Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix bug: /api/v1/report/upload type:33 #118

Merged
merged 2 commits into from
Nov 2, 2021
Merged

fix bug: /api/v1/report/upload type:33 #118

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b465709
fix bug: /api/v1/report/upload type:33
Oct 27, 2021
21a381f
fix bug: /api/v1/report/upload type:33
Oct 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion iast-core/src/main/java/com/secnium/iast/core/handler/vulscan/ReportConstant.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,11 @@ public class ReportConstant {
public static final String AGENT_ID = "agentId";
public static final String PROJECT_NAME = "projectName";
public static final String AGENT_VERSION = "version";
public static final String AGENT_REPORT_VERSION = "agentVersion";
public static final String AGENT_VERSION_VALUE = "v1.0.6";
public static final String CONTAINER = "container";
public static final String APP_NAME = "appName";
public static final String APP_PATH = "appPath";

public static final String PID = "pid";
public static final String NETWORK = "network";
Expand All @@ -39,6 +42,7 @@ public class ReportConstant {
public static final String CONTAINER_VERSION = "containerVersion";
public static final String SERVER_PATH = "serverPath";
public static final String SERVER_ADDR = "serverAddr";
public static final String SERVER_NAME = "serverName";
public static final String SERVER_PORT = "serverPort";
public static final String HOSTNAME = "hostname";

Expand All @@ -50,21 +54,34 @@ public class ReportConstant {
public static final String COMMON_SERVER_NAME = "server_name";
public static final String COMMON_SERVER_PORT = "server_port";
public static final String PROTOCOL = "protocol";
public static final String HTTP_PROTOCOL = "httpProtocol";
public static final String SCHEME = "scheme";
public static final String HTTP_SCHEME = "httpScheme";
public static final String METHOD = "method";
public static final String HTTP_METHOD = "httpMethod";
public static final String SECURE = "secure";
public static final String HTTP_SECURE = "httpSecure";
public static final String URL = "url";
public static final String HTTP_URL = "httpUrl";
public static final String URI = "uri";
public static final String HTTP_URI = "httpUri";
public static final String QUERY_STRING = "queryString";
public static final String HTTP_QUERY_STRING = "httpQueryString";
public static final String REQ_HEADER = "reqHeader";
public static final String HTTP_REQ_HEADER = "httpReqHeader";
public static final String REQ_BODY = "reqBody";
public static final String HTTP_BODY = "httpBody";
public static final String CLIENT_IP = "clientIp";
public static final String HTTP_CLIENT_IP = "httpClientIp";
public static final String CONTEXT_PATH = "contextPath";
public static final String RES_HEADER = "resHeader";
public static final String HTTP_RES_HEADER = "httpResHeader";
public static final String RES_BODY = "resBody";
public static final String HTTP_RES_BODY = "httpResBody";
public static final String REPLAY_REQUEST = "replayRequest";
public static final String HTTP_REPLAY_REQUEST = "httpReplayRequest";
public static final String SERVER_ENV = "serverEnv";
public static final String VULN_CALLER = "app_caller";
public static final String VULN_CALLER = "appCaller";
public static final String SAAS_METHOD_POOL = "pool";

public static final String ERROR_LOG_DETAIL = "log";
Expand Down
60 changes: 47 additions & 13 deletions ...ore/src/main/java/com/secnium/iast/core/handler/vulscan/normal/AbstractNormalVulScan.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,16 @@
package com.secnium.iast.core.handler.vulscan.normal;

import com.secnium.iast.core.EngineManager;
import com.secnium.iast.core.PropertyUtils;
import com.secnium.iast.core.handler.vulscan.IVulScan;
import com.secnium.iast.core.handler.vulscan.ReportConstant;
import com.secnium.iast.core.report.AgentRegisterReport;
import com.secnium.iast.core.util.StackUtils;
import com.secnium.iast.core.util.base64.Base64Encoder;
import org.json.JSONObject;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Map;

