Merge pull request HXSecurity#579 from Nizernizer/fix/clean-code

Fix/clean code

dongtai-agent/src/main/java/io/dongtai/iast/agent/IastClassLoader.java

@@ -50,8 +50,7 @@ protected synchronized Class<?> loadClass(String name, boolean resolve) throws C
             return loadedClass;
         }
 
-        if (!name.startsWith("io.dongtai") && !name.startsWith("com.secnium")
-                && !name.startsWith("cn.huoxian") && !name.startsWith("java.lang.iast")) {
+        if (!name.startsWith("io.dongtai") && !name.startsWith("java.lang.iast")) {
             return super.loadClass(name, resolve);
         }
 

dongtai-agent/src/main/java/io/dongtai/iast/agent/fallback/checker/MetricsBindCheckerEnum.java

@@ -33,7 +33,7 @@ public enum MetricsBindCheckerEnum {
     /**
      * 检查器类型
      */
-    private Class<? extends IPerformanceChecker> checker;
+    private final Class<? extends IPerformanceChecker> checker;
 
     /**
      * 描述

dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java

@@ -2,7 +2,6 @@
 
 import io.dongtai.iast.agent.*;
 import io.dongtai.iast.agent.fallback.FallbackManager;
-import io.dongtai.iast.agent.monitor.MonitorDaemonThread;
 import io.dongtai.iast.agent.report.AgentRegisterReport;
 import io.dongtai.iast.agent.util.*;
 import io.dongtai.iast.common.state.AgentState;
@@ -22,13 +21,10 @@
  */
 public class EngineManager {
 
-    private static final String ENGINE_ENTRYPOINT_CLASS = "com.secnium.iast.core.AgentEngine";
+    private static final String ENGINE_ENTRYPOINT_CLASS = "io.dongtai.iast.core.AgentEngine";
     private static final String INJECT_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-spy";
-    private static final String INJECT_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-spy-jdk6";
     private static final String ENGINE_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-core";
-    private static final String ENGINE_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-core-jdk6";
     private static final String API_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-api";
-    private static final String API_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-api-jdk6";
     private final static String TMP_DIR = IastProperties.getInstance().getTmpDir();
     private static IastClassLoader IAST_CLASS_LOADER;
     private static EngineManager INSTANCE;
@@ -187,7 +183,6 @@ public boolean install() {
      * 启动检测引擎
      */
     public boolean start() {
-        // 将Spy注入到BootstrapClassLoader，todo: 异常卸载时，需要特定处理spy模块
         try {
             if (classOfEngine != null) {
                 classOfEngine.getMethod("start").invoke(null);
@@ -207,7 +202,6 @@ public boolean start() {
      * @return 布尔值，表示stop成功或失败
      */
     public boolean stop() {
-        // 将Spy注入到BootstrapClassLoader，todo: 异常卸载时，需要特定处理spy模块
         try {
             if (classOfEngine != null) {
                 classOfEngine.getMethod("stop").invoke(null);

dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/jboss/JBoss.java

@@ -52,8 +52,7 @@ public String getVersion() {
                     if (matcher.find()) {
                         version = matcher.group(1);
                     }
-                } catch (IOException iOException) {
-                    ;
+                } catch (IOException ignored) {
                 }
             }
         }

dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/spring/Tomcat.java

@@ -10,8 +10,8 @@
  */
 public class Tomcat implements IServer {
 
-    private static String TOMCAT_BOOTSTAP = " org.apache.catalina.startup.Bootstrap".substring(1);
-    private static String TOMCAT_SERVER_INFO = " org.apache.catalina.util.ServerInfo".substring(1);
+    private static final String TOMCAT_BOOTSTAP = " org.apache.catalina.startup.Bootstrap".substring(1);
+    private static final String TOMCAT_SERVER_INFO = " org.apache.catalina.util.ServerInfo".substring(1);
     private String name;
     private String version;
 

dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/collector/MetricsBindCollectorEnum.java

@@ -31,7 +31,7 @@ public enum MetricsBindCollectorEnum {
     /**
      * 收集器类型
      */
-    private Class<? extends IPerformanceCollector> collector;
+    private final Class<? extends IPerformanceCollector> collector;
 
     /**
      * 描述

dongtai-agent/src/main/java/io/dongtai/iast/agent/report/AgentRegisterReport.java

@@ -17,7 +17,7 @@
 
 import java.io.*;
 import java.net.*;
-import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.util.Enumeration;
 import java.util.UUID;
 
@@ -58,7 +58,7 @@ private String generateAgentRegisterMsg() {
         object.put("language", AgentConstant.LANGUAGE);
         object.put("network", readIpInfo());
         object.put("serverEnv", Base64Encoder
-                .encodeBase64String(System.getProperties().toString().getBytes(Charset.forName("UTF-8")))
+                .encodeBase64String(System.getProperties().toString().getBytes(StandardCharsets.UTF_8))
                 .replaceAll("\n", "").replaceAll("\r", ""));
         object.put("containerName", null == server ? "" : server.getName());
         object.put("containerVersion", null == server ? "" : server.getVersion());

