Merge pull request #494 from lostsnow/feature/logger-remote-config

add logger remote config

Author: lostsnow

dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/ConfigMonitor.java

@@ -6,6 +6,7 @@
 import io.dongtai.iast.agent.util.HttpClientUtils;
 import io.dongtai.iast.agent.util.ThreadUtils;
 import io.dongtai.iast.common.config.ConfigBuilder;
+import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.common.constants.AgentConstant;
 import io.dongtai.iast.common.constants.ApiPath;
 import io.dongtai.log.DongTaiLog;
@@ -30,11 +31,25 @@ public void check() {
 
             StringBuilder response = HttpClientUtils.sendGet(ApiPath.AGENT_CONFIG, parameters);
             ConfigBuilder.getInstance().updateFromRemote(response.toString());
+
+            updateConfig();
         } catch (Throwable t) {
             DongTaiLog.warn(ErrorCode.AGENT_MONITOR_THREAD_CHECK_FAILED, t);
         }
     }
 
+    private void updateConfig() {
+        Boolean enableLog = ConfigBuilder.getInstance().get(ConfigKey.ENABLE_LOGGER);
+        if (enableLog != null) {
+            DongTaiLog.ENABLED = enableLog;
+        }
+
+        String logLevel = ConfigBuilder.getInstance().get(ConfigKey.LOGGER_LEVEL);
+        if (logLevel != null) {
+            DongTaiLog.setLevel(DongTaiLog.parseLevel(logLevel));
+        }
+    }
+
     @Override
     public void run() {
         try {

dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigBuilder.java

@@ -15,11 +15,15 @@ private ConfigBuilder() {
         this.configMap.put(ConfigKey.REPORT_RESPONSE_BODY,
                 Config.<Boolean>create(ConfigKey.REPORT_RESPONSE_BODY).setDefaultValue(true));
         this.configMap.put(ConfigKey.REQUEST_DENY_LIST,
-                Config.<RequestDenyList>create(ConfigKey.REQUEST_DENY_LIST).setDefaultValue(null));
+                Config.<RequestDenyList>create(ConfigKey.REQUEST_DENY_LIST));
         this.configMap.put(ConfigKey.ENABLE_VERSION_HEADER,
                 Config.<Boolean>create(ConfigKey.VERSION_HEADER_KEY).setDefaultValue(true));
         this.configMap.put(ConfigKey.VERSION_HEADER_KEY,
                 Config.<String>create(ConfigKey.VERSION_HEADER_KEY).setDefaultValue("DongTai"));
+        this.configMap.put(ConfigKey.ENABLE_LOGGER,
+                Config.<Boolean>create(ConfigKey.ENABLE_LOGGER));
+        this.configMap.put(ConfigKey.LOGGER_LEVEL,
+                Config.<String>create(ConfigKey.LOGGER_LEVEL));
     }
 
     public static ConfigBuilder getInstance() {
@@ -56,9 +60,20 @@ public void update(JSONObject config) {
         updateInt(config, ConfigKey.JsonKey.JSON_REPORT_MAX_METHOD_POOL_SIZE);
         updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_VERSION_HEADER);
         updateString(config, ConfigKey.JsonKey.JSON_VERSION_HEADER_KEY);
+        updateBool(config, ConfigKey.JsonKey.JSON_ENABLE_LOGGER);
+        updateString(config, ConfigKey.JsonKey.JSON_LOGGER_LEVEL);
         updateRequestDenyList(config);
     }
 
+    @SuppressWarnings("unchecked")
+    public <T> T get(ConfigKey key) {
+        try {
+            return ((Config<T>) getConfig(key)).get();
+        } catch (Throwable ignore) {
+            return null;
+        }
+    }
+
     @SuppressWarnings("unchecked")
     private void updateBool(JSONObject config, ConfigKey.JsonKey jsonKey) {
         try {
@@ -89,7 +104,7 @@ private void updateString(JSONObject config, ConfigKey.JsonKey jsonKey) {
             Config<String> conf = (Config<String>) getConfig(jsonKey.getConfigKey());
             if (conf != null) {
                 String value = config.getString(jsonKey.getKey());
-                if (value != null || !value.isEmpty()) {
+                if (value != null && !value.isEmpty()) {
                     conf.setValue(value);
                 }
             }

