fix: Custom model field adds ignore conditions: field.isSynthetic(),field.isEnumConstant(),obj instanceof Enumeration

Author: ‘niuerzhuang’

dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java

@@ -131,7 +131,7 @@ public static boolean isAllowTaintType(Class<?> objType) {
     }
 
     public static boolean isAllowTaintType(Object obj) {
-        if (obj == null) {
+        if (obj == null || obj instanceof Enumeration) {
             return false;
         }
         return isAllowTaintType(obj.getClass());
@@ -146,10 +146,10 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
         long identityHash = 0;
         boolean isSourceNode = policyNode instanceof SourceNode;
         if (isSourceNode) {
-            if (obj instanceof String){
+            if (obj instanceof String) {
                 identityHash = System.identityHashCode(obj);
-                hash = toStringHash(obj.hashCode(),identityHash);
-            }else {
+                hash = toStringHash(obj.hashCode(), identityHash);
+            } else {
                 hash = System.identityHashCode(obj);
                 identityHash = hash;
             }
@@ -195,7 +195,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
                 EngineManager.TAINT_HASH_CODES.add(hash);
                 event.addTargetHash(hash);
                 EngineManager.TAINT_RANGES_POOL.add(hash, tr);
-                TaintPoolUtils.customModel(isMicroservice,obj,cls,event,policyNode,depth);
+                TaintPoolUtils.customModel(isMicroservice, obj, cls, event, policyNode, depth);
             } else {
                 hash = getStringHash(obj);
                 if (EngineManager.TAINT_HASH_CODES.contains(hash)) {
@@ -205,12 +205,12 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
         }
     }
 
-    private static void customModel(Boolean isMicroservice, Object obj, Class<?> cls, MethodEvent event,PolicyNode policyNode,int depth) {
+    private static void customModel(Boolean isMicroservice, Object obj, Class<?> cls, MethodEvent event, PolicyNode policyNode, int depth) {
         if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) {
             try {
                 Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls);
                 for (Field field : declaredFields) {
-                    if (!Modifier.isStatic(field.getModifiers())) {
+                    if (!Modifier.isStatic(field.getModifiers()) && !field.isSynthetic() && !field.isEnumConstant()) {
                         trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice);
                     }
                 }
@@ -264,15 +264,15 @@ private static void trackOptional(MethodEvent event, PolicyNode policyNode, Obje
         }
     }
 
-    public static Long toStringHash(long objectHashCode,long identityHashCode) {
+    public static Long toStringHash(long objectHashCode, long identityHashCode) {
         return (objectHashCode << 32) | (identityHashCode & 0xFFFFFFFFL);
     }
 
     public static Long getStringHash(Object obj) {
         long hash;
-        if (obj instanceof String){
-            hash = TaintPoolUtils.toStringHash(obj.hashCode(),System.identityHashCode(obj));
-        }else {
+        if (obj instanceof String) {
+            hash = TaintPoolUtils.toStringHash(obj.hashCode(), System.identityHashCode(obj));
+        } else {
             hash = System.identityHashCode(obj);
         }
         return hash;