Skip to content

Commit

Permalink
Merge pull request #526 from HXSecurity/beta
Browse files Browse the repository at this point in the history
bump version to v1.10.0
  • Loading branch information
lostsnow authored May 17, 2023
2 parents 84d586d + 78be5f5 commit 126b936
Show file tree
Hide file tree
Showing 93 changed files with 1,115 additions and 919 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ jobs:
uses: actions/checkout@v2

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}

Expand All @@ -76,7 +76,7 @@ jobs:
maven-version: 3.2.5

- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v2
9 changes: 9 additions & 0 deletions dongtai-agent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,11 @@
<artifactId>gson</artifactId>
<version>${gson.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba.fastjson2</groupId>
<artifactId>fastjson2</artifactId>
<version>${fastjson2.version}</version>
</dependency>
</dependencies>

<build>
Expand Down Expand Up @@ -176,6 +181,10 @@
<pattern>com.google</pattern>
<shadedPattern>${shade-prefix}.com.google</shadedPattern>
</relocation>
<relocation>
<pattern>com.alibaba</pattern>
<shadedPattern>${shade-prefix}.com.alibaba</shadedPattern>
</relocation>
</relocations>
</configuration>
</execution>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ private static String[] parseAgentArgs(String[] args) throws ParseException {
attachOptions.addOption(build("log_level", "log_level", "optional: DongTai agent log print level."));
attachOptions.addOption(build("log_path", "log_path", "optional: DongTai agent log print path."));
attachOptions.addOption(build("log_disable_collector", "log_disable_collector", "optional: DongTai agent disable log collector."));
attachOptions.addOption(build("disabled_plugins", "disabled_plugins", "optional: DongTai agent disable plugins."));

CommandLineParser parser = new DefaultParser();
HelpFormatter formatter = new HelpFormatter();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

import io.dongtai.iast.agent.manager.EngineManager;
import io.dongtai.iast.agent.monitor.MonitorDaemonThread;
import io.dongtai.iast.agent.monitor.impl.AgentStateMonitor;
import io.dongtai.iast.agent.report.AgentRegisterReport;
import io.dongtai.iast.common.constants.AgentConstant;
import io.dongtai.iast.common.scope.ScopeManager;
Expand Down Expand Up @@ -164,13 +163,6 @@ private static void install(final Instrumentation inst) {
if (send) {
LogCollector.extractFluent();
DongTaiLog.info("Agent registered successfully.");
Boolean agentStat = AgentRegisterReport.agentStat();
if (!agentStat) {
AgentStateMonitor.isCoreRegisterStart = false;
DongTaiLog.info("Detection engine not started, agent waiting to be audited.");
} else {
AgentStateMonitor.isCoreRegisterStart = true;
}
shutdownHook = new ShutdownThread();
Runtime.getRuntime().addShutdownHook(shutdownHook);
loadEngine(inst);
Expand All @@ -187,7 +179,7 @@ private static void install(final Instrumentation inst) {
private static void loadEngine(final Instrumentation inst) {
EngineManager engineManager = EngineManager.getInstance(inst, LAUNCH_MODE, EngineManager.getPID(), AGENT_STATE);
MonitorDaemonThread daemonThread = MonitorDaemonThread.getInstance(engineManager);
if (MonitorDaemonThread.delayTime <= 0 && AgentStateMonitor.isCoreRegisterStart) {
if (MonitorDaemonThread.delayTime <= 0) {
daemonThread.startEngine();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ public class IastProperties {
put("log_path", PropertyConstant.PROPERTY_LOG_PATH);
put("log_disable_collector", PropertyConstant.PROPERTY_LOG_DISABLE_COLLECTOR);
put("uuid_path", PropertyConstant.PROPERTY_UUID_PATH);
put("disabled_plugins", PropertyConstant.PROPERTY_DISABLED_PLUGINS);
}};