dongtai-common/src/main/java/io/dongtai/iast/common/config/ConfigKey.java

@@ -6,6 +6,8 @@ public enum ConfigKey {
     REQUEST_DENY_LIST,
     ENABLE_VERSION_HEADER,
     VERSION_HEADER_KEY,
+    ENABLE_LOGGER,
+    LOGGER_LEVEL,
     ;
 
     public enum JsonKey {
@@ -14,6 +16,8 @@ public enum JsonKey {
         JSON_REQUEST_DENY_LIST("blacklist_rules", REQUEST_DENY_LIST),
         JSON_ENABLE_VERSION_HEADER("enable_version_header", ENABLE_VERSION_HEADER),
         JSON_VERSION_HEADER_KEY("version_header_name", VERSION_HEADER_KEY),
+        JSON_ENABLE_LOGGER("enable_log", ENABLE_LOGGER),
+        JSON_LOGGER_LEVEL("log_level", LOGGER_LEVEL),
         ;
 
         private final String key;

dongtai-common/src/test/java/io/dongtai/iast/common/config/ConfigBuilderTest.java

@@ -13,16 +13,19 @@ public void testGetConfigAndUpdate() {
         JSONObject configJson;
         String configString;
         ConfigBuilder builder = ConfigBuilder.getInstance();
-        boolean reportResponseBody;
-        int reportMaxMethodPoolSize;
+        Boolean reportResponseBody;
+        Integer reportMaxMethodPoolSize;
+        String versionHeaderKey;
         RequestDenyList requestDenyList;
 
         // default
-        reportResponseBody = ((Config<Boolean>)builder.getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
+        reportResponseBody = builder.get(ConfigKey.REPORT_RESPONSE_BODY);
         Assert.assertTrue("REPORT_RESPONSE_BODY default", reportResponseBody);
-        reportMaxMethodPoolSize = ((Config<Integer>)builder.getConfig(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE)).get();
-        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE default", 5000, reportMaxMethodPoolSize);
-        requestDenyList = ((Config<RequestDenyList>)builder.getConfig(ConfigKey.REQUEST_DENY_LIST)).get();
+        reportMaxMethodPoolSize = builder.get(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE);
+        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE default", new Integer(5000), reportMaxMethodPoolSize);
+        versionHeaderKey = builder.get(ConfigKey.VERSION_HEADER_KEY);
+        Assert.assertEquals("VERSION_HEADER_KEY default", "DongTai", versionHeaderKey);
+        requestDenyList = builder.get(ConfigKey.REQUEST_DENY_LIST);
         Assert.assertNull("REQUEST_DENY_LIST default", requestDenyList);
 
         // update
@@ -41,11 +44,11 @@ public void testGetConfigAndUpdate() {
                 RequestDeny.Operator.EXISTS, "key1");
         expectRequestDenyList.addRule(Collections.singletonList(headerKeyMatch));
 
-        reportResponseBody = ((Config<Boolean>)builder.getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
+        reportResponseBody = builder.get(ConfigKey.REPORT_RESPONSE_BODY);
         Assert.assertFalse("REPORT_RESPONSE_BODY updated", reportResponseBody);
-        reportMaxMethodPoolSize = ((Config<Integer>)builder.getConfig(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE)).get();
-        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE updated", 1000, reportMaxMethodPoolSize);
-        requestDenyList = ((Config<RequestDenyList>)builder.getConfig(ConfigKey.REQUEST_DENY_LIST)).get();
+        reportMaxMethodPoolSize = builder.get(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE);
+        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE updated", new Integer(1000), reportMaxMethodPoolSize);
+        requestDenyList = builder.get(ConfigKey.REQUEST_DENY_LIST);
         Assert.assertEquals("REQUEST_DENY_LIST updated", expectRequestDenyList, requestDenyList);
 
         // update invalid
@@ -62,11 +65,11 @@ public void testGetConfigAndUpdate() {
         configJson = new JSONObject(configString);
         builder.update(configJson);
 
