Merge pull request #483 from HXSecurity/beta

1.9.0-beta1

.github/workflows/code-check.yml

@@ -5,9 +5,13 @@ name: Build Agent and Upload To OSS
 
 on:
   push:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
   pull_request:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'

.github/workflows/codeql-analysis.yml

@@ -13,7 +13,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'
@@ -24,7 +26,9 @@ on:
       - 'LICENSE'
       - '.gitignore'
   pull_request:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'

dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java

@@ -1,7 +1,7 @@
 package io.dongtai.iast.common.constants;
 
 public class AgentConstant {
-    public static final String VERSION_VALUE = "v1.8.2";
+    public static final String VERSION_VALUE = "v1.9.0-beta1";
     public static final String LANGUAGE = "JAVA";
     public static final String THREAD_NAME_PREFIX = "DongTai-IAST-";
     public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-";

dongtai-common/src/main/java/io/dongtai/iast/common/scope/Scope.java

@@ -5,6 +5,9 @@ public enum Scope {
     HTTP_ENTRY(2),
     SERVLET_INPUT_STREAM_READ(3),
     SERVLET_OUTPUT_WRITE(4),
+    DUBBO_REQUEST(5),
+    DUBBO_ENTRY(6),
+    DUBBO_SOURCE(7),
     ;
 
     private final int id;

dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeAggregator.java

@@ -3,6 +3,9 @@
 public class ScopeAggregator {
     private final GeneralScope httpRequestScope = new GeneralScope();
     private final GeneralScope httpEntryScope = new GeneralScope();
+    private final GeneralScope dubboRequestScope = new GeneralScope();
+    private final GeneralScope dubboEntryScope = new GeneralScope();
+    private final GeneralScope dubboSourceScope = new GeneralScope();
     private final GeneralScope servletInputStreamReadScope = new GeneralScope();
     private final GeneralScope servletOutputStreamWriteScope = new GeneralScope();
     private final PolicyScope policyScope = new PolicyScope();
@@ -15,6 +18,18 @@ public GeneralScope getHttpEntryScope() {
         return httpEntryScope;
     }
 
+    public GeneralScope getDubboRequestScope() {
+        return dubboRequestScope;
+    }
+
+    public GeneralScope getDubboEntryScope() {
+        return dubboEntryScope;
+    }
+
+    public GeneralScope getDubboSourceScope() {
+        return dubboSourceScope;
+    }
+
     public GeneralScope getServletInputStreamReadScope() {
         return servletInputStreamReadScope;
     }

dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeTracker.java

@@ -16,13 +16,19 @@ public GeneralScope getScope(Scope scope) {
                 return this.get().getServletInputStreamReadScope();
             case SERVLET_OUTPUT_WRITE:
                 return this.get().getServletOutputStreamWriteScope();
+            case DUBBO_REQUEST:
+                return this.get().getDubboRequestScope();
+            case DUBBO_ENTRY:
+                return this.get().getDubboEntryScope();
+            case DUBBO_SOURCE:
+                return this.get().getDubboSourceScope();
             default:
                 return null;
         }
     }
 
     public boolean inEnterEntry() {
-        return this.get().getHttpEntryScope().in();
+        return this.get().getHttpEntryScope().in() || this.get().getDubboRequestScope().in();
     }
 
     public PolicyScope getPolicyScope() {

dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java

@@ -140,4 +140,12 @@ public static void enterHttpEntry(Map<String, Object> requestMeta) {
         TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
         ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter();
     }
+
+    public static void enterDubboEntry(Map<String, Object> requestMeta) {
+        REQUEST_CONTEXT.set(requestMeta);
+        TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));
+        TAINT_HASH_CODES.set(new HashSet<Integer>());
+        TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
+        ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter();
+    }
 }

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java

@@ -4,8 +4,8 @@
 
 import java.lang.dongtai.SpyDispatcher;
 import java.lang.dongtai.SpyDispatcherHandler;
-import java.util.Collection;
-import java.util.Enumeration;
+import java.net.InetSocketAddress;
+import java.util.*;
 
 /**
  * 常用的ASM method 集合 省得我到处声明
@@ -132,6 +132,54 @@ static Method getAsmMethod(final Class<?> clazz,
             int.class
     );
 