private static IastProperties instance;
Expand Down Expand Up @@ -223,7 +224,7 @@ public String getServerToken() {
public String getIsDownloadPackage() {
if (null == isDownloadPackage) {
isDownloadPackage = System.getProperty(PropertyConstant.PROPERTY_SERVER_PACKAGE,
cfg.getProperty(PropertyConstant.PROPERTY_SERVER_PACKAGE, "true"));
cfg.getProperty(PropertyConstant.PROPERTY_SERVER_PACKAGE, "false"));
}
return isDownloadPackage;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.dongtai.iast.agent.fallback;

import com.alibaba.fastjson2.JSONObject;
import com.google.gson.reflect.TypeToken;
import io.dongtai.iast.agent.IastProperties;
import io.dongtai.iast.agent.fallback.entity.*;
Expand All @@ -15,7 +16,7 @@
import io.dongtai.iast.common.state.State;
import io.dongtai.log.DongTaiLog;
import io.dongtai.log.ErrorCode;
import org.json.JSONObject;


import java.lang.reflect.Field;
import java.util.*;
Expand Down Expand Up @@ -111,7 +112,7 @@ private static FallbackConfigEntity parseRemoteConfigResponseV2(String remoteRes
try {
// 默认响应标识调用失败
if (REMOTE_CONFIG_DEFAULT_META.equals(remoteResponse)
|| REMOTE_CONFIG_DEFAULT_META.equals(new JSONObject(remoteResponse).get("data").toString())) {
|| REMOTE_CONFIG_DEFAULT_META.equals(JSONObject.parseObject(remoteResponse).get("data").toString())) {
FallbackConfig.enableAutoFallback = false;
if (AgentState.getInstance().isFallback()) {
DongTaiLog.info("fallback remote config empty, auto fallback closed, starting agent");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

import io.dongtai.iast.agent.*;
import io.dongtai.iast.agent.fallback.FallbackManager;
import io.dongtai.iast.agent.monitor.MonitorDaemonThread;
import io.dongtai.iast.agent.report.AgentRegisterReport;
import io.dongtai.iast.agent.util.*;
import io.dongtai.iast.common.state.AgentState;
Expand Down Expand Up @@ -36,7 +37,7 @@ public class EngineManager {
private final IastProperties properties;
private final String launchMode;
private Class<?> classOfEngine;
private FallbackManager fallbackManager;
private final FallbackManager fallbackManager;
private final AgentState agentState;

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -55,10 +55,8 @@ public void run() {
if (MonitorDaemonThread.delayTime > 0) {
try {
Thread.sleep(delayTime);
} catch (InterruptedException ignore) {
}
if (AgentStateMonitor.isCoreRegisterStart) {
startEngine();
} catch (InterruptedException ignore) {
}
}
// 引擎启动成功后,创建子线程执行monitor任务
Expand All @@ -81,7 +79,6 @@ public void startEngine() {
// jdk8以上
status = engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
}
if (!status) {
DongTaiLog.info("DongTai IAST started failure");
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package io.dongtai.iast.agent.monitor.impl;

import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import io.dongtai.iast.agent.manager.EngineManager;
import io.dongtai.iast.agent.monitor.IMonitor;
import io.dongtai.iast.agent.monitor.MonitorDaemonThread;
Expand All @@ -9,11 +11,11 @@
import io.dongtai.iast.agent.util.ThreadUtils;
import io.dongtai.iast.common.constants.AgentConstant;
import io.dongtai.iast.common.constants.ApiPath;
import io.dongtai.iast.common.state.AgentState;
import io.dongtai.iast.common.state.State;
import io.dongtai.iast.common.state.StateCause;
import io.dongtai.log.DongTaiLog;
import io.dongtai.log.ErrorCode;
import org.json.JSONObject;

import java.util.HashMap;
import java.util.Map;
Expand All @@ -23,7 +25,6 @@
*/
public class AgentStateMonitor implements IMonitor {
private final EngineManager engineManager;
public static Boolean isCoreRegisterStart = false;
private static final String NAME = "AgentStateMonitor";

public AgentStateMonitor(EngineManager engineManager) {
Expand All @@ -37,50 +38,73 @@ public String getName() {

