Merge branch 'beta' into fix/clean-code

Author: ‘niuerzhuang’

dongtai-agent/src/test/java/io/dongtai/iast/agent/fallback/checker/CpuUsageCheckerTest.java

@@ -0,0 +1,47 @@
+package io.dongtai.iast.agent.fallback.checker;
+
+import io.dongtai.iast.agent.IastProperties;
+import io.dongtai.iast.agent.fallback.checker.impl.CpuUsageChecker;
+import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.CpuInfoMetrics;
+import io.dongtai.iast.common.enums.MetricsKey;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Properties;
+
+/**
+ * 检查CPU使用率
+ */
+public class CpuUsageCheckerTest {
+
+    @Test
+    public void testIsPerformanceOverLimit() {
+
+
+        // 创建配置参数对象
+        Properties cfg = new Properties();
+        cfg.setProperty("iast.remoteSync.performanceLimit.maxThreshold.cpuUsage", "{\"cpuUsagePercentage\":80.0}");
+
+        //初始化临时目录
+        IastProperties.initTmpDir();
+
+        // 创建测试用例对象
+        CpuUsageChecker cpuUsageChecker = new CpuUsageChecker();
+        // 创建模拟性能指标对象
+        PerformanceMetrics nowMetrics = new PerformanceMetrics();
+        CpuInfoMetrics cpuInfoMetrics = new CpuInfoMetrics();
+        cpuInfoMetrics.setCpuUsagePercentage(81.0);
+
+        nowMetrics.setMetricsKey(MetricsKey.CPU_USAGE);
+        nowMetrics.setMetricsValue(cpuInfoMetrics);
+
+        // CPU使用率超过阈值，应该返回true
+        Assert.assertTrue(cpuUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+
+        // 修改性能指标对象的CPU使用率为70%
+        cpuInfoMetrics.setCpuUsagePercentage(70.0);
+        // CPU使用率未超过阈值，应该返回false
+        Assert.assertFalse(cpuUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+    }
+}

dongtai-agent/src/test/java/io/dongtai/iast/agent/fallback/checker/MemUsageCheckerTest.java

@@ -0,0 +1,44 @@
+package io.dongtai.iast.agent.fallback.checker;
+
+import io.dongtai.iast.agent.IastProperties;
+import io.dongtai.iast.agent.fallback.checker.impl.MemUsageChecker;
+import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
+import io.dongtai.iast.common.enums.MetricsKey;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.util.Properties;
+
+public class MemUsageCheckerTest {
+
+
+    /**
+     * 测试内存检查
+     */
+    @Test
+    public void testIsPerformanceOverLimit() {
+        // 配置参数
+        Properties cfg = new Properties();
+        // 设置配置内存阈值
+        cfg.setProperty("iast.remoteSync.performanceLimit.maxThreshold.memoryUsage", "{\"committed\":1024," +
+                "\"init\":1024,\"max\":1024,\"memUsagePercentage\":80.0,\"systemMaxLimit\":-1," +
+                "\"trulyMaxMem\":1024,\"used\":1024}\n");
+        //初始化临时目录
+        IastProperties.initTmpDir();
+        // 创建检查器对象
+        MemUsageChecker memUsageChecker = new MemUsageChecker();
+        // 创建模拟性能指标对象
+        PerformanceMetrics nowMetrics = new PerformanceMetrics();
+        nowMetrics.setMetricsKey(MetricsKey.MEM_USAGE);
+        nowMetrics.setMetricsValue(new MemoryUsageMetrics(1024L, 1024L, 1024L, 1024L));
+        // 内存使用率超过阈值，应该返回true
+        Assert.assertTrue(memUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+
+
+        // 修改性能指标对象的内存使用率为70%
+        nowMetrics.setMetricsValue(new MemoryUsageMetrics(1024L, 500L, 1024L, 1024L));
+        // 内存使用率未超过阈值，应该返回false
+        Assert.assertFalse(memUsageChecker.isPerformanceOverLimit(nowMetrics, cfg));
+    }
+}

dongtai-api-gather/dongtai-api-gather-spring-api/src/main/java/io/dongtai/iast/api/gather/spring/convertor/RequestMappingInfoConvertor.java

