn/huoxian/iast/spring/SpringApplicationContext.java b/dongtai-spring-api/src/main/java/cn/huoxian/iast/spring/SpringApplicationContext.java
index 648116ea5..c91ea247b 100644
--- a/dongtai-spring-api/src/main/java/cn/huoxian/iast/spring/SpringApplicationContext.java
+++ b/dongtai-spring-api/src/main/java/cn/huoxian/iast/spring/SpringApplicationContext.java
@@ -1,5 +1,6 @@
package cn.huoxian.iast.spring;
+import com.secnium.iast.log.DongTaiLog;
import org.springframework.aop.support.AopUtils;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.core.LocalVariableTableParameterNameDiscoverer;
@@ -24,114 +25,116 @@ public static List getAPIList(WebApplicationContext applicationCon
Map requestMappings = BeanFactoryUtils.beansOfTypeIncludingAncestors(applicationContext, RequestMappingHandlerMapping.class, true, false);
LocalVariableTableParameterNameDiscoverer methodParameters = new LocalVariableTableParameterNameDiscoverer();
List apiList = new ArrayList<>();
- for (RequestMappingHandlerMapping handlerMapping : requestMappings.values()) {
- if (handlerMapping != null) {
- Map methodMap = handlerMapping.getHandlerMethods();
- for (RequestMappingInfo info : methodMap.keySet()) {
- ApiDataModel apiDataModel = new ApiDataModel();
- HandlerMethod handlerMethod = methodMap.get(info);
- String clazz = handlerMethod.getBeanType().toString().substring(6);
- apiDataModel.setClazz(clazz);
- String method = info.getMethodsCondition().toString().replace("[", "").replace("]", "");
- String[] methods;
- if ("".equals(method)) {
- methods = new String[2];
- methods[0] = "GET";
- methods[1] = "POST";
- } else {
- methods = new String[1];
- methods[0] = method;
+ RequestMappingHandlerMapping handlerMapping = requestMappings.get("requestMappingHandlerMapping");
+ if (handlerMapping != null) {
+ Map methodMap = handlerMapping.getHandlerMethods();
+ for (RequestMappingInfo info : methodMap.keySet()) {
+ ApiDataModel apiDataModel = new ApiDataModel();
+ HandlerMethod handlerMethod = methodMap.get(info);
+ String clazz = handlerMethod.getBeanType().toString().substring(6);
+ apiDataModel.setClazz(clazz);
+ String method = info.getMethodsCondition().toString().replace("[", "").replace("]", "");
+ String[] methods;
+ if ("".equals(method)) {
+ methods = new String[]{"GET", "POST"};
+ }else if (method.contains(" || ")){
+ methods = method.split(" \\|\\| ");
+ } else {
+ methods = new String[]{method};
+ }
+ apiDataModel.setMethod(methods);
+ Method declaredMethod = null;
+ try {
+ HandlerMethod handlerMethodData = methodMap.get(info);
+ String beanType = handlerMethodData.getBeanType().toString().substring(6);
+ apiDataModel.setController(beanType);
+ Method methodData = handlerMethodData.getMethod();
+ String methodName = methodData.getName();
+ Parameter[] parameters = methodData.getParameters();
+ List> parameterList = new ArrayList<>();
+ for (Parameter parameter : parameters
+ ) {
+ parameterList.add(parameter.getType());
}
- apiDataModel.setMethod(methods);
- Method declaredMethod = null;
- try {
- HandlerMethod handlerMethodData = methodMap.get(info);
- String beanType = handlerMethodData.getBeanType().toString().substring(6);
- apiDataModel.setController(beanType);
- Method methodData = handlerMethodData.getMethod();
- String methodName = methodData.getName();
- Parameter[] parameters = methodData.getParameters();
- List> parameterList = new ArrayList<>();
- for (Parameter parameter : parameters
- ) {
- parameterList.add(parameter.getType());
- }
- int parameterListSize = parameterList.size();
- Class[] classes = new Class[parameterListSize];
