enhance(all module): closes #232, upgraded iast-* to dongtai-*, remove unnecessary code, etc.

.github/workflows/code-check.yml

@@ -32,6 +32,7 @@ on:
 jobs:
   Cache-Dependencies:
     name: Cache dependencies
+    if: github.repository == 'HXSecurity/DongTai-agent-java'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
@@ -140,7 +141,7 @@ jobs:
       - run: |
           ossutil cp -rf release/iast-agent.jar oss://dongtai/agent_test/java/iast-agent.jar --meta x-oss-object-acl:public-read
           ossutil cp -rf release/lib/ oss://dongtai/agent_test/java/ --meta x-oss-object-acl:public-read
-          
+
       - name: Trigger Openapi Workflow
         uses: benc-uk/workflow-dispatch@v1
         with:

.github/workflows/codeql-analysis.yml

@@ -41,6 +41,7 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    if: github.repository == 'HXSecurity/DongTai-agent-java'
     permissions:
       actions: read
       contents: read
@@ -52,26 +53,26 @@ jobs:
         language: [ 'java' ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
 
-    - name: Set up JDK 1.8
-      uses: actions/setup-java@v1
-      with:
-        java-version: 1.8
-
-    - name: Set up Maven
-      uses: stCarolas/setup-maven@v4
-      with:
-        maven-version: 3.2.5
+      - name: Set up JDK 1.8
+        uses: actions/setup-java@v1
+        with:
+          java-version: 1.8
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
+      - name: Set up Maven
+        uses: stCarolas/setup-maven@v4
+        with:
+          maven-version: 3.2.5
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/release-agent.yml

@@ -7,6 +7,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    if: github.repository == 'HXSecurity/DongTai-agent-java'
     permissions:
       contents: write
       packages: write
@@ -39,7 +40,7 @@ jobs:
           cd ${{ github.workspace }}/release/lib/ && \
           echo "${{ github.event.repository.name }},version,${{ steps.release.outputs.VERSION }}" >> version.txt && \
           echo "${{ github.event.repository.name }},commit_hash,${GITHUB_SHA}" >> version.txt && \
-          files=('iast-core.jar') && \
+          files=('dongtai-core.jar') && \
           for FILE in ${files[@]};do FILE_HASH=`sha256sum ${FILE} | awk '{print $1}'`; echo "${{ github.event.repository.name }},${FILE},${FILE_HASH}" >> version.txt; done \
 
       - uses: manyuanrong/setup-ossutil@v2.0
@@ -53,5 +54,5 @@ jobs:
           ossutil cp version.txt oss://huoqi-public/iast/release-version/${{ github.event.repository.name }}/${{ steps.release.outputs.VERSION }}/version.txt
 
       - run: |
-          ossutil cp -rf release/iast-agent.jar oss://dongtai/agent/java/iast-agent.jar --meta x-oss-object-acl:public-read
+          ossutil cp -rf release/dongtai-agent.jar oss://dongtai/agent/java/dongtai-agent.jar --meta x-oss-object-acl:public-read
           ossutil cp -rf release/lib/ oss://dongtai/agent/java/ --meta x-oss-object-acl:public-read

.github/workflows/scripts/benchmark-test.sh

@@ -9,11 +9,11 @@ echo "build benchmark with dongtai"
 mvn clean package cargo:start -Pdeploywdongtai
 
 echo "copy local package to temp directory"
-cp ../DongTai-agent-java/release/iast-agent.jar tools/DongTai/dongtai.jar
+cp ../DongTai-agent-java/release/dongtai-agent.jar tools/DongTai/dongtai.jar
 cp ../DongTai-agent-java/release/lib/*.jar target/cargo/installs/apache-tomcat-8.5.70/apache-tomcat-8.5.70/temp
 
 echo "run benchmark in backend"
-export JAVA_TOOL_OPTIONS="-Dproject.create=true -Ddongtai.app.name=$1 -Dproject.version=$2"
+export JAVA_TOOL_OPTIONS="-Ddongtai.app.create=true -Ddongtai.app.name=$1 -Ddongtai.app.version=$2"
 nohup mvn package cargo:run -Pdeploywdongtai &
 
 echo "wait for benchmark start..."