@@ -60,7 +60,7 @@ private void parsePathPatternsRequestCondition() {
                 });
             }
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api path.getPathPatternsCondition router exception", e);
+//            DongTaiLog.debug("spring api path.getPathPatternsCondition router exception", e);
         }
 
         try {
@@ -78,7 +78,7 @@ public void accept(String s) {
                 });
             }
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api path.getPatternsCondition router exception", e);
+//            DongTaiLog.debug("spring api path.getPatternsCondition router exception", e);
         }
     }
 
@@ -144,7 +144,7 @@ public void accept(RequestMethod requestMethod) {
                 }
             });
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api method router exception", e);
+//            DongTaiLog.debug("spring api method router exception", e);
         }
     }
 
@@ -210,7 +210,7 @@ public void accept(NameValueExpression<String> stringNameValueExpression) {
             });
             return parameterList;
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api parameters router exception: {}", e.getMessage());
+//            DongTaiLog.debug("spring api parameters router exception: {}", e.getMessage());
         }
         return Collections.emptyList();
     }
@@ -242,7 +242,7 @@ public void accept(NameValueExpression<String> stringNameValueExpression) {
             });
             return headerParameterList;
         } catch (Throwable e) {
-            DongTaiLog.debug("spring api headers router exception: {}", e.getMessage());
+//            DongTaiLog.debug("spring api headers router exception: {}", e.getMessage());
         }
         return Collections.emptyList();
     }

dongtai-common/src/main/java/io/dongtai/iast/common/exception/DongTaiIastException.java

@@ -0,0 +1,29 @@
+package io.dongtai.iast.common.exception;
+
+/**
+ * 动态Agent整个项目内异常的基类，以后的异常尽量都继承这个类
+ *
+ * @author CC11001100
+ * @since 1.13.2
+ */
+public class DongTaiIastException extends Exception {
+
+    public DongTaiIastException() {
+    }
+
+    public DongTaiIastException(String message) {
+        super(message);
+    }
+
+    public DongTaiIastException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public DongTaiIastException(Throwable cause) {
+        super(cause);
+    }
+
+    public DongTaiIastException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+        super(message, cause, enableSuppression, writableStackTrace);
+    }
+}

dongtai-common/src/main/java/io/dongtai/iast/common/string/ObjectFormatResult.java

@@ -0,0 +1,22 @@
+package io.dongtai.iast.common.string;
+
+/**
+ * 用于表示对 对象格式化的结果
+ *
+ * @author CC11001100
+ * @since 1.13.2
+ */
+public class ObjectFormatResult {
+
+    // 对象格式化后的字符串，可能不是原始的完整的字符串是被格式化过的，仅作为展示之类的使用
+    public String objectFormatString;
+
+    // 原始的字符串长度，对象格式化可以认为有三个步骤：
+    //
+    // object --> original string --> format string
+    //
+    // 其中original string通常是调用object的toString()得到的，长度可能比较短，也可能老长老长了
+    // format string这一步相当于是对original string进行截断，控制字符串的长度
+    public int originalLength;
+
+}