- for (int i = 0; i < parameterListSize; i++) {
- classes[i] = parameterList.get(i);
+ int parameterListSize = parameterList.size();
+ Class[] classes = new Class[parameterListSize];
+ for (int i = 0; i < parameterListSize; i++) {
+ classes[i] = parameterList.get(i);
+ }
+ declaredMethod = AopUtils.getTargetClass(applicationContext.getBean(handlerMethod.getBean().toString())).getDeclaredMethod(methodName, classes);
+ parameters = declaredMethod.getParameters();
+ List> parameterMaps = new ArrayList<>();
+ String[] params = methodParameters.getParameterNames(methodData);
+ int i = 0;
+ for (Parameter parameter : parameters
+ ) {
+ Map parameterMap = new HashMap<>();
+ String classType = parameter.getType().toString();
+ if (classType.contains(" ")) {
+ classType = classType.substring(classType.indexOf(" ") + 1);
}
- declaredMethod = AopUtils.getTargetClass(applicationContext.getBean(handlerMethod.getBean().toString())).getDeclaredMethod(methodName, classes);
- parameters = declaredMethod.getParameters();
- List> parameterMaps = new ArrayList<>();
- String[] params = methodParameters.getParameterNames(methodData);
- int i = 0;
- for (Parameter parameter : parameters
+ Annotation[] declaredAnnotations = parameter.getDeclaredAnnotations();
+ StringBuilder annos = new StringBuilder();
+ for (Annotation annotation : declaredAnnotations
) {
- Map parameterMap = new HashMap<>();
- String classType = parameter.getType().toString();
- if (classType.contains(" ")) {
- classType = classType.substring(classType.indexOf(" ") + 1);
- }
- Annotation[] declaredAnnotations = parameter.getDeclaredAnnotations();
- StringBuilder annos = new StringBuilder();
- for (Annotation annotation : declaredAnnotations
- ) {
- String anno = annotation.annotationType().toString();
- anno = anno.substring(anno.lastIndexOf(".") + 1);
- switch (anno) {
- case "PathVariable":
- anno = "restful访问参数";
- break;
- case "RequestHeader":
- anno = "Header参数";
- break;
- case "CookieValue":
- anno = "Cookie参数";
- break;
- case "RequestParam":
- anno = "GET请求参数";
- break;
- case "RequestBody":
- anno = "POST请求的body参数";
- break;
- case "Validated":
- anno = "GET请求参数对象";
- break;
- }
- annos.append(anno);
+ String anno = annotation.annotationType().toString();
+ anno = anno.substring(anno.lastIndexOf(".") + 1);
+ switch (anno) {
+ case "PathVariable":
+ anno = "restful访问参数";
+ break;
+ case "RequestHeader":
+ anno = "Header参数";
+ break;
+ case "CookieValue":
+ anno = "Cookie参数";
+ break;
+ case "RequestParam":
+ anno = "GET请求参数";
+ break;
+ case "RequestBody":
+ anno = "POST请求的body参数";
+ break;
+ case "Validated":
+ anno = "GET请求参数对象";
+ break;
}
- assert params != null;
- parameterMap.put("name", params[i]);
- parameterMap.put("type", classType);
- parameterMap.put("annotation", String.valueOf(annos));
- parameterMaps.add(parameterMap);
- i = i + 1;
+ annos.append(anno);
}
- apiDataModel.setParameters(parameterMaps);
- String returnType = declaredMethod.getReturnType().toString();
- if (returnType.contains("class ")) {
- returnType = declaredMethod.getReturnType().toString().substring(6);
+ if (params != null){
+ parameterMap.put("name", params[i]);
+ }else {
+ parameterMap.put("name", "null");
}
- apiDataModel.setReturnType(returnType);
- } catch (NoSuchMethodException ignore) {
+ parameterMap.put("type", classType);
+ parameterMap.put("annotation", String.valueOf(annos));
+ parameterMaps.add(parameterMap);
+ i = i + 1;
+ }
+ apiDataModel.setParameters(parameterMaps);
+ String returnType = declaredMethod.getReturnType().toString();
