Merge pull request #590 from HXSecurity/develop

merge Develop

dongtai-agent/pom.xml

@@ -25,13 +25,6 @@
             <version>${commons-lang3.version}</version>
         </dependency>
 
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
-
         <dependency>
             <groupId>org.json</groupId>
             <artifactId>json</artifactId>

dongtai-agent/src/main/java/io/dongtai/iast/agent/IastClassLoader.java

@@ -50,8 +50,7 @@ protected synchronized Class<?> loadClass(String name, boolean resolve) throws C
             return loadedClass;
         }
 
-        if (!name.startsWith("io.dongtai") && !name.startsWith("com.secnium")
-                && !name.startsWith("cn.huoxian") && !name.startsWith("java.lang.iast")) {
+        if (!name.startsWith("io.dongtai") && !name.startsWith("java.lang.iast")) {
             return super.loadClass(name, resolve);
         }
 

dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java

@@ -34,6 +34,10 @@ public class IastProperties {
         put("uuid_path", PropertyConstant.PROPERTY_UUID_PATH);
         put("disabled_plugins", PropertyConstant.PROPERTY_DISABLED_PLUGINS);
         put("disabled_features", PropertyConstant.PROPERTY_DISABLED_FEATURES);
+        put("pool_capacity", PropertyConstant.PROPERTY_POOL_CAPACITY);
+        put("pool_size", PropertyConstant.PROPERTY_POOL_SIZE);
+        put("pool_max_size", PropertyConstant.PROPERTY_POOL_MAX_SIZE);
+        put("pool_keepalive", PropertyConstant.PROPERTY_POOL_KEEPALIVE);
     }};
 
     private static IastProperties instance;

dongtai-agent/src/main/java/io/dongtai/iast/agent/fallback/checker/MetricsBindCheckerEnum.java

@@ -33,7 +33,7 @@ public enum MetricsBindCheckerEnum {
     /**
      * 检查器类型
      */
-    private Class<? extends IPerformanceChecker> checker;
+    private final Class<? extends IPerformanceChecker> checker;
 
     /**
      * 描述

dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java

@@ -2,7 +2,6 @@
 
 import io.dongtai.iast.agent.*;
 import io.dongtai.iast.agent.fallback.FallbackManager;
-import io.dongtai.iast.agent.monitor.MonitorDaemonThread;
 import io.dongtai.iast.agent.report.AgentRegisterReport;
 import io.dongtai.iast.agent.util.*;
 import io.dongtai.iast.common.state.AgentState;
@@ -22,13 +21,10 @@
  */
 public class EngineManager {
 
-    private static final String ENGINE_ENTRYPOINT_CLASS = "com.secnium.iast.core.AgentEngine";
+    private static final String ENGINE_ENTRYPOINT_CLASS = "io.dongtai.iast.core.AgentEngine";
     private static final String INJECT_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-spy";
-    private static final String INJECT_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-spy-jdk6";
     private static final String ENGINE_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-core";
-    private static final String ENGINE_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-core-jdk6";
     private static final String API_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-api";
-    private static final String API_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-api-jdk6";
     private final static String TMP_DIR = IastProperties.getInstance().getTmpDir();
     private static IastClassLoader IAST_CLASS_LOADER;
     private static EngineManager INSTANCE;
@@ -187,7 +183,6 @@ public boolean install() {
      * 启动检测引擎
      */
     public boolean start() {
-        // 将Spy注入到BootstrapClassLoader，todo: 异常卸载时，需要特定处理spy模块
         try {
             if (classOfEngine != null) {
                 classOfEngine.getMethod("start").invoke(null);
@@ -207,7 +202,6 @@ public boolean start() {
      * @return 布尔值，表示stop成功或失败
      */
     public boolean stop() {
-        // 将Spy注入到BootstrapClassLoader，todo: 异常卸载时，需要特定处理spy模块
         try {
             if (classOfEngine != null) {
                 classOfEngine.getMethod("stop").invoke(null);

dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/jboss/JBoss.java

@@ -52,8 +52,7 @@ public String getVersion() {
                     if (matcher.find()) {
                         version = matcher.group(1);
                     }
-                } catch (IOException iOException) {
-                    ;
+                } catch (IOException ignored) {
                 }
             }
         }

dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/spring/Tomcat.java

@@ -10,8 +10,8 @@
  */
 public class Tomcat implements IServer {
 
-    private static String TOMCAT_BOOTSTAP = " org.apache.catalina.startup.Bootstrap".substring(1);
-    private static String TOMCAT_SERVER_INFO = " org.apache.catalina.util.ServerInfo".substring(1);
+    private static final String TOMCAT_BOOTSTAP = " org.apache.catalina.startup.Bootstrap".substring(1);
+    private static final String TOMCAT_SERVER_INFO = " org.apache.catalina.util.ServerInfo".substring(1);
     private String name;
     private String version;
 

dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/collector/MetricsBindCollectorEnum.java

@@ -31,7 +31,7 @@ public enum MetricsBindCollectorEnum {
     /**
      * 收集器类型
      */
-    private Class<? extends IPerformanceCollector> collector;
+    private final Class<? extends IPerformanceCollector> collector;
 
     /**
      * 描述

dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java

@@ -17,7 +17,7 @@
 
 import java.io.*;
 import java.net.*;
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.util.Enumeration;
 import java.util.UUID;
 
@@ -58,7 +58,7 @@ private String generateAgentRegisterMsg() {
         object.put("language", AgentConstant.LANGUAGE);
         object.put("network", readIpInfo());
         object.put("serverEnv", Base64Encoder
-                .encodeBase64String(System.getProperties().toString().getBytes(Charset.forName("UTF-8")))
+                .encodeBase64String(System.getProperties().toString().getBytes(StandardCharsets.UTF_8))
                 .replaceAll("\n", "").replaceAll("\r", ""));
         object.put("containerName", null == server ? "" : server.getName());
         object.put("containerVersion", null == server ? "" : server.getVersion());

dongtai-agent/src/test/java/io/dongtai/iast/agent/fallback/checker/CpuUsageCheckerTest.java

@@ -0,0 +1,47 @@
+package io.dongtai.iast.agent.fallback.checker;
+
+import io.dongtai.iast.agent.IastProperties;
+import io.dongtai.iast.agent.fallback.checker.impl.CpuUsageChecker;
+import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.CpuInfoMetrics;
+import io.dongtai.iast.common.enums.MetricsKey;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Properties;
+
+/**
+ * 检查CPU使用率
+ */
+public class CpuUsageCheckerTest {
+
+    @Test
+    public void testIsPerformanceOverLimit() {
+
+
+        // 创建配置参数对象
+        Properties cfg = new Properties();
+        cfg.setProperty("iast.remoteSync.performanceLimit.maxThreshold.cpuUsage", "{\"cpuUsagePercentage\":80.0}");
+
+        //初始化临时目录
+        IastProperties.initTmpDir();
+
+        // 创建测试用例对象
+        CpuUsageChecker cpuUsageChecker = new CpuUsageChecker();
+        // 创建模拟性能指标对象
+        PerformanceMetrics nowMetrics = new PerformanceMetrics();
+        CpuInfoMetrics cpuInfoMetrics = new CpuInfoMetrics();
+        cpuInfoMetrics.setCpuUsagePercentage(81.0);
+
+        nowMetrics.setMetricsKey(MetricsKey.CPU_USAGE);
+        nowMetrics.setMetricsValue(cpuInfoMetrics);
+
+        // CPU使用率超过阈值，应该返回true
+        Assert.assertTrue(cpuUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+
+        // 修改性能指标对象的CPU使用率为70%
+        cpuInfoMetrics.setCpuUsagePercentage(70.0);
+        // CPU使用率未超过阈值，应该返回false
+        Assert.assertFalse(cpuUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+    }
+}

dongtai-agent/src/test/java/io/dongtai/iast/agent/fallback/checker/MemUsageCheckerTest.java

