Merge pull request #294 from Nizernizer/main

Add start param/Hook fastjson/support tomcat10

Author: Nizernizer

dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java

@@ -29,6 +29,9 @@ private static String[] parseAgentArgs(String[] args) throws ParseException {
         attachOptions.addOption(build("cluster_version", "cluster_version", "optional: Application Cluster Version"));
         attachOptions.addOption(build("dongtai_server", "dongtai_server", "optional: DongTai server url"));
         attachOptions.addOption(build("dongtai_token", "dongtai_token", "optional: DongTai server token"));
+        attachOptions.addOption(build("server_package", "server_package", "optional: DongTai core package download way."));
+        attachOptions.addOption(build("log_level", "log_level", "optional: DongTai agent log print level."));
+        attachOptions.addOption(build("log_path", "log_path", "optional: DongTai agent log print path."));
 
         CommandLineParser parser = new DefaultParser();
         HelpFormatter formatter = new HelpFormatter();
@@ -70,6 +73,15 @@ private static String[] parseAgentArgs(String[] args) throws ParseException {
             if (result.hasOption("dongtai_token")) {
                 attachArgs.append("&dongtaiToken=").append(result.getOptionValue("dongtai_token"));
             }
+            if (result.hasOption("server_package")) {
+                attachArgs.append("&serverPackage=").append(result.getOptionValue("server_package"));
+            }
+            if (result.hasOption("log_level")) {
+                attachArgs.append("&logLevel=").append(result.getOptionValue("log_level"));
+            }
+            if (result.hasOption("log_path")) {
+                attachArgs.append("&logPath=").append(result.getOptionValue("log_path"));
+            }
             return new String[]{pid, attachArgs.toString()};
         } else {
             formatter.printHelp("java -jar agent.jar", attachOptions, true);

dongtai-agent/src/main/java/io/dongtai/iast/agent/AgentLauncher.java

@@ -12,6 +12,7 @@
 import java.util.HashMap;
 import java.util.Map;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
 /**
  * @author [email protected]
@@ -55,6 +56,11 @@ public class AgentLauncher {
      * @param inst inst
      */
     public static void premain(String args, Instrumentation inst) {
+        try {
+            TimeUnit.SECONDS.sleep(5);
+        } catch (InterruptedException e) {
+            e.printStackTrace();
+        }
         if (System.getProperty("protect.by.dongtai", null) != null) {
             return;
         }
@@ -116,6 +122,15 @@ public static void agentmain(String args, Instrumentation inst) {
                 if (argsMap.containsKey("dongtaiToken")) {
                     System.setProperty("dongtai.server.token", argsMap.get("dongtaiToken"));
                 }
+                if (argsMap.containsKey("serverPackage")) {
+                    System.setProperty("dongtai.server.package", argsMap.get("serverPackage"));
+                }
+                if (argsMap.containsKey("logLevel")) {
+                    System.setProperty("dongtai.log.level", argsMap.get("logLevel"));
+                }
+                if (argsMap.containsKey("logPath")) {
+                    System.setProperty("dongtai.log.path", argsMap.get("logPath"));
+                }
                 install(inst);
             } catch (Exception e) {
                 DongTaiLog.error(e);

dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/j2ee/dispatch/ServletDispatcherAdapter.java

@@ -18,9 +18,10 @@ public class ServletDispatcherAdapter extends AbstractClassVisitor {
     private final String SERVLET_REQUEST = " javax.servlet.ServletRequest".substring(1);
     private final String SERVLET_RESPONSE = " javax.servlet.ServletResponse".substring(1);
     private final String FILTER_CHAIN = " javax.servlet.FilterChain".substring(1);
-    private final String JAKARTA_SERVLET_REQUEST = " jakarta.servlet.http.HttpServletRequest".substring(1);
-    private final String JAKARTA_SERVLET_RESPONSE = " jakarta.servlet.http.HttpServletResponse".substring(1);
-
+    private final String JAKARTA_SERVLET_REQUEST_HTTP = " jakarta.servlet.http.HttpServletRequest".substring(1);
+    private final String JAKARTA_SERVLET_REQUEST = " jakarta.servlet.ServletRequest".substring(1);
+    private final String JAKARTA_SERVLET_RESPONSE_HTTP = " jakarta.servlet.http.HttpServletResponse".substring(1);
+    private final String JAKARTA_SERVLET_RESPONSE = " jakarta.servlet.ServletResponse".substring(1);
 
     private final boolean isFaces;
     private final boolean isJakarta;
@@ -75,9 +76,7 @@ private boolean isServiceArgs(Type[] typeOfArgs) {
     }
 
     private boolean isJakartaArgs(Type[] typeOfArgs) {
-        return typeOfArgs.length == 2 &&
-                JAKARTA_SERVLET_REQUEST.equals(typeOfArgs[0].getClassName()) &&
-                JAKARTA_SERVLET_RESPONSE.equals(typeOfArgs[1].getClassName());
+        return typeOfArgs.length == 2 && ((JAKARTA_SERVLET_REQUEST_HTTP.equals(typeOfArgs[0].getClassName()) && JAKARTA_SERVLET_RESPONSE_HTTP.equals(typeOfArgs[1].getClassName())) || (JAKARTA_SERVLET_REQUEST.equals(typeOfArgs[0].getClassName()) && JAKARTA_SERVLET_RESPONSE.equals(typeOfArgs[1].getClassName())));
     }
 
     private boolean isFacesArgs(Type[] typeOfArgs) {

dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt

@@ -40,7 +40,7 @@ com/github/benmanes/caffeine/*
 org/springframework/cloud/sleuth/*
 io/netty/handler/codec/*
 # fastjson
-com/alibaba/fastjson/*
+# com/alibaba/fastjson/*
 # old rule
 EDU/oswego/cs/dl/util/concurrent/BoundedChannel
 EDU/oswego/cs/dl/util/concurrent/BoundedLinkedQueue
@@ -33759,14 +33759,14 @@ org/apache/jasper/runtime/VariableMapperImpl
 org/apache/jasper/runtime/VariableResolverImpl
 org/apache/jasper/security/SecurityClassLoad
 org/apache/jasper/security/SecurityUtil
-org/apache/jasper/servlet/JasperInitializer
-org/apache/jasper/servlet/JasperLoader
-org/apache/jasper/servlet/JasperLoader$PrivilegedLoadClass
-org/apache/jasper/servlet/JspServlet
-org/apache/jasper/servlet/JspCServletContext
-org/apache/jasper/servlet/JspServletWrapper
-org/apache/jasper/servlet/TldScanner
-org/apache/jasper/servlet/TldScanner$TldScannerCallback
+# org/apache/jasper/servlet/JasperInitializer
+# org/apache/jasper/servlet/JasperLoader
+# org/apache/jasper/servlet/JasperLoader$PrivilegedLoadClass
+# org/apache/jasper/servlet/JspServlet
+# org/apache/jasper/servlet/JspCServletContext
+# org/apache/jasper/servlet/JspServletWrapper
+# org/apache/jasper/servlet/TldScanner
+# org/apache/jasper/servlet/TldScanner$TldScannerCallback
 org/apache/jasper/TrimSpacesOption
 org/apache/jasper/util/SimplePool
 org/apache/jasper/util/SystemLogHandler