dongtai-common/src/main/java/io/dongtai/iast/common/string/ObjectFormatter.java

@@ -0,0 +1,134 @@
+package io.dongtai.iast.common.string;
+
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.function.Consumer;
+
+/**
+ * 用于把对象格式化为字符串
+ *
+ * @author CC11001100
+ * @since 1.13.2
+ */
+public class ObjectFormatter {
+
+    /**
+     * 把对象格式化为字符串，高频调用要尽可能快
+     *
+     * @param value     要转换为字符串的对象
+     * @param charLimit 转换时的字符长度限制，超过此长度将被格式化为一个祖传下来的表示字符串省略的格式 :)
+     * @return 比如"aaa"，如果超长可能会发生省略： "aaaaaaaaaaaaaaaaaa...aaaaaaaaaaaaaa"
+     * @see ObjectFormatResult
+     */
+    public static ObjectFormatResult formatObject(Object value, int charLimit) {
+
+        ObjectFormatResult r = new ObjectFormatResult();
+
+        if (null == value) {
+            return r;
+        }
+
+        try {
+            if (value.getClass().isArray() && !value.getClass().getComponentType().isPrimitive()) {
+                // 判断是否是基本类型的数组，基本类型的数组无法类型转换为Object[]，导致java.lang.ClassCastException异常
+                Object[] taints = (Object[]) value;
+                return objArray2StringV2(taints, charLimit);
+            } else if (value instanceof StringWriter) {
+                String s = ((StringWriter) value).getBuffer().toString();
+                r.originalLength = s.length();
+                r.objectFormatString = StringUtils.normalize(s, charLimit);
+                return r;
+            } else {
+                String s = value.toString();
+                r.originalLength = s.length();
+                r.objectFormatString = StringUtils.normalize(s, charLimit);
+                return r;
+            }
+        } catch (Throwable e) {
+            // org.jruby.RubyBasicObject.hashCode() may cause NullPointerException when RubyBasicObject.metaClass is null
+            String typeName = value.getClass().getName() + "@" + Integer.toHexString(System.identityHashCode(value));
+            r.originalLength = typeName.length();
+            r.objectFormatString = StringUtils.normalize(typeName, charLimit);
+            return r;
+        }
+    }
+
+    /**
+     * 对象数组转为字符串，会往下穿透到第二层
+     *
+     * @param objArray  要转换为字符串的对象数组
+     * @param charLimit 同 {{@link #formatObject(Object, int)}}
+     * @return
+     * @see #formatObject
+     */
+    private static ObjectFormatResult objArray2StringV2(Object[] objArray, int charLimit) {
+
+        ObjectFormatResult r = new ObjectFormatResult();
+
+        // 第一步，先把对象都收集一下，把要处理的对象打平
+        List<Object> objList = new ArrayList<>();
+        for (Object taint : objArray) {
+            if (taint != null) {
+                if (taint.getClass().isArray() && !taint.getClass().getComponentType().isPrimitive()) {
+                    Object[] subTaints = (Object[]) taint;
+                    for (Object subTaint : subTaints) {
+                        if (subTaint == null) {
+                            continue;
+                        }
+                        objList.add(subTaint);
+                    }
+                } else {
+                    objList.add(taint);
+                }
+            }
+        }
+
+        // 从前往后开始读取
+        StringBuilder header = new StringBuilder();
+        int headIndex = 0;
+        while (headIndex < objList.size()) {
+
+            String s = objList.get(headIndex).toString();
+            headIndex++;
+            // 如果这个地方的字符串比较长怎么办？是不是应该截断一下？还是有优化空间的
+            header.append(s);
+            r.originalLength += s.length();
+
+            // 如果进来的话，说明长度是超了，这个时候应该做的是从尾部读取一部分进来，然后等会儿做截断用
+            if (header.length() > charLimit) {
+
+                // 然后就从尾部开始向前读取
+                int readCount = 0;
+                LinkedList<String> tailStringList = new LinkedList<>();
+                int needReadChar = charLimit / 2 + charLimit % 2;
+                for (int tailIndex = objList.size() - 1; tailIndex >= headIndex; tailIndex--) {
+                    s = objList.get(tailIndex).toString();
+                    // 仅读取需要的字符数，超过的话则不再读取
+                    if (readCount < needReadChar) {
+                        readCount += s.length();
+                        tailStringList.addFirst(s);
+                    }
+                    // 但是长度是要整个计算的
+                    r.originalLength += s.length();
+                }
+
+                // 然后开始拼接处理
+                tailStringList.forEach(new Consumer<String>() {
+                    @Override
+                    public void accept(String s) {
+                        // 是不是应该避免一下不必要的拼接拷贝？某些特殊数据下还是可能会发生占用较长时间
+                        header.append(s);
+                    }
+                });
+
+                break;
+            }
+        }
+
+        r.objectFormatString = StringUtils.normalize(header.toString(), charLimit);
+        return r;
+    }
+
+}