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/convertor/MethodConvertor.java

@@ -18,8 +18,8 @@
  */
 public class MethodConvertor {
 
-    private OpenApiSchemaConvertorManager manager;
-    private Method reflectionMethod;
+    private final OpenApiSchemaConvertorManager manager;
+    private final Method reflectionMethod;
 
     /**
      * @param manager

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/convertor/ServiceConvertor.java

@@ -17,8 +17,8 @@
  */
 public class ServiceConvertor {
 
-    private OpenApiSchemaConvertorManager manager;
-    private Class interfaceClass;
+    private final OpenApiSchemaConvertorManager manager;
+    private final Class interfaceClass;
 
     public ServiceConvertor(OpenApiSchemaConvertorManager manager, Class interfaceClass) {
         this.manager = manager;

dongtai-api-gather/dongtai-api-gather-dubbo-api/src/main/java/io/dongtai/iast/api/gather/dubbo/extractor/AbstractDubboServiceExtractor.java

@@ -27,7 +27,7 @@ public abstract class AbstractDubboServiceExtractor {
     private static final String DUBBO_PROTOCOL_NAME = "dubbo";
 
     // 每个Gather共享同一个Manager
-    private OpenApiSchemaConvertorManager manager;
+    private final OpenApiSchemaConvertorManager manager;
 
     public AbstractDubboServiceExtractor() {
         this.manager = new OpenApiSchemaConvertorManager();

dongtai-api-gather/dongtai-api-gather-openapi/src/main/java/io/dongtai/iast/api/openapi/convertor/ComponentDatabase.java

@@ -14,15 +14,15 @@
 public class ComponentDatabase {
 
     // 类到Schema的映射
-    private Map<Class, Schema> classToSchemaMap;
+    private final Map<Class, Schema> classToSchemaMap;
 
     // 已经发现了的类，用于避免重复处理，也避免碰到循环引用时递归爆栈
     private Set<Class> existsClassSet = new HashSet<>();
 
     // 符合类型的schema生成完毕的时候的回调方法，用于处理环形依赖
-    private Map<Class, List<Consumer<Schema>>> classSchemaDoneCallbackMap;
+    private final Map<Class, List<Consumer<Schema>>> classSchemaDoneCallbackMap;
 
-    private OpenApiSchemaConvertorManager manager;
+    private final OpenApiSchemaConvertorManager manager;
 
     public ComponentDatabase(OpenApiSchemaConvertorManager manager) {
         this.manager = manager;

dongtai-api-gather/dongtai-api-gather-spring-api/src/main/java/io/dongtai/iast/api/gather/spring/convertor/RequestMappingInfoConvertor.java

@@ -26,7 +26,7 @@ public class RequestMappingInfoConvertor {
     private final HandlerMethod handlerMethod;
 
     // 从方法中解析出的映射
-    private Map<String, Path> pathMap;
+    private final Map<String, Path> pathMap;
 
     public RequestMappingInfoConvertor(OpenApiSchemaConvertorManager manager, WebApplicationContext webApplicationContext, RequestMappingInfo requestMappingInfo, HandlerMethod handlerMethod) {
         this.manager = manager;
@@ -176,7 +176,7 @@ private Operation parseOperation() {
         operation.setOperationId(UUID.randomUUID().toString());
 
         // 全路径类名放在tags中
-        operation.setTags(Arrays.asList(this.handlerMethod.getBeanType().getName()));
+        operation.setTags(Collections.singletonList(this.handlerMethod.getBeanType().getName()));
 
         try {
             // 解析HandlerMethod

dongtai-common/src/main/java/io/dongtai/iast/common/utils/base64/CharacterEncoder.java

@@ -80,7 +80,7 @@ public void encode(InputStream var1, OutputStream var2) throws IOException {
 
     public void encode(byte[] var1, OutputStream var2) throws IOException {
         ByteArrayInputStream var3 = new ByteArrayInputStream(var1);
-        this.encode((InputStream) var3, var2);
+        this.encode(var3, var2);
     }
 
     public String encode(byte[] var1) {
@@ -89,7 +89,7 @@ public String encode(byte[] var1) {
         String var4 = null;
 
         try {
-            this.encode((InputStream) var3, var2);
+            this.encode(var3, var2);
             var4 = var2.toString("8859_1");
             return var4;
         } catch (Throwable e) {
@@ -157,15 +157,15 @@ public void encodeBuffer(InputStream var1, OutputStream var2) throws IOException
 
