feature: add validator handler.

‘niuerzhuang’ · ‘niuerzhuang’ · commit 131fefac3346 · 2023-08-07T16:42:35.000+08:00
diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java
@@ -24,6 +24,8 @@ private ConfigBuilder() {
                 Config.<Boolean>create(ConfigKey.ENABLE_LOGGER));
         this.configMap.put(ConfigKey.LOGGER_LEVEL,
                 Config.<String>create(ConfigKey.LOGGER_LEVEL));
+        this.configMap.put(ConfigKey.VALIDATED_SINK,
+                Config.<Boolean>create(ConfigKey.VALIDATED_SINK).setDefaultValue(false));
     }
 
     public static ConfigBuilder getInstance() {
@@ -62,6 +64,7 @@ public void update(JSONObject config) {
         updateString(config, ConfigKey.JsonKey.JSON_VERSION_HEADER_KEY);
         updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_LOGGER);
         updateString(config, ConfigKey.JsonKey.JSON_LOGGER_LEVEL);
+        updateBool(config, ConfigKey.JsonKey.JSON_VALIDATED_SINK);
         updateRequestDenyList(config);
     }
 
diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java b/dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java
@@ -8,6 +8,7 @@ public enum ConfigKey {
     VERSION_HEADER_KEY,
     ENABLE_LOGGER,
     LOGGER_LEVEL,
+    VALIDATED_SINK,
     ;
 
     public enum JsonKey {
@@ -18,6 +19,7 @@ public enum JsonKey {
         JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY),
         JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER),
         JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL),
+        JSON_VALIDATED_SINK("report_validated_sink", LOGGER_LEVEL),
         ;
 
         private final String key;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/ValidatorImpl.java
@@ -42,6 +42,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode
                         && TaintPoolUtils.poolContains(event.objectInstance, event)) {
                     hash = getStringHash(event.objectInstance);
                     len = TaintRangesBuilder.getLength(event.objectInstance);
+                    event.setObjectValue(event.objectInstance, true);
                 }
             } else if (position.isParameter()) {
                 int parameterIndex = position.getParameterIndex();
@@ -54,6 +55,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode
                         && TaintPoolUtils.poolContains(parameter, event)) {
                     hash = getStringHash(parameter);
                     len = TaintRangesBuilder.getLength(parameter);
+                    event.addParameterValue(parameterIndex, parameter, true);
                 }
             } else return;
 
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java
@@ -181,7 +181,7 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) {
                     
                     boolean commonCondition = tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed);
 
-                    if (PropertyUtils.isDisabledValidated()) {
+                    if (PropertyUtils.validatedSink()) {
                         tagsHit = commonCondition && !tr.hasValidatedTags(disallowed);
                     } else {
                         tagsHit = commonCondition;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java
@@ -1,5 +1,7 @@
 package io.dongtai.iast.core.utils;
 
+import io.dongtai.iast.common.config.ConfigBuilder;
+import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.common.constants.PropertyConstant;
 import io.dongtai.log.DongTaiLog;
 import io.dongtai.log.ErrorCode;
@@ -224,10 +226,9 @@ public static Boolean isDisabledCustomModel() {
         return isDisabledCustomModel;
     }
 
-    public static Boolean isDisabledValidated() {
+    public static Boolean validatedSink() {
         if (null == isDisabledCustomModel){
-            List<String> disabledFeatures = getDisabledFeatures();
-            isDisabledCustomModel = disabledFeatures.contains("validated");
+            isDisabledCustomModel = ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK);
         }
         return isDisabledCustomModel;
     }