-        reportResponseBody = ((Config<Boolean>)builder.getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
+        reportResponseBody = builder.get(ConfigKey.REPORT_RESPONSE_BODY);
         Assert.assertFalse("REPORT_RESPONSE_BODY not updated", reportResponseBody);
-        reportMaxMethodPoolSize = ((Config<Integer>)builder.getConfig(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE)).get();
-        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE not updated", 1000, reportMaxMethodPoolSize);
-        requestDenyList = ((Config<RequestDenyList>)builder.getConfig(ConfigKey.REQUEST_DENY_LIST)).get();
+        reportMaxMethodPoolSize = builder.get(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE);
+        Assert.assertEquals("REPORT_MAX_METHOD_POOL_SIZE not updated", new Integer(1000), reportMaxMethodPoolSize);
+        requestDenyList = builder.get(ConfigKey.REQUEST_DENY_LIST);
         Assert.assertEquals("REQUEST_DENY_LIST not updated", expectRequestDenyList, requestDenyList);
 
         ConfigBuilder.clear();

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java

@@ -1,7 +1,8 @@
 package io.dongtai.iast.core.handler.hookpoint;
 
 import com.secnium.iast.core.AgentEngine;
-import io.dongtai.iast.common.config.*;
+import io.dongtai.iast.common.config.ConfigBuilder;
+import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.common.scope.Scope;
 import io.dongtai.iast.common.scope.ScopeManager;
 import io.dongtai.iast.core.EngineManager;
@@ -668,7 +669,6 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,
         return false;
     }
 
-    @SuppressWarnings("unchecked")
     private boolean isCollectAllowed(boolean isEnterEntry) {
         if (!EngineManager.isEngineRunning()) {
             return false;
@@ -683,15 +683,12 @@ private boolean isCollectAllowed(boolean isEnterEntry) {
                 return false;
             }
 
-            try {
-                int methodPoolMaxSize = ((Config<Integer>) ConfigBuilder.getInstance()
-                        .getConfig(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE)).get();
-                if (methodPoolMaxSize > 0 && EngineManager.TRACK_MAP.get().size() >= methodPoolMaxSize) {
-                    ScopeManager.SCOPE_TRACKER.getPolicyScope().setOverCapacity(true);
-                    DongTaiLog.warn(ErrorCode.SPY_METHOD_POOL_OVER_CAPACITY, methodPoolMaxSize);
-                    return false;
-                }
-            } catch (Throwable ignore) {
+            Integer methodPoolMaxSize = ConfigBuilder.getInstance().get(ConfigKey.REPORT_MAX_METHOD_POOL_SIZE);
+            if (methodPoolMaxSize != null && methodPoolMaxSize > 0
+                    && EngineManager.TRACK_MAP.get().size() >= methodPoolMaxSize) {
+                ScopeManager.SCOPE_TRACKER.getPolicyScope().setOverCapacity(true);
+                DongTaiLog.warn(ErrorCode.SPY_METHOD_POOL_OVER_CAPACITY, methodPoolMaxSize);
+                return false;
             }
         }
 

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java

@@ -1,6 +1,7 @@
 package io.dongtai.iast.core.handler.hookpoint.controller.impl;
 
-import io.dongtai.iast.common.config.*;
+import io.dongtai.iast.common.config.ConfigBuilder;
+import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.core.EngineManager;
 import io.dongtai.iast.core.handler.context.ContextManager;
 import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
@@ -127,12 +128,10 @@ public static void collectDubboResponse(Object result, byte status) {
         if (result == null) {
             return;
         }
-        try {
-            boolean getBody = ((Config<Boolean>) ConfigBuilder.getInstance().getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
-            if (!getBody) {
-                return;
-            }
-        } catch (Throwable ignore) {
+
+        Boolean getBody = ConfigBuilder.getInstance().get(ConfigKey.REPORT_RESPONSE_BODY);
+        // default true
+        if (getBody != null && !getBody) {
             return;
         }
 

dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java

@@ -55,19 +55,14 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
             return;
         }
 