+    Method SPY$enterDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "enterDubbo"
+    );
+    Method SPY$leaveDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "leaveDubbo",
+            Object.class,
+            Object.class
+    );
+    Method SPY$isFirstLevelDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "isFirstLevelDubbo"
+    );
+    Method SPY$collectDubboRequest = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboRequest",
+            Object.class,
+            Object.class,
+            Object.class,
+            String.class,
+            InetSocketAddress.class,
+            boolean.class,
+            boolean.class,
+            boolean.class,
+            boolean.class
+    );
+
+    Method SPY$collectDubboRequestSource = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboRequestSource",
+            Object.class,
+            Object.class,
+            String.class,
+            Object[].class,
+            Map.class,
+            String.class,
+            String.class,
+            String.class
+    );
+
+    Method SPY$collectDubboResponse = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboResponse",
+            Object.class,
+            byte.class
+    );
+
     Method SPY$enterSource = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "enterSource"
@@ -209,6 +257,19 @@ static Method getAsmMethod(final Class<?> clazz,
             String.class
     );
 
+    Method SPY$traceDubboInvoke = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "traceDubboInvoke",
+            Object.class,
+            String.class,
+            Object.class,
+            Object[].class,
+            Map.class,
+            String.class,
+            String.class,
+            String.class
+    );
+
     Method SPY$reportService = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "reportService",

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java

@@ -3,6 +3,7 @@
 import io.dongtai.iast.core.bytecode.enhance.ClassContext;
 import io.dongtai.iast.core.bytecode.enhance.plugin.authentication.shiro.DispatchShiro;
 import io.dongtai.iast.core.bytecode.enhance.plugin.core.DispatchClassPlugin;
+import io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo.DispatchDubbo;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.feign.DispatchFeign;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.j2ee.dispatch.DispatchJ2ee;
 import io.dongtai.iast.core.bytecode.enhance.plugin.hardcoded.DispatchHardcodedPlugin;
@@ -34,6 +35,7 @@ public PluginRegister() {
         this.plugins.add(new DispatchJdbc());
         this.plugins.add(new DispatchShiro());
         this.plugins.add(new DispatchFeign());
+        this.plugins.add(new DispatchDubbo());
 
         this.plugins.add(new DispatchClassPlugin());
     }

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DispatchDubbo.java

@@ -0,0 +1,39 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.DispatchPlugin;
+import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy;
+import org.objectweb.asm.ClassVisitor;
+
+public class DispatchDubbo implements DispatchPlugin {
+    public static final String ALIBABA_DUBBO_SYNC_HANDLER = " com.alibaba.dubbo.rpc.listener.ListenerInvokerWrapper".substring(1);
+    public static final String APACHE_DUBBO_SYNC_HANDLER = " org.apache.dubbo.rpc.listener.ListenerInvokerWrapper".substring(1);
+    public static final String ALIBABA_DUBBO_EXCHANGE_HANDLER = " com.alibaba.dubbo.remoting.exchange.support.header.HeaderExchangeHandler".substring(1);
+    public static final String APACHE_DUBBO_EXCHANGE_HANDLER = " org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler".substring(1);
+    public static final String APACHE_DUBBO_EXCHANGE_CHANNEL = " org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeChannel".substring(1);
+    public static final String ALIBABA_DUBBO_PROXY_HANDLER = " com.alibaba.dubbo.rpc.proxy.AbstractProxyInvoker".substring(1);
+    public static final String APACHE_DUBBO_PROXY_HANDLER = " org.apache.dubbo.rpc.proxy.AbstractProxyInvoker".substring(1);
+
+    @Override
+    public ClassVisitor dispatch(ClassVisitor classVisitor, ClassContext context, Policy policy) {
+        String className = context.getClassName();
+
+        if (ALIBABA_DUBBO_SYNC_HANDLER.equals(className)) {
+            classVisitor = new DubboSyncHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_SYNC_HANDLER.equals(className)) {
+            classVisitor = new DubboSyncHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (ALIBABA_DUBBO_EXCHANGE_HANDLER.equals(className)) {
+            classVisitor = new DubboExchangeHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_EXCHANGE_HANDLER.equals(className)) {
+            classVisitor = new DubboExchangeHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (APACHE_DUBBO_EXCHANGE_CHANNEL.equals(className)) {
+            classVisitor = new DubboExchangeChannelAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (ALIBABA_DUBBO_PROXY_HANDLER.equals(className)) {
+            classVisitor = new DubboProxyHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_PROXY_HANDLER.equals(className)) {
+            classVisitor = new DubboProxyHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        }
+
+        return classVisitor;
+    }
+}

