fix: dubbo blacklist skip collection.

‘niuerzhuang’ · ‘niuerzhuang’ · commit 714de22b03df · 2023-06-25T19:01:32.000+08:00
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java
@@ -278,6 +278,12 @@ static Method getAsmMethod(final Class<?> clazz,
             String.class
     );
 
+    Method SPY$isSkipCollect = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "isSkipCollect",
+            Object.class
+    );
+
     Method SPY$reportService = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "reportService",
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboSyncHandlerInvokeAdviceAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboSyncHandlerInvokeAdviceAdapter.java
@@ -61,6 +61,7 @@ public void visitMaxs(int maxStack, int maxLocals) {
     }
 
     private void enterMethod() {
+        skipCollect();
         enterScope();
 
         Label elseLabel = new Label();
@@ -113,4 +114,11 @@ private void traceMethod() {
         invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$traceDubboInvoke);
         pop();
     }
+
+    private void skipCollect() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        loadArg(0);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollect);
+        pop();
+    }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java
@@ -7,6 +7,7 @@
 import io.dongtai.iast.common.scope.ScopeManager;
 import io.dongtai.iast.core.EngineManager;
 import io.dongtai.iast.core.bytecode.enhance.plugin.spring.SpringApplicationImpl;
+import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
 import io.dongtai.iast.core.handler.hookpoint.controller.HookType;
 import io.dongtai.iast.core.handler.hookpoint.controller.impl.*;
 import io.dongtai.iast.core.handler.hookpoint.graphy.GraphBuilder;
@@ -19,6 +20,8 @@
 import io.dongtai.log.ErrorCode;
 
 import java.lang.dongtai.SpyDispatcher;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.InetSocketAddress;
 import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
@@ -697,6 +700,21 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,
         return false;
     }
 
+    @Override
+    public boolean isSkipCollect(Object invocation) {
+        if (BlackUrlSkipHandler.isBlackUrl()){
+            Method setAttachmentMethod = null;
+            try {
+                setAttachmentMethod = invocation.getClass().getMethod("setAttachment", String.class, String.class);
+                setAttachmentMethod.setAccessible(true);
+                setAttachmentMethod.invoke(invocation, BlackUrlSkipHandler.getHeaderKey(), BlackUrlSkipHandler.isBlackUrl().toString());
+            } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) {
+                DongTaiLog.error(ErrorCode.get("SPY_SKIP_COLLECT_DUBBO_FAILED"), e);
+            }
+        }
+        return false;
+    }
+
     private boolean isCollectAllowed(boolean isEnterEntry) {
         if (!EngineManager.isEngineRunning()) {
             return false;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java
@@ -4,6 +4,7 @@
 import io.dongtai.iast.common.config.ConfigBuilder;
 import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.core.EngineManager;
+import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
 import io.dongtai.iast.core.handler.context.ContextManager;
 import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode;
@@ -54,6 +55,9 @@ public static void collectDubboRequestSource(Object handler, Object invocation,
         if (requestMeta == null) {
             return;
         }
+        if (null != headers.get(BlackUrlSkipHandler.getHeaderKey()) && headers.get(BlackUrlSkipHandler.getHeaderKey()).equals("true")){
+            return;
+        }
 
         String url = (String) requestMeta.get("requestURL") + "/" + methodName;
         String uri = (String) requestMeta.get("requestURI") + "/" + methodName;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java
@@ -3,6 +3,7 @@
 import io.dongtai.iast.common.config.*;
 import io.dongtai.iast.common.constants.AgentConstant;
 import io.dongtai.iast.core.EngineManager;
+import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
 import io.dongtai.iast.core.handler.hookpoint.IastClassLoader;
 import io.dongtai.iast.core.utils.*;
 import io.dongtai.iast.core.utils.matcher.ConfigMatcher;
@@ -74,6 +75,7 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
             return;
         }
         if (ConfigMatcher.getInstance().getBlackUrl(requestMeta)) {
+            BlackUrlSkipHandler.setIsBlackUrl(true);
             return;
         }
 