     public void encodeBuffer(byte[] var1, OutputStream var2) throws IOException {
         ByteArrayInputStream var3 = new ByteArrayInputStream(var1);
-        this.encodeBuffer((InputStream) var3, var2);
+        this.encodeBuffer(var3, var2);
     }
 
     public String encodeBuffer(byte[] var1) {
         ByteArrayOutputStream var2 = new ByteArrayOutputStream();
         ByteArrayInputStream var3 = new ByteArrayInputStream(var1);
 
         try {
-            this.encodeBuffer((InputStream) var3, var2);
+            this.encodeBuffer(var3, var2);
         } catch (Throwable e) {
             DongTaiLog.trace("CharacterEncoder.encodeBuffer internal error: {}, {}",
                     e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : "");

dongtai-common/src/main/java/io/dongtai/iast/common/utils/serialize/SerializeUtils.java

@@ -14,7 +14,7 @@ public class SerializeUtils {
 
     private static final String DEFAULT_CHARSET = "ISO-8859-1";
 
-    private static List<Class<?>> DEFAULT_SAFE_CLASSES = new ArrayList<Class<?>>() {
+    private static final List<Class<?>> DEFAULT_SAFE_CLASSES = new ArrayList<Class<?>>() {
         private static final long serialVersionUID = -2140605358789870025L;
 
         {

dongtai-core/pom.xml

@@ -250,14 +250,6 @@
             <version>${pkg.jdom.version}</version>
             <scope>test</scope>
         </dependency>
-        <!-- xom dependency xalan will cause feature secure-processing failed
-        <dependency>
-            <groupId>xom</groupId>
-            <artifactId>xom</artifactId>
-            <version>${pkg.xom.version}</version>
-            <scope>test</scope>
-        </dependency>
-        -->
     </dependencies>
 
 </project>

dongtai-core/src/main/java/com/secnium/iast/core/AgentEngine.java → dongtai-core/src/main/java/io/dongtai/iast/core/AgentEngine.java

@@ -1,14 +1,16 @@
-package com.secnium.iast.core;
+package io.dongtai.iast.core;
 
 import io.dongtai.iast.common.constants.AgentConstant;
 import io.dongtai.iast.common.state.AgentState;
 import io.dongtai.iast.common.state.State;
-import io.dongtai.iast.core.EngineManager;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyManager;
 import io.dongtai.iast.core.init.IEngine;
 import io.dongtai.iast.core.init.impl.ConfigEngine;
 import io.dongtai.iast.core.init.impl.TransformEngine;
-import io.dongtai.iast.core.service.*;
+import io.dongtai.iast.core.service.ServiceDirReport;
+import io.dongtai.iast.core.service.ServiceFactory;
+import io.dongtai.iast.core.service.StartUpTimeReport;
+import io.dongtai.iast.core.service.ThreadPools;
 import io.dongtai.iast.core.utils.PropertyUtils;
 import io.dongtai.log.DongTaiLog;
 import io.dongtai.log.ErrorCode;

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/IastClassFileTransformer.java

@@ -133,9 +133,7 @@ public byte[] transform(final ClassLoader loader,
 
         if (internalClassName == null
                 || internalClassName.startsWith("io/dongtai/")
-                || internalClassName.startsWith("com/secnium/iast/")
                 || internalClassName.startsWith("java/lang/iast/")
-                || internalClassName.startsWith("cn/huoxian/iast/")
                 || internalClassName.startsWith("META-INF/")
                 || "module-info".equals(internalClassName)) {
             return null;

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/adapter/PropagatorAdapter.java

@@ -54,21 +54,13 @@ private void enterScope(MethodAdviceAdapter adapter, String signature, PolicyNod
         }
 
         adapter.invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
-        if (PropagatorImpl.isSkipScope(signature)) {
-            adapter.push(true);
-        } else {
-            adapter.push(false);
-        }
+        adapter.push(PropagatorImpl.isSkipScope(signature));
         adapter.invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$enterPropagator);
     }
 
     private void leaveScope(MethodAdviceAdapter adapter, String signature, PolicyNode policyNode) {
         adapter.invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
-        if (PropagatorImpl.isSkipScope(signature)) {
-            adapter.push(true);
-        } else {
-            adapter.push(false);
-        }
+        adapter.push(PropagatorImpl.isSkipScope(signature));
         adapter.invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$leavePropagator);
 
         if (policyNode.isIgnoreInternal()) {

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/PrintWriterAdapter.java

@@ -33,9 +33,6 @@ public MethodVisitor visitMethod(final int access, final String name, final Stri
     }
 
     private boolean isWrite(String name, String desc) {
-        if ("write".equals(name) && WRITE_DESC.contains(desc)) {
-            return true;
-        }
-        return false;
+        return "write".equals(name) && WRITE_DESC.contains(desc);
     }
 }