.github/workflows/scripts/openrasp-test.sh

@@ -6,7 +6,7 @@ wget https://github.com/exexute/github_action_samples/releases/download/1.0.0/ap
 unzip apache-tomcat-8.5.40.zip 1>/dev/null
 
 echo "copy dongtai agent java to tomcat..."
-cp DongTai-agent-java/release/iast-agent.jar apache-tomcat-8.5.40/iast/agent.jar
+cp DongTai-agent-java/release/dongtai-agent.jar apache-tomcat-8.5.40/iast/agent.jar
 cp DongTai-agent-java/release/lib/*.jar apache-tomcat-8.5.40/temp/
 cd apache-tomcat-8.5.40
 
@@ -19,7 +19,7 @@ mysql -uroot -pyuhjnbGYUI -h127.0.0.1 -e "FLUSH PRIVILEGES;"
 mysql -uroot -pyuhjnbGYUI -h127.0.0.1 -e 'show DATABASES;'
 
 echo "start catalina and waitting 30s..."
-export JAVA_TOOL_OPTIONS="-Dproject.create=true -Ddongtai.app.name=$1 -Dproject.version=$2"
+export JAVA_TOOL_OPTIONS="-Ddongtai.app.create=true -Ddongtai.app.name=$1 -Ddongtai.app.version=$2"
 ./bin/startup.sh 2>/dev/null
 
 check_times=0

.github/workflows/scripts/version_update.sh

@@ -3,10 +3,10 @@ NEW_VERSION=$1
 
 echo "curent path: `pwd`, change version $OLD_VERSION to $NEW_VERSION"
 
-sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" dongtai-jakarta-api/src/main/java/cn/huoxian/iast/api/ResponseWrapper.java
-sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" dongtai-servlet-api/src/main/java/cn/huoxian/iast/api/ResponseWrapper.java
-sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" iast-agent/src/main/java/com/secnium/iast/agent/Constant.java
-sed -i "s/$OLD_VERSION/$NEW_VERSION/g" iast-agent/src/main/resources/iast.properties
+sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" dongtai-api/src/main/io/dongtai/api/jakarta/JakartaResponseWrapper.java
+sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" dongtai-api/src/main/io/dongtai/api/servlet2/ServletResponseWrapper.java
+sed -i "s/v$OLD_VERSION/v$NEW_VERSION/g" dongtai-agent/src/main/java/com/secnium/iast/agent/Constant.java
+sed -i "s/$OLD_VERSION/$NEW_VERSION/g" dongtai-agent/src/main/resources/iast.properties
 
 mvn -B package -Dmaven.test.skip=true
 

.gitignore

@@ -6,9 +6,9 @@
 
 ## for maven
 pom.xml.versionsBackup
-iast-core/target/
-iast-inject/target/
-iast-agent/target/
+dongtai-core/target/
+dongtai-spy/target/
+dongtai-agent/target/
 UnitText/target/
 target/
 **/dependency-reduced-pom.xml

README.md

@@ -17,11 +17,11 @@
 
 Dongtai-agent-java is DongTai Iast's data acquisition tool for Java applications. In a Java application with the iast agent added, the required data is collected by rewriting class bytecode, and then the data is sent to dongtai-OpenAPI service, and then the cloud engine processes the data to determine whether there are security holes.
 
-Dongtai-agent-java consists of `agent.jar`, `iast-core-jar`, `iast-inject. Jar` and `dongtai-servlet.jar`:
+Dongtai-agent-java consists of `agent.jar`, `dongtai-core-jar`, `dongtai-spy. Jar` and `dongtai-servlet.jar`:
 
 - `agent.jar` It is used to manage agent life cycle and configuration. The life cycle of the Agent includes downloading, installing, starting, stopping, restarting, and uninstalling the agent. Agent configuration includes application startup mode, vulnerability verification mode, whether to enable agent, etc.
-- `iast-core.jar ` The main functions of iast-core.jar are: bytecode piling, data collection, data preprocessing, data reporting, third-party component management, etc.
-- `iast-inject.jar` It is used to inject into the BootStrap ClassLoader. The data collection method in 'iast-core.jar' is then invoked in the target application.
+- `dongtai-core.jar ` The main functions of dongtai-core.jar are: bytecode piling, data collection, data preprocessing, data reporting, third-party component management, etc.
+- `dongtai-inject.jar` It is used to inject into the BootStrap ClassLoader. The data collection method in 'iast-core.jar' is then invoked in the target application.
 - `dongtai-servlet.jar` It is used to obtain the requests sent by the application and the responses received. It is used for data display and request replay.
 