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboExchangeChannelAdapter.java

@@ -0,0 +1,35 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractClassVisitor;
+import io.dongtai.iast.core.utils.AsmUtils;
+import io.dongtai.log.DongTaiLog;
+import org.objectweb.asm.ClassVisitor;
+import org.objectweb.asm.MethodVisitor;
+
+public class DubboExchangeChannelAdapter extends AbstractClassVisitor {
+    public static final String DUBBO_EXCHANGE_CHANNEL_SEND = "{package}.dubbo.remoting.exchange.support.header.HeaderExchangeChannel.send(java.lang.Object)";
+
+    private final String packageName;
+    private final String sendSign;
+
+    public DubboExchangeChannelAdapter(ClassVisitor classVisitor, ClassContext context, String packageName) {
+        super(classVisitor, context);
+        this.packageName = packageName;
+        this.sendSign = DUBBO_EXCHANGE_CHANNEL_SEND.replace("{package}", this.packageName);
+    }
+
+    @Override
+    public MethodVisitor visitMethod(final int access, final String name, final String desc, final String signature, final String[] exceptions) {
+        MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
+        String signCode = AsmUtils.buildSignature(context.getClassName(), name, desc);
+
+        if (this.sendSign.equals(signCode)) {
+            DongTaiLog.debug("Adding dubbo provider response tracking by {}", signCode);
+            mv = new DubboExchangeChannelSendAdviceAdapter(mv, access, name, desc, signCode,
+                    this.context, this.packageName);
+            setTransformed();
+        }
+        return mv;
+    }
+}

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboExchangeChannelSendAdviceAdapter.java

@@ -0,0 +1,74 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractAdviceAdapter;
+import org.objectweb.asm.*;
+import org.objectweb.asm.commons.Method;
+
+public class DubboExchangeChannelSendAdviceAdapter extends AbstractAdviceAdapter {
+    private static final Method GET_RESULT_METHOD = Method.getMethod("java.lang.Object getResult()");
+    private static final Method GET_STATUS_METHOD = Method.getMethod("byte getStatus()");
+
+    private final String packageName;
+    private final Type objectType;
+    private final Type responseType;
+
+    protected DubboExchangeChannelSendAdviceAdapter(MethodVisitor mv, int access, String name, String desc,
+                                                    String signature, ClassContext context, String packageName) {
+        super(mv, access, name, desc, context, "dubbo", signature);
+        this.packageName = packageName;
+        String packageDesc = packageName.replace(".", "/");
+        this.responseType = Type.getObjectType(packageDesc + "/dubbo/remoting/exchange/Response");
+        this.objectType = Type.getObjectType("java/lang/Object");
+    }
+
+    @Override
+    protected void before() {
+        mark(tryLabel);
+        Label elseLabel = new Label();
+
+        isFirstLevelDubbo();
+        mv.visitJumpInsn(EQ, elseLabel);
+
+        collectDubboResponse();
+
+        mark(elseLabel);
+    }
+
+    @Override
+    protected void after(int opcode) {
+    }
+
+    private void isFirstLevelDubbo() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$isFirstLevelDubbo);
+    }
+
+    private void collectDubboResponse() {
+        Label tryL = new Label();
+        Label catchL = new Label();
+        Label exHandlerL = new Label();
+        visitTryCatchBlock(tryL, catchL, exHandlerL, ASM_TYPE_THROWABLE.getInternalName());
+        visitLabel(tryL);
+
+
+        int respLocal = newLocal(this.responseType);
+        loadArg(0);
+        checkCast(this.responseType);
+        storeLocal(respLocal);
+
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        loadLocal(respLocal);
+        invokeVirtual(this.responseType, GET_RESULT_METHOD);
+        loadLocal(respLocal);
+        invokeVirtual(this.responseType, GET_STATUS_METHOD);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$collectDubboResponse);
+
+        visitLabel(catchL);
+        Label endL = new Label();
+        visitJumpInsn(GOTO, endL);
+        visitLabel(exHandlerL);
+        visitVarInsn(ASTORE, this.nextLocal);
+        visitLabel(endL);
+    }
+}