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletInputStreamAdapter.java

@@ -33,9 +33,6 @@ public MethodVisitor visitMethod(final int access, final String name, final Stri
     }
 
     private boolean isRead(String name, String desc) {
-        if ("read".equals(name) && READ_DESC.contains(desc)) {
-            return true;
-        }
-        return false;
+        return "read".equals(name) && READ_DESC.contains(desc);
     }
 }

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletOutputStreamAdapter.java

@@ -33,9 +33,6 @@ public MethodVisitor visitMethod(final int access, final String name, final Stri
     }
 
     private boolean isWrite(String name, String desc) {
-        if ("write".equals(name) && WRITE_DESC.contains(desc)) {
-            return true;
-        }
-        return false;
+        return "write".equals(name) && WRITE_DESC.contains(desc);
     }
 }

dongtai-core/src/main/java/io/dongtai/iast/core/handler/bypass/BlackUrlBypass.java

@@ -4,7 +4,7 @@
 
 public class BlackUrlBypass {
 
-    private static BooleanThreadLocal isBlackUrl = new BooleanThreadLocal(false);
+    private static final BooleanThreadLocal isBlackUrl = new BooleanThreadLocal(false);
 
     public static Boolean isBlackUrl() {
         return isBlackUrl.get();

dongtai-core/src/main/java/io/dongtai/iast/core/handler/context/ContextManager.java

@@ -4,7 +4,7 @@
  * @author owefsad
  */
 public class ContextManager {
-    private static ThreadLocal<TracingContext> CONTEXT = new ThreadLocal<TracingContext>();
+    private static final ThreadLocal<TracingContext> CONTEXT = new ThreadLocal<>();
 
     public static ThreadLocal<TracingContext> getContext() {
         return CONTEXT;

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java

@@ -1,6 +1,6 @@
 package io.dongtai.iast.core.handler.hookpoint;
 
-import com.secnium.iast.core.AgentEngine;
+import io.dongtai.iast.core.AgentEngine;
 import io.dongtai.iast.common.config.ConfigBuilder;
 import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.common.scope.Scope;

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/api/DubboApiGatherThread.java

@@ -18,9 +18,9 @@ public class DubboApiGatherThread extends AbstractApiGatherThread {
     public static final String PLUGIN_NAME = "dubbo-api";
 
     // Dubbo的包名是alibaba还是apache的
-    public static enum DubboPackage {
+    public enum DubboPackage {
         ALIBABA,
-        APACHE;
+        APACHE
     }
 
     // avoid lock

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/BodyBuffer.java

@@ -3,19 +3,9 @@
 import java.io.ByteArrayOutputStream;
 
 public class BodyBuffer {
-    private static ThreadLocal<ByteArrayOutputStream> REQUEST_STREAM = new ThreadLocal<ByteArrayOutputStream>() {
-        @Override
-        public ByteArrayOutputStream initialValue() {
-            return new ByteArrayOutputStream(65535);
-        }
-    };
+    private static final ThreadLocal<ByteArrayOutputStream> REQUEST_STREAM = ThreadLocal.withInitial(() -> new ByteArrayOutputStream(65535));
 
-    private static ThreadLocal<ByteArrayOutputStream> RESPONSE_STREAM = new ThreadLocal<ByteArrayOutputStream>() {
-        @Override
-        public ByteArrayOutputStream initialValue() {
-            return new ByteArrayOutputStream(65535);
-        }
-    };
+    private static final ThreadLocal<ByteArrayOutputStream> RESPONSE_STREAM = ThreadLocal.withInitial(() -> new ByteArrayOutputStream(65535));
 
     public ByteArrayOutputStream getRequest() {
         return REQUEST_STREAM.get();

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java

@@ -90,7 +90,7 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
                         setHeaderMethod.invoke(resp, versionHeaderKey, AgentConstant.VERSION_VALUE);
                     }
                     if (dastMarkHeader != null) {
-                        String reqId = String.valueOf(EngineManager.getAgentId()) + "."
+                        String reqId = EngineManager.getAgentId() + "."
                                 + UUID.randomUUID().toString().replaceAll("-", "");
                         setHeaderMethod.invoke(resp, "dt-request-id", reqId);
                     }
@@ -205,7 +205,7 @@ public static void solveHttpResponse(Object obj, Object req, Object resp, Collec
 
         Map<String, Collection<String>> headers = parseResponseHeaders(resp, headerNames);
         EngineManager.REQUEST_CONTEXT.get().put("responseStatus",
-                (String) EngineManager.REQUEST_CONTEXT.get().get("protocol") + " " + status);
+                EngineManager.REQUEST_CONTEXT.get().get("protocol") + " " + status);
         EngineManager.REQUEST_CONTEXT.get().put("responseHeaders", headers);
     }