@@ -0,0 +1,44 @@
+package io.dongtai.iast.agent.fallback.checker;
+
+import io.dongtai.iast.agent.IastProperties;
+import io.dongtai.iast.agent.fallback.checker.impl.MemUsageChecker;
+import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
+import io.dongtai.iast.common.enums.MetricsKey;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Properties;
+
+public class MemUsageCheckerTest {
+
+
+    /**
+     * 测试内存检查
+     */
+    @Test
+    public void testIsPerformanceOverLimit() {
+        // 配置参数
+        Properties cfg = new Properties();
+        // 设置配置内存阈值
+        cfg.setProperty("iast.remoteSync.performanceLimit.maxThreshold.memoryUsage", "{\"committed\":1024," +
+                "\"init\":1024,\"max\":1024,\"memUsagePercentage\":80.0,\"systemMaxLimit\":-1," +
+                "\"trulyMaxMem\":1024,\"used\":1024}\n");
+        //初始化临时目录
+        IastProperties.initTmpDir();
+        // 创建检查器对象
+        MemUsageChecker memUsageChecker = new MemUsageChecker();
+        // 创建模拟性能指标对象
+        PerformanceMetrics nowMetrics = new PerformanceMetrics();
+        nowMetrics.setMetricsKey(MetricsKey.MEM_USAGE);
+        nowMetrics.setMetricsValue(new MemoryUsageMetrics(1024L, 1024L, 1024L, 1024L));
+        // 内存使用率超过阈值，应该返回true
+        Assert.assertTrue(memUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+
+
+        // 修改性能指标对象的内存使用率为70%
+        nowMetrics.setMetricsValue(new MemoryUsageMetrics(1024L, 500L, 1024L, 1024L));
+        // 内存使用率未超过阈值，应该返回false
+        Assert.assertFalse(memUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+    }
+}

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/convertor/MethodConvertor.java

@@ -18,8 +18,8 @@
  */
 public class MethodConvertor {
 
-    private OpenApiSchemaConvertorManager manager;
-    private Method reflectionMethod;
+    private final OpenApiSchemaConvertorManager manager;
+    private final Method reflectionMethod;
 
     /**
      * @param manager

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/convertor/ServiceConvertor.java

@@ -17,8 +17,8 @@
  */
 public class ServiceConvertor {
 
-    private OpenApiSchemaConvertorManager manager;
-    private Class interfaceClass;
+    private final OpenApiSchemaConvertorManager manager;
+    private final Class interfaceClass;
 
     public ServiceConvertor(OpenApiSchemaConvertorManager manager, Class interfaceClass) {
         this.manager = manager;

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/extractor/AbstractDubboServiceExtractor.java

@@ -27,7 +27,7 @@ public abstract class AbstractDubboServiceExtractor {
     private static final String DUBBO_PROTOCOL_NAME = "dubbo";
 
     // 每个Gather共享同一个Manager
-    private OpenApiSchemaConvertorManager manager;
+    private final OpenApiSchemaConvertorManager manager;
 
     public AbstractDubboServiceExtractor() {
         this.manager = new OpenApiSchemaConvertorManager();

dongtai-api-gather/dongtai-api-gather-openapi/pom.xml

@@ -24,12 +24,6 @@
             <version>${fastjson2.version}</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
 </project>

dongtai-api-gather/dongtai-api-gather-openapi/src/main/java/io/dongtai/iast/api/openapi/convertor/ComponentDatabase.java

@@ -14,15 +14,15 @@
 public class ComponentDatabase {
 
     // 类到Schema的映射
-    private Map<Class, Schema> classToSchemaMap;
+    private final Map<Class, Schema> classToSchemaMap;
 
     // 已经发现了的类，用于避免重复处理，也避免碰到循环引用时递归爆栈
     private Set<Class> existsClassSet = new HashSet<>();
 
     // 符合类型的schema生成完毕的时候的回调方法，用于处理环形依赖
-    private Map<Class, List<Consumer<Schema>>> classSchemaDoneCallbackMap;
+    private final Map<Class, List<Consumer<Schema>>> classSchemaDoneCallbackMap;
 
-    private OpenApiSchemaConvertorManager manager;
+    private final OpenApiSchemaConvertorManager manager;
 
     public ComponentDatabase(OpenApiSchemaConvertorManager manager) {
         this.manager = manager;

dongtai-api-gather/dongtai-api-gather-spring-api/pom.xml

@@ -30,12 +30,6 @@
             <version>${project.version}</version>
             <scope>provided</scope>
         </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
-            <version>${junit.version}</version>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
     <build>

dongtai-api-gather/dongtai-api-gather-spring-api/src/main/java/io/dongtai/iast/api/gather/spring/convertor/RequestMappingInfoConvertor.java