+ if (returnType.contains("class ")) {
+ returnType = declaredMethod.getReturnType().toString().substring(6);
}
+ apiDataModel.setReturnType(returnType);
+ } catch (NoSuchMethodException e) {
+ DongTaiLog.error(e.getMessage());
+ }
- PatternsRequestCondition patternsCondition = info.getPatternsCondition();
- Set patterns = patternsCondition.getPatterns();
- if (patterns.size() > 1) {
- for (String s : patterns
- ) {
- String uri =applicationContext.getApplicationName() + s.replace("[", "").replace("]", "");
- apiDataModel.setUrl(uri);
- apiList.add(apiDataModel);
- }
- } else {
- String uri = applicationContext.getApplicationName() + info.getPatternsCondition().toString().replace("[", "").replace("]", "");
+ PatternsRequestCondition patternsCondition = info.getPatternsCondition();
+ Set patterns = patternsCondition.getPatterns();
+ if (patterns.size() > 1) {
+ for (String s : patterns
+ ) {
+ String uri = applicationContext.getApplicationName() + s.replace("[", "").replace("]", "");
apiDataModel.setUrl(uri);
apiList.add(apiDataModel);
}
+ } else {
+ String uri = applicationContext.getApplicationName() + info.getPatternsCondition().toString().replace("[", "").replace("]", "");
+ apiDataModel.setUrl(uri);
+ apiList.add(apiDataModel);
}
}
}
diff --git a/iast-agent/src/main/java/com/secnium/iast/agent/util/LogUtils.java b/iast-agent/src/main/java/com/secnium/iast/agent/util/LogUtils.java
deleted file mode 100644
index 8a766eaf9..000000000
--- a/iast-agent/src/main/java/com/secnium/iast/agent/util/LogUtils.java
+++ /dev/null
@@ -1,15 +0,0 @@
-package com.secnium.iast.agent.util;
-
-
-/**
- * @author owefsad
- */
-public class LogUtils {
- public static void info(String msg) {
- System.out.println("[io.dongtai.agent] " + msg);
- }
-
- public static void error(String msg) {
- System.err.println("[io.dongtai.agent] " + msg);
- }
-}
diff --git a/iast-agent/src/test/java/com/secnium/iast/agent/AgentTest.java b/iast-agent/src/test/java/com/secnium/iast/agent/AgentTest.java
index d1705c98f..506fec7c3 100644
--- a/iast-agent/src/test/java/com/secnium/iast/agent/AgentTest.java
+++ b/iast-agent/src/test/java/com/secnium/iast/agent/AgentTest.java
@@ -2,8 +2,8 @@
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
+import java.util.Arrays;
-import com.secnium.iast.agent.util.LogUtils;
import org.junit.Test;
public class AgentTest {
@@ -17,7 +17,6 @@ public void appendToolsPath() {
pid = "94008";
AttachLauncher.attach(pid, "");
} catch (Throwable e) {
- LogUtils.error("Start DongTai Agent failed, exception stack trace: ");
e.printStackTrace();
System.exit(-1);
}
diff --git a/iast-agent/src/test/java/com/secnium/iast/agent/manager/EngineManagerTest.java b/iast-agent/src/test/java/com/secnium/iast/agent/manager/EngineManagerTest.java
index 163fe2ca9..d423d9727 100644
--- a/iast-agent/src/test/java/com/secnium/iast/agent/manager/EngineManagerTest.java
+++ b/iast-agent/src/test/java/com/secnium/iast/agent/manager/EngineManagerTest.java
@@ -2,7 +2,6 @@
import com.secnium.iast.agent.Agent;
import com.secnium.iast.agent.AttachLauncher;
-import com.secnium.iast.agent.util.LogUtils;
import java.lang.management.ManagementFactory;
import java.lang.management.RuntimeMXBean;
import org.junit.Test;
@@ -29,7 +28,6 @@ public void install() {
try {
AttachLauncher.attach(pid, "");
} catch (Throwable e) {
- LogUtils.error("Start DongTai Agent failed, exception stack trace: ");
e.printStackTrace();
System.exit(-1);
}
diff --git a/iast-agent/src/test/java/com/secnium/iast/agent/monitor/EngineMonitor.java b/iast-agent/src/test/java/com/secnium/iast/agent/monitor/EngineMonitor.java