 ## Application Scenarios
@@ -58,20 +58,20 @@ Please refer to the [Quick Start](https://doc.dongtai.io).
 
    ```
    release
-   ├── iast-agent.jar
+   ├── dongtai-agent.jar
    └── lib
        ├── dongtai-servlet.jar
-       ├── iast-core.jar
-       └── iast-inject.jar
+       ├── dongtai-core.jar
+       └── dongtai-spy.jar
    ```
 
-5. Copy `iast-core.jar`、`iast-inject.jar`、`dongtai-servlet.jar` to the system temporary directory. Get the system temporary directory to run the following Java code:
+5. Copy `dongtai-core.jar`、`dongtai-spy.jar`、`dongtai-servlet.jar` to the system temporary directory. Get the system temporary directory to run the following Java code:
 
    ```
    System.getProperty("java.io.tmpdir");
    ```
 
-6. Run the application and test the code (for example, SpringBoot) : `java -javaagent:/path/to/iast-agent.jar -Ddongtai.debug=true -jar app.jar`
+6. Run the application and test the code (for example, SpringBoot) : `java -javaagent:/path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar`
 
 7. Contribute code. If you want to contribute code to the DongTai IAST team, please read the full [contribution guide](https://github.com/HXSecurity/DongTai/blob/main/CONTRIBUTING.md).
 

README_CN.md

@@ -16,13 +16,13 @@
 
 ## 项目介绍
 
-DongTai-agent-java 是**洞态IAST** 针对 Java 应用开发的数据采集端。在添加 iast-agent 代理的 Java 应用中，通过改写类字节码的方式采集所需数据，然后将数据发送至 DongTai-openapi 服务，再由云端引擎处理数据判断是否存在安全漏洞。
+DongTai-agent-java 是**洞态IAST** 针对 Java 应用开发的数据采集端。在添加 dongtai-agent 代理的 Java 应用中，通过改写类字节码的方式采集所需数据，然后将数据发送至 DongTai-openapi 服务，再由云端引擎处理数据判断是否存在安全漏洞。
 
-DongTai-agent-java 由`agent.jar`、`iast-core.jar `、`iast-inject.jar`、`dongtai-servlet.jar`四部分构成，其中：
+DongTai-agent-java 由`agent.jar`、`dongtai-core.jar `、`dongtai-inject.jar`、`dongtai-servlet.jar`四部分构成，其中：
 
 - `agent.jar`用来管理 agent 的生命周期和配置。agent 的生命周期包括下载、安装、启动、停止、重启、卸载。agent 的配置包括配置应用启动模式、漏洞检验模式、是否开启代理等。
-- `iast-core.jar`是核心 jar 包，其主要功能是：字节码插桩、数据采集、数据预处理、数据上报、第三方组件管理等。
-- `iast-inject.jar`是间谍 jar 包，用于注入至`BootStrap ClassLoader`，后续在目标应用中调用`iast-core.jar`中的数据采集方法
+- `dongtai-core.jar`是核心 jar 包，其主要功能是：字节码插桩、数据采集、数据预处理、数据上报、第三方组件管理等。
+- `dongtai-inject.jar`是间谍 jar 包，用于注入至`BootStrap ClassLoader`，后续在目标应用中调用`dongtai-core.jar`中的数据采集方法
 - `dongtai-servlet.jar`用于获取应用发送的请求以及收到的响应，用于数据展示以及请求重放功能。
 
 ## 应用场景
@@ -62,20 +62,20 @@ DongTai-agent-java 由`agent.jar`、`iast-core.jar `、`iast-inject.jar`、`dong
 
    ```
    release
-   ├── iast-agent.jar
+   ├── dongtai-agent.jar
    └── lib
        ├── dongtai-servlet.jar
-       ├── iast-core.jar
-       └── iast-inject.jar
+       ├── dongtai-core.jar
+       └── dongtai-inject.jar
    ```
 
-5. 拷贝`iast-core.jar`、`iast-inject.jar`、`dongtai-servlet.jar`到系统临时目录。获取系统临时目录可运行以下 Java 代码：
+5. 拷贝`dongtai-core.jar`、`dongtai-inject.jar`、`dongtai-servlet.jar`到系统临时目录。获取系统临时目录可运行以下 Java 代码：
 
    ```java
    System.getProperty("java.io.tmpdir");
    ```
 
-6. 运行应用，测试代码（以SpringBoot应用为例）：`java -javaagent:/path/to/iast-agent.jar -Ddongtai.debug=true -jar app.jar`
+6. 运行应用，测试代码（以SpringBoot应用为例）：`java -javaagent:/path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar`
 