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,8 @@ private ConfigBuilder() {`
`24`	`24`	`Config.<Boolean>create(ConfigKey.ENABLE_LOGGER));`
`25`	`25`	`this.configMap.put(ConfigKey.LOGGER_LEVEL,`
`26`	`26`	`Config.<String>create(ConfigKey.LOGGER_LEVEL));`
	`27`	`+ this.configMap.put(ConfigKey.VALIDATED_SINK,`
	`28`	`+ Config.<Boolean>create(ConfigKey.VALIDATED_SINK).setDefaultValue(false));`
`27`	`29`	`}`
`28`	`30`
`29`	`31`	`public static ConfigBuilder getInstance() {`
`@@ -62,6 +64,7 @@ public void update(JSONObject config) {`
`62`	`64`	`updateString(config, ConfigKey.JsonKey.JSON_VERSION_HEADER_KEY);`
`63`	`65`	`updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_LOGGER);`
`64`	`66`	`updateString(config, ConfigKey.JsonKey.JSON_LOGGER_LEVEL);`
	`67`	`+ updateBool(config, ConfigKey.JsonKey.JSON_VALIDATED_SINK);`
`65`	`68`	`updateRequestDenyList(config);`
`66`	`69`	`}`
`67`	`70`
Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ public enum ConfigKey {`
`8`	`8`	`VERSION_HEADER_KEY,`
`9`	`9`	`ENABLE_LOGGER,`
`10`	`10`	`LOGGER_LEVEL,`
	`11`	`+ VALIDATED_SINK,`
`11`	`12`	`;`
`12`	`13`
`13`	`14`	`public enum JsonKey {`
`@@ -18,6 +19,7 @@ public enum JsonKey {`
`18`	`19`	`JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY),`
`19`	`20`	`JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER),`
`20`	`21`	`JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL),`
	`22`	`+ JSON_VALIDATED_SINK("report_validated_sink", LOGGER_LEVEL),`
`21`	`23`	`;`
`22`	`24`
`23`	`25`	`private final String key;`
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode`
`42`	`42`	`&& TaintPoolUtils.poolContains(event.objectInstance, event)) {`
`43`	`43`	`hash = getStringHash(event.objectInstance);`
`44`	`44`	`len = TaintRangesBuilder.getLength(event.objectInstance);`
	`45`	`+ event.setObjectValue(event.objectInstance, true);`
`45`	`46`	`}`
`46`	`47`	`} else if (position.isParameter()) {`
`47`	`48`	`int parameterIndex = position.getParameterIndex();`
`@@ -54,6 +55,7 @@ public static void solveValidator(MethodEvent event, ValidatorNode validatorNode`
`54`	`55`	`&& TaintPoolUtils.poolContains(parameter, event)) {`
`55`	`56`	`hash = getStringHash(parameter);`
`56`	`57`	`len = TaintRangesBuilder.getLength(parameter);`
	`58`	`+ event.addParameterValue(parameterIndex, parameter, true);`
`57`	`59`	`}`
`58`	`60`	`} else return;`
`59`	`61`
Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`package io.dongtai.iast.core.utils;`
`2`	`2`
	`3`	`+import io.dongtai.iast.common.config.ConfigBuilder;`
	`4`	`+import io.dongtai.iast.common.config.ConfigKey;`
`3`	`5`	`import io.dongtai.iast.common.constants.PropertyConstant;`
`4`	`6`	`import io.dongtai.log.DongTaiLog;`
`5`	`7`	`import io.dongtai.log.ErrorCode;`
`@@ -224,10 +226,9 @@ public static Boolean isDisabledCustomModel() {`
`224`	`226`	`return isDisabledCustomModel;`
`225`	`227`	`}`
`226`	`228`
`227`		`- public static Boolean isDisabledValidated() {`
	`229`	`+ public static Boolean validatedSink() {`
`228`	`230`	`if (null == isDisabledCustomModel){`
`229`		`- List<String> disabledFeatures = getDisabledFeatures();`
`230`		`- isDisabledCustomModel = disabledFeatures.contains("validated");`
	`231`	`+ isDisabledCustomModel = ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK);`
`231`	`232`	`}`
`232`	`233`	`return isDisabledCustomModel;`
`233`	`234`	`}`