fix: taint max length.

‘niuerzhuang’ · ‘niuerzhuang’ · commit a1c863eadf5d · 2023-08-29T10:21:34.000+08:00
diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java
@@ -32,4 +32,5 @@ public class PropertyConstant {
     public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path";
     public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins";
     public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled.features";
+    public static final String PROPERTY_TAINT_LENGTH = "dongtai.taint.length";
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java
@@ -3,6 +3,7 @@
 import com.alibaba.fastjson2.JSONObject;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.TaintPosition;
 import io.dongtai.iast.core.handler.hookpoint.models.taint.range.TaintRanges;
+import io.dongtai.iast.core.utils.PropertyUtils;
 import io.dongtai.iast.core.utils.StringUtils;
 
 import java.io.StringWriter;
@@ -286,6 +287,7 @@ public void setCallStack(StackTraceElement callStack) {
     }
 
     public String obj2String(Object value) {
+        int taintValueLength = PropertyUtils.getInstance().getTaintValueLength();
         StringBuilder sb = new StringBuilder();
         if (null == value) {
             return "";
@@ -299,27 +301,37 @@ public String obj2String(Object value) {
                         if (taint.getClass().isArray() && !taint.getClass().getComponentType().isPrimitive()) {
                             Object[] subTaints = (Object[]) taint;
                             for (Object subTaint : subTaints) {
-                                sb.append(subTaint.toString()).append(" ");
+                                appendWithMaxLength(sb, subTaint.toString() + " ", taintValueLength);
                             }
                         } else {
-                            sb.append(taint.toString()).append(" ");
+                            appendWithMaxLength(sb, taint.toString() + " ", taintValueLength);
                         }
                     }
                 }
             } else if (value instanceof StringWriter) {
-                sb.append(((StringWriter) value).getBuffer().toString());
+                appendWithMaxLength(sb, ((StringWriter) value).getBuffer().toString(), taintValueLength);
             } else {
-                sb.append(value.toString());
+                appendWithMaxLength(sb, value.toString(), taintValueLength);
             }
         } catch (Throwable e) {
             // org.jruby.RubyBasicObject.hashCode() may cause NullPointerException when RubyBasicObject.metaClass is null
-            sb.append(value.getClass().getName())
-                    .append("@")
-                    .append(Integer.toHexString(System.identityHashCode(value)));
+            String typeName = value.getClass().getName() + "@" + Integer.toHexString(System.identityHashCode(value));
+            appendWithMaxLength(sb, typeName, taintValueLength);
         }
         return sb.toString();
     }
 
+    private void appendWithMaxLength(StringBuilder sb, String content, int maxLength) {
+        if (sb.length() + content.length() > maxLength) {
+            int remainingSpace = maxLength - sb.length();
+            if (remainingSpace > 0) {
+                sb.append(content, 0, remainingSpace);
+            }
+        } else {
+            sb.append(content);
+        }
+    }
+
     public List<Object> getStacks() {
         return stacks;
     }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java
@@ -35,6 +35,9 @@ public class PropertyUtils {
 
     private final String propertiesFilePath;
 
+    private int taintValueLength = -1;
+
+
     public static PropertyUtils getInstance(String propertiesFilePath) {
         if (null == instance) {
             instance = new PropertyUtils(propertiesFilePath);
@@ -229,4 +232,13 @@ public static Boolean isDisabledCustomModel() {
     public static Boolean validatedSink() {
         return ConfigBuilder.getInstance().get(ConfigKey.VALIDATED_SINK);
     }
+
+    public int getTaintValueLength() {
+        if (-1 == taintValueLength) {
+            taintValueLength = Integer
+                    .parseInt(System.getProperty(PropertyConstant.PROPERTY_TAINT_LENGTH,
+                            cfg.getProperty(PropertyConstant.PROPERTY_TAINT_LENGTH, "1024")));
+        }
+        return taintValueLength;
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -32,4 +32,5 @@ public class PropertyConstant {`
`32`	`32`	`public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path";`
`33`	`33`	`public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins";`
`34`	`34`	`public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled.features";`
	`35`	`+ public static final String PROPERTY_TAINT_LENGTH = "dongtai.taint.length";`
`35`	`36`	`}`