@@ -26,7 +26,7 @@ public class RequestMappingInfoConvertor {
     private final HandlerMethod handlerMethod;
 
     // 从方法中解析出的映射
-    private Map<String, Path> pathMap;
+    private final Map<String, Path> pathMap;
 
     public RequestMappingInfoConvertor(OpenApiSchemaConvertorManager manager, WebApplicationContext webApplicationContext, RequestMappingInfo requestMappingInfo, HandlerMethod handlerMethod) {
         this.manager = manager;
@@ -60,7 +60,7 @@ private void parsePathPatternsRequestCondition() {
                 });
             }
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api path.getPathPatternsCondition router exception", e);
+//            DongTaiLog.debug("spring api path.getPathPatternsCondition router exception", e);
         }
 
         try {
@@ -78,7 +78,7 @@ public void accept(String s) {
                 });
             }
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api path.getPatternsCondition router exception", e);
+//            DongTaiLog.debug("spring api path.getPatternsCondition router exception", e);
         }
     }
 
@@ -144,7 +144,7 @@ public void accept(RequestMethod requestMethod) {
                 }
             });
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api method router exception", e);
+//            DongTaiLog.debug("spring api method router exception", e);
         }
     }
 
@@ -176,7 +176,7 @@ private Operation parseOperation() {
         operation.setOperationId(UUID.randomUUID().toString());
 
         // 全路径类名放在tags中
-        operation.setTags(Arrays.asList(this.handlerMethod.getBeanType().getName()));
+        operation.setTags(Collections.singletonList(this.handlerMethod.getBeanType().getName()));
 
         try {
             // 解析HandlerMethod
@@ -210,7 +210,7 @@ public void accept(NameValueExpression<String> stringNameValueExpression) {
             });
             return parameterList;
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api parameters router exception: {}", e.getMessage());
+//            DongTaiLog.debug("spring api parameters router exception: {}", e.getMessage());
         }
         return Collections.emptyList();
     }
@@ -242,7 +242,7 @@ public void accept(NameValueExpression<String> stringNameValueExpression) {
             });
             return headerParameterList;
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api headers router exception: {}", e.getMessage());
+//            DongTaiLog.debug("spring api headers router exception: {}", e.getMessage());
         }
         return Collections.emptyList();
     }

dongtai-api-gather/dongtai-api-gather-spring-api/src/main/java/io/dongtai/iast/api/gather/spring/extractor/SpringMVCApiExtractor.java

@@ -2,6 +2,7 @@
 
 import io.dongtai.iast.api.gather.spring.convertor.RequestMappingHandlerMappingConvertor;
 import io.dongtai.iast.api.openapi.domain.OpenApi;
+import io.dongtai.iast.common.utils.ExceptionUtil;
 import io.dongtai.log.DongTaiLog;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
@@ -72,7 +73,11 @@ private List<RequestMappingHandlerMapping> findRequestMappingHandlerMapping(WebA
                 }
             }
         } catch (Throwable e) {
-            DongTaiLog.debug("try use BeanFactoryUtils find RequestMappingHandlerMapping exception", e);
+            // 仅在出现预期外错误的时候才打印日志
+            String s = ExceptionUtil.getPrintStackTraceString(e);
+            if (!s.contains("java.lang.NoSuchMethodException: org.springframework.beans.factory.BeanFactoryUtils.beansOfTypeIncludingAncestors()")) {
+                DongTaiLog.debug("try use BeanFactoryUtils throw RequestMappingHandlerMapping exception", e);
+            }
         }
 
         // 没有工具类，就只从自己里面找

dongtai-api-gather/pom.xml

@@ -18,4 +18,13 @@
         <module>dongtai-api-gather-dubbo-api</module>
     </modules>
 
+    <dependencies>
+        <dependency>
+            <groupId>io.dongtai.iast</groupId>
+            <artifactId>dongtai-common</artifactId>
+            <version>${revision}</version>
+            <scope>compile</scope>
+        </dependency>
+    </dependencies>
+
 </project>