-        try {
-            Config<RequestDenyList> config = (Config<RequestDenyList>) ConfigBuilder.getInstance()
-                    .getConfig(ConfigKey.REQUEST_DENY_LIST);
-            RequestDenyList requestDenyList = config.get();
-            if (requestDenyList != null) {
-                String requestURL = ((StringBuffer) requestMeta.get("requestURL")).toString();
-                Map<String, String> headers = (Map<String, String>) requestMeta.get("headers");
-                if (requestDenyList.match(requestURL, headers)) {
-                    DongTaiLog.trace("HTTP Request {} deny to collect", requestURL);
-                    return;
-                }
+        RequestDenyList requestDenyList = ConfigBuilder.getInstance().get(ConfigKey.REQUEST_DENY_LIST);
+        if (requestDenyList != null) {
+            String requestURL = ((StringBuffer) requestMeta.get("requestURL")).toString();
+            Map<String, String> headers = (Map<String, String>) requestMeta.get("headers");
+            if (requestDenyList.match(requestURL, headers)) {
+                DongTaiLog.trace("HTTP Request {} deny to collect", requestURL);
+                return;
             }
-        } catch (Throwable ignore) {
         }
 
         Boolean isReplay = (Boolean) requestMeta.get("replay-request");
@@ -83,17 +78,15 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
         }
 
         try {
-            boolean enableVersionHeader = ((Config<Boolean>) ConfigBuilder.getInstance()
-                    .getConfig(ConfigKey.ENABLE_VERSION_HEADER)).get();
+            boolean enableVersionHeader = ConfigBuilder.getInstance().get(ConfigKey.ENABLE_VERSION_HEADER);
             String dastHeader = ((Map<String, String>) requestMeta.get("headers")).get(HEADER_DAST);
             String dastMarkHeader = ((Map<String, String>) requestMeta.get("headers")).get(HEADER_DAST_MARK);
             if (enableVersionHeader || dastHeader != null || dastMarkHeader != null) {
                 Method setHeaderMethod = ReflectUtils.getDeclaredMethodFromSuperClass(resp.getClass(),
                         "setHeader", new Class[]{String.class, String.class});
                 if (setHeaderMethod != null) {
                     if (enableVersionHeader) {
-                        String versionHeaderKey = ((Config<String>) ConfigBuilder.getInstance()
-                                .getConfig(ConfigKey.VERSION_HEADER_KEY)).get();
+                        String versionHeaderKey = ConfigBuilder.getInstance().get(ConfigKey.VERSION_HEADER_KEY);
                         setHeaderMethod.invoke(resp, versionHeaderKey, AgentConstant.VERSION_VALUE);
                     }
                     if (dastMarkHeader != null) {
@@ -234,12 +227,8 @@ public static Map<String, Collection<String>> parseResponseHeaders(Object resp,
     }
 
     public static void onServletOutputStreamWrite(String desc, Object stream, int b, byte[] bs, int offset, int len) {
-        try {
-            boolean getBody = ((Config<Boolean>) ConfigBuilder.getInstance().getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
-            if (!getBody) {
-                return;
-            }
-        } catch (Throwable ignore) {
+        Boolean getBody = ConfigBuilder.getInstance().get(ConfigKey.REPORT_RESPONSE_BODY);
+        if (getBody != null && !getBody) {
             return;
         }
 
@@ -280,12 +269,8 @@ public static void onServletOutputStreamWrite(String desc, Object stream, int b,
     }
 
     public static void onPrintWriterWrite(String desc, Object writer, int b, String s, char[] cs, int offset, int len) {
-        try {
-            boolean getBody = ((Config<Boolean>) ConfigBuilder.getInstance().getConfig(ConfigKey.REPORT_RESPONSE_BODY)).get();
-            if (!getBody) {
-                return;
-            }
-        } catch (Throwable ignore) {
+        Boolean getBody = ConfigBuilder.getInstance().get(ConfigKey.REPORT_RESPONSE_BODY);
+        if (getBody != null && !getBody) {
             return;
         }
 

dongtai-log/src/main/java/io/dongtai/log/DongTaiLog.java

@@ -109,6 +109,10 @@ private String getColorPrefix() {
 
     private static LogLevel getCurrentLevel() {
         String logLevel = IastProperties.getLogLevel();
+        return parseLevel(logLevel);
+    }
+
+    public static LogLevel parseLevel(String logLevel) {
         LogLevel lvl;
         if ("trace".equalsIgnoreCase(logLevel)) {
             lvl = LogLevel.TRACE;