index 14bfba1bf..6678a0876 100644
--- a/iast-agent/src/test/java/com/secnium/iast/agent/monitor/EngineMonitor.java
+++ b/iast-agent/src/test/java/com/secnium/iast/agent/monitor/EngineMonitor.java
@@ -3,7 +3,6 @@
import com.secnium.iast.agent.*;
import com.secnium.iast.agent.manager.EngineManager;
import com.secnium.iast.agent.report.AgentRegisterReport;
-import com.secnium.iast.agent.util.LogUtils;
import com.secnium.iast.agent.util.http.HttpClientUtils;
import com.secnium.iast.log.DongTaiLog;
import org.json.JSONObject;
diff --git a/iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/spring/SpringApplicationImpl.java b/iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/spring/SpringApplicationImpl.java
index c159cb8b5..fad6c2c42 100644
--- a/iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/spring/SpringApplicationImpl.java
+++ b/iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/spring/SpringApplicationImpl.java
@@ -1,8 +1,10 @@
package com.secnium.iast.core.enhance.plugins.api.spring;
import com.secnium.iast.core.handler.IastClassLoader;
+import com.secnium.iast.core.handler.api.GetApiThread;
import com.secnium.iast.core.handler.controller.impl.HttpImpl;
import com.secnium.iast.core.handler.models.MethodEvent;
+import com.secnium.iast.log.DongTaiLog;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
@@ -27,13 +29,8 @@ public static void getWebApplicationContext(MethodEvent event) {
Object applicationContext = event.returnValue;
createClassLoader(applicationContext);
loadApplicationContext();
- Map invoke = null;
- try {
- invoke = (Map) getAPI.invoke(null, applicationContext);
- sendReport(invoke);
- isSend = true;
- } catch (Exception ignored) {
- }
+ GetApiThread getApiThread = new GetApiThread(applicationContext);
+ getApiThread.start();
}
}
@@ -47,7 +44,7 @@ private static void createClassLoader(Object applicationContext) {
}
}
} catch (MalformedURLException e) {
- e.printStackTrace();
+ DongTaiLog.error(e.getMessage());
}
}
@@ -58,7 +55,7 @@ private static void loadApplicationContext() {
proxyClass = iastClassLoader.loadClass("cn.huoxian.iast.spring.SpringApplicationContext");
getAPI = proxyClass.getDeclaredMethod("getAPI", Object.class);
} catch (NoSuchMethodException e) {
- e.printStackTrace();
+ DongTaiLog.error(e.getMessage());
}
}
}
diff --git a/iast-core/src/main/java/com/secnium/iast/core/handler/api/GetApiThread.java b/iast-core/src/main/java/com/secnium/iast/core/handler/api/GetApiThread.java
new file mode 100644
index 000000000..0df6ee393
--- /dev/null
+++ b/iast-core/src/main/java/com/secnium/iast/core/handler/api/GetApiThread.java
@@ -0,0 +1,34 @@
+package com.secnium.iast.core.handler.api;
+
+import com.secnium.iast.core.enhance.plugins.api.spring.SpringApplicationImpl;
+import com.secnium.iast.log.DongTaiLog;
+
+import java.lang.reflect.InvocationTargetException;
+import java.util.Map;
+
+import static com.secnium.iast.core.report.ApiReport.sendReport;
+
+public class GetApiThread extends Thread{
+
+ private final Object applicationContext;
+
+ public GetApiThread(Object applicationContext){
+ this.applicationContext = applicationContext;
+ }
+
+ @Override
+ public void run() {
+ Map invoke = null;
+ try {
+ invoke = (Map) SpringApplicationImpl.getAPI.invoke(null, applicationContext);
+ sendReport(invoke);
+ } catch (IllegalAccessException e) {
+ DongTaiLog.error(e);
+ } catch (InvocationTargetException e) {
+ DongTaiLog.error(e);
+ } finally {
+ SpringApplicationImpl.isSend = true;
+ }
+ }
+
+}