@Override
public void check() {
AgentState agentState = this.engineManager.getAgentState();
try {
if (this.engineManager.getAgentState().getState() == null) {
if (agentState.getState() == null) {
return;
}

if (this.engineManager.getAgentState().isUninstalledByCli()) {
if (agentState.isUninstalledByCli()) {
HttpClientUtils.sendPost(ApiPath.ACTUAL_ACTION,
HeartBeatReport.generateAgentActualActionMsg(this.engineManager.getAgentState()));
HeartBeatReport.generateAgentActualActionMsg(agentState));
return;
}

if (!this.engineManager.getAgentState().isFallback() && !this.engineManager.getAgentState().isException()) {
String expectState = checkExpectState();
if (State.RUNNING.equals(expectState) && this.engineManager.getAgentState().isPaused()) {
Map<String, Object> stringStringMap = checkExpectState();
// 默认值
String expectState = "other";
boolean allowReport = true;

if (stringStringMap != null) {
expectState = stringStringMap.get("exceptRunningStatus").toString();
if (null != stringStringMap.get("allowReport")) {
allowReport = !"0".equals(stringStringMap.get("allowReport").toString());
}
}

if (allowReport && !agentState.isAllowReport()) {
DongTaiLog.info("engine is allowed to report data");
agentState.setAllowReport(allowReport);
} else if (!allowReport && agentState.isAllowReport()) {
DongTaiLog.info("engine is not allowed to report data");
agentState.setAllowReport(allowReport);
}

if (!agentState.isFallback() && !agentState.isException() && agentState.isAllowReport() && agentState.isAllowReport()) {
if (State.RUNNING.equals(expectState) && agentState.isPaused()) {
DongTaiLog.info("engine start by server expect state");
engineManager.start();
engineManager.getAgentState().setState(State.RUNNING).setCause(StateCause.RUNNING_BY_SERVER);
} else if (State.PAUSED.equals(expectState) && this.engineManager.getAgentState().isRunning()) {
agentState.setState(State.RUNNING).setCause(StateCause.RUNNING_BY_SERVER);
} else if (State.PAUSED.equals(expectState) && agentState.isRunning()) {
DongTaiLog.info("engine stop by server expect state");
engineManager.stop();
engineManager.getAgentState().setState(State.PAUSED).setCause(StateCause.PAUSE_BY_SERVER);
agentState.setState(State.PAUSED).setCause(StateCause.PAUSE_BY_SERVER);
}
}
HttpClientUtils.sendPost(ApiPath.ACTUAL_ACTION,
HeartBeatReport.generateAgentActualActionMsg(this.engineManager.getAgentState()));
HeartBeatReport.generateAgentActualActionMsg(agentState));
} catch (Throwable t) {
DongTaiLog.warn(ErrorCode.AGENT_MONITOR_THREAD_CHECK_FAILED, getName(), t);
}
}

private String checkExpectState() {
private Map<String, Object> checkExpectState() {
try {
Map<String, String> parameters = new HashMap<String, String>();
Map<String, String> parameters = new HashMap<>();
parameters.put("agentId", String.valueOf(AgentRegisterReport.getAgentId()));
String respRaw = HttpClientUtils.sendGet(ApiPath.EXCEPT_ACTION, parameters).toString();
if (!respRaw.isEmpty()) {
JSONObject resp = new JSONObject(respRaw);
JSONObject resp = JSON.parseObject(respRaw);
JSONObject data = (JSONObject) resp.get("data");
return data.get("exceptRunningStatus").toString();
Map<String, Object> objectObjectHashMap = new HashMap<>(2);
String s = data.toJSONString();
objectObjectHashMap = JSON.parseObject(s, Map.class);
return objectObjectHashMap;
}
} catch (Throwable e) {
return "other";
return null;
}
return "other";
return null;
}