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/skip/BlackUrlSkipHandler.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/skip/BlackUrlSkipHandler.java
@@ -0,0 +1,20 @@
+package io.dongtai.iast.core.handler.skip;
+
+import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
+
+public class BlackUrlSkipHandler {
+
+    private static BooleanThreadLocal isBlackUrl = new BooleanThreadLocal(false);
+
+    public static Boolean isBlackUrl() {
+        return isBlackUrl.get();
+    }
+
+    public static void setIsBlackUrl(Boolean isBlackUrl) {
+        BlackUrlSkipHandler.isBlackUrl.set(isBlackUrl);
+    }
+
+    public static String getHeaderKey() {
+        return "dt-collect-skip";
+    }
+}
diff --git a/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java b/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java
@@ -88,6 +88,7 @@ public enum ErrorCode {
     SPY_TRACE_DUBBO_CONSUMER_INVOKE_FAILED(20361, "hookpoint trace dubbo consumer invoke failed"),
     SPY_LEAVE_DUBBO_FAILED(20362, "hookpoint leave dubbo failed"),
     SPY_COLLECT_DUBBO_FAILED(20363, "hookpoint collect dubbo {} failed"),
+    SPY_SKIP_COLLECT_DUBBO_FAILED(20364, "hookpoint skip collect dubbo {} failed"),
 
     // report & replay
     REPORT_SEND_FAILED(20401, "send report to {} error, report: {}"),
diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java
@@ -261,4 +261,10 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,
                                     String signature) {
         return false;
     }
+
+    @Override
+    public boolean isSkipCollect(Object invocation) {
+        return false;
+    }
+
 }
diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java
@@ -170,4 +170,6 @@ boolean traceFeignInvoke(Object instance, Object[] parameters,
     boolean traceDubboInvoke(Object instance, String url, Object invocation, Object[] arguments,
                              Map<String, String> headers, String className, String methodName,
                              String signature);
+
+    boolean isSkipCollect(Object invocation);
 }

Original file line number	Diff line number	Diff line change
`@@ -61,6 +61,7 @@ public void visitMaxs(int maxStack, int maxLocals) {`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`private void enterMethod() {`
	`64`	`+ skipCollect();`
`64`	`65`	`enterScope();`
`65`	`66`
`66`	`67`	`Label elseLabel = new Label();`
`@@ -113,4 +114,11 @@ private void traceMethod() {`
`113`	`114`	`invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$traceDubboInvoke);`
`114`	`115`	`pop();`
`115`	`116`	`}`
	`117`	`+`
	`118`	`+ private void skipCollect() {`
	`119`	`+ invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);`
	`120`	`+ loadArg(0);`
	`121`	`+ invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollect);`
	`122`	`+ pop();`
	`123`	`+ }`
`116`	`124`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`import io.dongtai.iast.common.config.*;`
`4`	`4`	`import io.dongtai.iast.common.constants.AgentConstant;`
`5`	`5`	`import io.dongtai.iast.core.EngineManager;`
	`6`	`+import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;`
`6`	`7`	`import io.dongtai.iast.core.handler.hookpoint.IastClassLoader;`
`7`	`8`	`import io.dongtai.iast.core.utils.*;`
`8`	`9`	`import io.dongtai.iast.core.utils.matcher.ConfigMatcher;`
`@@ -74,6 +75,7 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str`
`74`	`75`	`return;`
`75`	`76`	`}`
`76`	`77`	`if (ConfigMatcher.getInstance().getBlackUrl(requestMeta)) {`
	`78`	`+ BlackUrlSkipHandler.setIsBlackUrl(true);`
`77`	`79`	`return;`
`78`	`80`	`}`
`79`	`81`
Original file line number	Diff line number	Diff line change
`@@ -261,4 +261,10 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,`
`261`	`261`	`String signature) {`
`262`	`262`	`return false;`
`263`	`263`	`}`
	`264`	`+`
	`265`	`+ @Override`
	`266`	`+ public boolean isSkipCollect(Object invocation) {`
	`267`	`+ return false;`
	`268`	`+ }`
	`269`	`+`
`264`	`270`	`}`
Original file line number	Diff line number	Diff line change
`@@ -170,4 +170,6 @@ boolean traceFeignInvoke(Object instance, Object[] parameters,`
`170`	`170`	`boolean traceDubboInvoke(Object instance, String url, Object invocation, Object[] arguments,`
`171`	`171`	`Map<String, String> headers, String className, String methodName,`
`172`	`172`	`String signature);`
	`173`	`+`
	`174`	`+ boolean isSkipCollect(Object invocation);`
`173`	`175`	`}`