/**
Expand All @@ -27,24 +30,32 @@ public void sendReport(StackTraceElement stack, String vulType) {
report.put(ReportConstant.REPORT_KEY, ReportConstant.REPORT_VULN_NORNAL);
report.put(ReportConstant.REPORT_VALUE_KEY, detail);

detail.put(ReportConstant.SERVER_NAME, null != EngineManager.SERVER ? EngineManager.SERVER.getServerAddr() : "");
detail.put(ReportConstant.SERVER_PORT, null != EngineManager.SERVER ? EngineManager.SERVER.getServerPort() : "");
detail.put(ReportConstant.SERVER_ENV, Base64Encoder.encodeBase64String(System.getProperties().toString().getBytes()).replaceAll("\n", ""));
detail.put(ReportConstant.HOSTNAME, getInternalHostName());
detail.put(ReportConstant.AGENT_REPORT_VERSION, ReportConstant.AGENT_VERSION_VALUE);
detail.put(ReportConstant.APP_NAME, PropertyUtils.getInstance().getProjectName());
detail.put(ReportConstant.APP_PATH, requestMeta.get("contextPath"));
// fixme taintValue taintPosition paramName container
detail.put(ReportConstant.VULN_TYPE, vulType);
detail.put(ReportConstant.LANGUAGE, ReportConstant.LANGUAGE_VALUE);
detail.put(ReportConstant.AGENT_ID, AgentRegisterReport.getAgentFlag());
detail.put(ReportConstant.PROTOCOL, requestMeta.get("protocol"));
detail.put(ReportConstant.SCHEME, requestMeta.get("scheme"));
detail.put(ReportConstant.METHOD, requestMeta.get("method"));
detail.put(ReportConstant.SECURE, requestMeta.get("secure"));
detail.put(ReportConstant.URL, requestMeta.get("requestURL").toString());
detail.put(ReportConstant.URI, requestMeta.get("requestURI"));
detail.put(ReportConstant.CLIENT_IP, requestMeta.get("remoteAddr"));
detail.put(ReportConstant.QUERY_STRING, requestMeta.get("queryString"));
detail.put(ReportConstant.REQ_HEADER, Base64Encoder.encodeBase64String(requestMeta.get("headers").toString().getBytes()).replaceAll("\n", ""));
detail.put(ReportConstant.REQ_BODY, requestMeta.get("body"));
detail.put(ReportConstant.HTTP_PROTOCOL, requestMeta.get("protocol"));
detail.put(ReportConstant.HTTP_SCHEME, requestMeta.get("scheme"));
detail.put(ReportConstant.HTTP_METHOD, requestMeta.get("method"));
detail.put(ReportConstant.HTTP_SECURE, requestMeta.get("secure"));
detail.put(ReportConstant.HTTP_URL, requestMeta.get("requestURL").toString());
detail.put(ReportConstant.HTTP_URI, requestMeta.get("requestURI"));
detail.put(ReportConstant.HTTP_CLIENT_IP, requestMeta.get("remoteAddr"));
detail.put(ReportConstant.HTTP_QUERY_STRING, requestMeta.get("queryString"));
detail.put(ReportConstant.HTTP_REQ_HEADER, Base64Encoder.encodeBase64String(requestMeta.get("headers").toString().getBytes()).replaceAll("\n", ""));
detail.put(ReportConstant.HTTP_BODY, requestMeta.get("body"));
// fixme add response
detail.put(ReportConstant.RES_HEADER, "");
detail.put(ReportConstant.RES_BODY, "");
detail.put(ReportConstant.HTTP_RES_HEADER, "");
detail.put(ReportConstant.HTTP_RES_BODY, "");
detail.put(ReportConstant.CONTEXT_PATH, requestMeta.get("contextPath"));
detail.put(ReportConstant.REPLAY_REQUEST, requestMeta.get("replay-request"));
detail.put(ReportConstant.HTTP_REPLAY_REQUEST, requestMeta.get("replay-request"));
detail.put(ReportConstant.VULN_CALLER, stack);

EngineManager.sendNewReport(report.toString());
Expand All @@ -53,4 +64,27 @@ public void sendReport(StackTraceElement stack, String vulType) {
protected StackTraceElement getLatestStack() {
return StackUtils.getLatestStack(10);
}

private String getInternalHostName() {
if (System.getenv("COMPUTERNAME") != null) {
return System.getenv("COMPUTERNAME");
} else {
return getHostNameForLinux();
}
}

private String getHostNameForLinux() {
try {
return (InetAddress.getLocalHost()).getHostName();
} catch (UnknownHostException uhe) {
String host = uhe.getMessage();
if (host != null) {
int colon = host.indexOf(':');
if (colon > 0) {
return host.substring(0, colon);
}
}
return "UnknownHost";
}
}
}