@Override
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
package io.dongtai.iast.agent.report;

import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONArray;
import com.alibaba.fastjson2.JSONObject;
import io.dongtai.iast.agent.IastProperties;
import io.dongtai.iast.agent.manager.EngineManager;
import io.dongtai.iast.agent.middlewarerecognition.IServer;
Expand All @@ -10,8 +13,7 @@
import io.dongtai.iast.common.utils.base64.Base64Encoder;
import io.dongtai.log.DongTaiLog;
import io.dongtai.log.ErrorCode;
import org.json.JSONArray;
import org.json.JSONObject;


import java.io.*;
import java.net.*;
Expand All @@ -27,7 +29,6 @@ public class AgentRegisterReport {
public static AgentRegisterReport INSTANCE;
private String projectName = null;
private static Integer agentId = -1;
private static Integer coreRegisterStart = 1;
final IServer server = ServerDetect.getWebserver();
private static String AGENT_NAME = null;
private static String HOST_NAME = null;
Expand Down Expand Up @@ -211,7 +212,7 @@ private String readIpInfo() {
} else {
jsonObject.put("isAddress", "0");
}
network.put(jsonObject);
network.add(jsonObject);
}
}
return network.toString();
Expand Down Expand Up @@ -258,12 +259,11 @@ public static Boolean send() {
*/
private void setAgentData(StringBuilder responseRaw) {
try {
JSONObject responseObj = new JSONObject(responseRaw.toString());
JSONObject responseObj = JSON.parseObject(responseRaw.toString());
Integer status = (Integer) responseObj.get("status");
if (status == 201) {
JSONObject data = (JSONObject) responseObj.get("data");
agentId = (Integer) data.get("id");
coreRegisterStart = (Integer) data.get("coreAutoStart");
} else {
DongTaiLog.error(ErrorCode.AGENT_REGISTER_RESPONSE_CODE_INVALID, responseRaw);
}
Expand All @@ -273,10 +273,6 @@ private void setAgentData(StringBuilder responseRaw) {
}
}

public static Boolean agentStat() {
return coreRegisterStart == 1;
}

private static String generateUUID() {
String uuidPath = IastProperties.getInstance().getUUIDPath();
if (uuidPath == null || uuidPath.isEmpty()) {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
package io.dongtai.iast.agent.report;

import com.alibaba.fastjson2.JSONObject;
import io.dongtai.iast.agent.monitor.impl.PerformanceMonitor;
import io.dongtai.iast.agent.util.ByteUtils;
import io.dongtai.iast.common.constants.ReportKey;
import io.dongtai.iast.common.constants.ReportType;
import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
import io.dongtai.iast.common.state.AgentState;
import org.json.JSONObject;

/**
* 心跳机制实现,默认30s
Expand Down
Binary file modified dongtai-agent/src/main/resources/bin/jattach-arm
Binary file not shown.
Binary file modified dongtai-agent/src/main/resources/bin/jattach-linux
Binary file not shown.
Binary file modified dongtai-agent/src/main/resources/bin/jattach-mac
100644 → 100755
Binary file not shown.
Binary file modified dongtai-agent/src/main/resources/bin/jattach.exe
Binary file not shown.
9 changes: 9 additions & 0 deletions dongtai-common/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@
<artifactId>json</artifactId>
<version>${json.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba.fastjson2</groupId>
<artifactId>fastjson2</artifactId>
<version>${fastjson2.version}</version>
</dependency>

<dependency>
<groupId>junit</groupId>
Expand Down Expand Up @@ -72,6 +77,10 @@
<pattern>org.json</pattern>
<shadedPattern>${shade-prefix}.org.json</shadedPattern>
</relocation>
<relocation>
<pattern>com.alibaba</pattern>
<shadedPattern>${shade-prefix}.com.alibaba</shadedPattern>
</relocation>
</relocations>
</configuration>
</execution>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package io.dongtai.iast.common.constants;

public class AgentConstant {
public static final String VERSION_VALUE = "v1.9.0";
public static final String VERSION_VALUE = "v1.10.0";
public static final String LANGUAGE = "JAVA";
public static final String THREAD_NAME_PREFIX = "DongTai-IAST-";
public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,5 @@ public class PropertyConstant {
public static final String PROPERTY_RESPONSE_LENGTH = "dongtai.response.length";
public static final String PROPERTY_POLICY_PATH = "dongtai.policy.path";
public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path";
public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins";
}
Loading

0 comments on commit 126b936

Please sign in to comment.