 7. 贡献代码。如果您想要向洞态 IAST 团队贡献代码，请阅读完整的[贡献指南](https://github.com/HXSecurity/DongTai/blob/main/CONTRIBUTING.md)
 

iast-agent/pom.xml → dongtai-agent/pom.xml

@@ -5,12 +5,12 @@
     <modelVersion>4.0.0</modelVersion>
 
     <parent>
-        <groupId>com.secnium.iast</groupId>
+        <groupId>io.dongtai.iast</groupId>
         <artifactId>iast</artifactId>
-        <version>1.2.0</version>
+        <version>1.3.0</version>
     </parent>
-    <artifactId>iast-agent</artifactId>
-    <name>iast-agent</name>
+    <artifactId>dongtai-agent</artifactId>
+    <name>dongtai-agent</name>
 
     <dependencies>
         <!-- for com.sun.tools.attach.VirtualMachine api -->
@@ -55,14 +55,14 @@
         </dependency>
 
         <dependency>
-            <groupId>com.secnium.iast</groupId>
-            <artifactId>iast-log</artifactId>
-            <version>1.2.0</version>
+            <groupId>io.dongtai.iast</groupId>
+            <artifactId>dongtai-log</artifactId>
+            <version>1.3.0</version>
         </dependency>
     </dependencies>
 
     <build>
-        <finalName>iast-agent</finalName>
+        <finalName>dongtai-agent</finalName>
         <plugins>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -90,7 +90,7 @@
                             <Main-Class>com.secnium.iast.agent.Agent</Main-Class>
                             <Can-Redefine-Classes>true</Can-Redefine-Classes>
                             <Can-Retransform-Classes>true</Can-Retransform-Classes>
-                            <Built-By>LingZhi Secnium</Built-By>
+                            <Built-By>DongTai</Built-By>
                         </manifestEntries>
                     </archive>
                 </configuration>
@@ -146,7 +146,7 @@
                             <tasks>
                                 <copy todir="./../release">
                                     <fileset dir="target/">
-                                        <include name="iast-agent.jar"/>
+                                        <include name="dongtai-agent.jar"/>
                                     </fileset>
                                 </copy>
                             </tasks>
@@ -157,6 +157,14 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>6</source>
+                    <target>6</target>
+                </configuration>
+            </plugin>
         </plugins>
     </build>
 

iast-agent/src/main/java/com/secnium/iast/agent/IastClassLoader.java → dongtai-agent/src/main/java/com/secnium/iast/agent/IastClassLoader.java

@@ -19,13 +19,10 @@
 public class IastClassLoader extends URLClassLoader {
 
     private final String toString;
-    private final String path;
 
-    public IastClassLoader(final String namespace,
-            final String jarFilePath) throws MalformedURLException {
+    public IastClassLoader(final String jarFilePath) throws MalformedURLException {
         super(new URL[]{new URL("file:" + jarFilePath)});
-        this.path = jarFilePath;
-        this.toString = String.format("IastClassLoader[namespace=%s;path=%s;]", namespace, path);
+        this.toString = String.format("IastClassLoader[path=%s;]", jarFilePath);
     }
 
     @Override

iast-agent/src/main/java/com/secnium/iast/agent/IastProperties.java → dongtai-agent/src/main/java/com/secnium/iast/agent/IastProperties.java

@@ -1,7 +1,6 @@
 package com.secnium.iast.agent;
 
 import com.secnium.iast.log.DongTaiLog;
-
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -172,7 +171,13 @@ public int getProxyPort() {
 
     public Integer isAutoCreateProject() {
         if (null == isAutoCreateProject) {
-            String result = System.getProperty("project.create", cfg.getProperty("project.create", "false"));
+            String result = System.getProperty(
+                    "dongtai.app.create",
+                    System.getProperty(
+                            "project.create",
+                            cfg.getProperty("project.create", "false")
+                    )
+            );
             if ("false".equals(result)) {
                 isAutoCreateProject = 0;
             } else if ("true".equals(result)) {
@@ -183,7 +188,13 @@ public Integer isAutoCreateProject() {
     }
 
     public String getProjectVersion() {
-        return System.getProperty("project.version", cfg.getProperty("project.version", "V1.0"));
+        return System.getProperty(
+                "dongtai.app.version",
+                System.getProperty(
+                        "project.version",
+                        cfg.getProperty("project.version", "V1.0")
+                )
+        );
     }
 
     private String getDebugFlag() {