fix: spring api gather is compatible with tomcat env

CC11001100 · CC11001100 · commit bd044271be5a · 2023-06-30T10:09:44.000+08:00
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/api/SpringGatherApiThread.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/api/SpringGatherApiThread.java
@@ -1,10 +1,13 @@
 package io.dongtai.iast.core.handler.hookpoint.api;
 
 import io.dongtai.iast.common.constants.AgentConstant;
+import io.dongtai.iast.core.handler.hookpoint.IastClassLoader;
 import io.dongtai.iast.core.handler.hookpoint.controller.impl.HttpImpl;
 import io.dongtai.log.DongTaiLog;
 
+import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.net.URL;
 
 /**
  * @author CC11001100
@@ -22,7 +25,7 @@ public static void gather(Object applicationContext) {
             return;
         }
         isStarted = true;
-        
+
         new SpringGatherApiThread(applicationContext).start();
     }
 
@@ -36,15 +39,40 @@ public SpringGatherApiThread(Object applicationContext) {
     @Override
     public void run() {
         try {
-            Class<?> proxyClass = HttpImpl.getClassLoader().loadClass("io.dongtai.iast.api.gather.spring.extractor.SpringMVCApiExtractor");
-            Method getAPI = proxyClass.getDeclaredMethod("run", Object.class);
-            Object openApi = getAPI.invoke(null, applicationContext);
-            report(openApi, FRAMEWORK_NAME);
+            this.runWithClassLoader(HttpImpl.getClassLoader());
         } catch (NoClassDefFoundError e) {
             DongTaiLog.debug("SpringGatherApiThread NoClassDefFoundError ", e);
+
+            // 让它继承当前线程的上下文，在Tomcat这种破坏双亲委派的场景作为fallback
+            // 比如在Tomcat下可能Request是一个ClassLoader，可能Context中的Spring类被另一个单独的ParallelWebappClassLoader所加载
+            try {
+                IastClassLoader iastClassLoader = new IastClassLoader(
+                        Thread.currentThread().getContextClassLoader(),
+                        new URL[]{HttpImpl.IAST_REQUEST_JAR_PACKAGE.toURI().toURL()});
+                this.runWithClassLoader(iastClassLoader);
+            } catch (Throwable e2) {
+                DongTaiLog.debug("SpringGatherApiThread NoClassDefFoundError 002", e2);
+            }
+
         } catch (Throwable e) {
             DongTaiLog.error("SpringGatherApiThread.reflection failed", e);
         }
     }
 
+    /**
+     * 使用给定的ClassLoader加载收集API
+     *
+     * @param classLoader
+     * @throws NoSuchMethodException
+     * @throws InvocationTargetException
+     * @throws IllegalAccessException
+     * @throws ClassNotFoundException
+     */
+    private void runWithClassLoader(ClassLoader classLoader) throws NoSuchMethodException, InvocationTargetException, IllegalAccessException, ClassNotFoundException {
+        Class<?> proxyClass = classLoader.loadClass("io.dongtai.iast.api.gather.spring.extractor.SpringMVCApiExtractor");
+        Method getAPI = proxyClass.getDeclaredMethod("run", Object.class);
+        Object openApi = getAPI.invoke(null, applicationContext);
+        report(openApi, FRAMEWORK_NAME);
+    }
+
 }
