fix: jdk9+ module inject.

‘niuerzhuang’ · ‘niuerzhuang’ · commit e12f6cdf782d · 2023-06-28T14:30:13.000+08:00
diff --git a/dongtai-core/src/main/java/com/secnium/iast/core/AgentEngine.java b/dongtai-core/src/main/java/com/secnium/iast/core/AgentEngine.java
@@ -16,8 +16,7 @@
 
 import java.lang.dongtai.SpyDispatcherHandler;
 import java.lang.instrument.Instrumentation;
-import java.util.ArrayList;
-import java.util.ListIterator;
+import java.util.*;
 
 /**
  * @author dongzhiyong@huoxian.cn
@@ -71,6 +70,7 @@ public static void install(String mode, String propertiesFilePath, Integer agent
             DongTaiLog.info("DongTai Engine is successfully installed to the JVM, and it takes {} s",
                     stopWatch.getTime() / 1000);
             DongTaiLog.info("DongTai Agent Version: {}, DongTai Server: {}", AgentConstant.VERSION_VALUE, cfg.getBaseUrl());
+            inject(inst);
             new ServiceDirReport().send();
         } catch (Throwable e) {
             DongTaiLog.error(ErrorCode.get("ENGINE_INSTALL_FAILED"), e);
@@ -134,4 +134,37 @@ private void destroy() {
         }
     }
 
+
+    private static void redefineJavaBaseModule(Instrumentation instrumentation) {
+        if (doesSupportModules()) {
+            try {
+                Instrumentation.class.getMethod("redefineModule", Class.forName("java.lang.Module"), Set.class, Map.class, Map.class, Set.class, Map.class).invoke(instrumentation, getModule(Object.class), Collections.emptySet(), Collections.emptyMap(), Collections.singletonMap("java.lang", Collections.singleton(getModule(EngineManager.class))), Collections.emptySet(), Collections.emptyMap());
+            } catch (Exception e) {
+                DongTaiLog.error(ErrorCode.REDEFINE_MODULE_FAILED,e);
+            }
+        }
+    }
+
+    public static boolean doesSupportModules() {
+        try {
+            Class.forName("java.lang.Module");
+            return true;
+        } catch (ClassNotFoundException e) {
+            return false;
+        }
+    }
+
+    private static Object getModule(Class<?> clazz) {
+        try {
+            return Class.class.getMethod("getModule", new Class[0]).invoke(clazz, new Object[0]);
+        } catch (Exception e) {
+            throw new IllegalStateException("There was a problem while getting the module of the class", e);
+        }
+    }
+    public static void inject(Instrumentation inst) {
+        if (doesSupportModules()) {
+            redefineJavaBaseModule(inst);
+        }
+    }
+
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java
@@ -278,9 +278,15 @@ static Method getAsmMethod(final Class<?> clazz,
             String.class
     );
 
-    Method SPY$isSkipCollect = InnerHelper.getAsmMethod(
+    Method SPY$isSkipCollectDubbo = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
-            "isSkipCollect",
+            "isSkipCollectDubbo",
+            Object.class
+    );
+
+    Method SPY$isSkipCollectFeign = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "isSkipCollectFeign",
             Object.class
     );
 
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboSyncHandlerInvokeAdviceAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DubboSyncHandlerInvokeAdviceAdapter.java
@@ -118,7 +118,7 @@ private void traceMethod() {
     private void skipCollect() {
         invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
         loadArg(0);
-        invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollect);
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollectDubbo);
         pop();
     }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/feign/FeignSyncHandlerInvokeAdviceAdapter.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/feign/FeignSyncHandlerInvokeAdviceAdapter.java
@@ -44,6 +44,7 @@ public void visitMaxs(int maxStack, int maxLocals) {
     }
 
     private void enterMethod() {
+        skipCollect();
         enterScope();
 
         Label elseLabel = new Label();
@@ -89,4 +90,11 @@ private void traceMethod() {
         invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$traceFeignInvoke);
         pop();
     }
+
+    private void skipCollect() {
+        invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);
+        loadThisOrPushNullIfIsStatic();
+        invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollectFeign);
+        pop();
+    }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/bypass/BlackUrlBypass.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/bypass/BlackUrlBypass.java
@@ -1,8 +1,8 @@
-package io.dongtai.iast.core.handler.skip;
+package io.dongtai.iast.core.handler.bypass;
 
 import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
 
-public class BlackUrlSkipHandler {
+public class BlackUrlBypass {
 
     private static BooleanThreadLocal isBlackUrl = new BooleanThreadLocal(false);
 
@@ -11,7 +11,7 @@ public static Boolean isBlackUrl() {
     }
 
     public static void setIsBlackUrl(Boolean isBlackUrl) {
-        BlackUrlSkipHandler.isBlackUrl.set(isBlackUrl);
+        BlackUrlBypass.isBlackUrl.set(isBlackUrl);
     }
 
     public static String getHeaderKey() {
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java
@@ -7,7 +7,8 @@
 import io.dongtai.iast.common.scope.ScopeManager;
 import io.dongtai.iast.core.EngineManager;
 import io.dongtai.iast.core.bytecode.enhance.plugin.spring.SpringApplicationImpl;
-import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
+import io.dongtai.iast.core.handler.bypass.BlackUrlBypass;
+import io.dongtai.iast.core.handler.context.ContextManager;
 import io.dongtai.iast.core.handler.hookpoint.controller.HookType;
 import io.dongtai.iast.core.handler.hookpoint.controller.impl.*;
 import io.dongtai.iast.core.handler.hookpoint.graphy.GraphBuilder;
@@ -16,10 +17,13 @@
 import io.dongtai.iast.core.handler.hookpoint.service.trace.DubboService;
 import io.dongtai.iast.core.handler.hookpoint.service.trace.FeignService;
 import io.dongtai.iast.core.utils.StringUtils;
+import io.dongtai.iast.core.utils.TaintPoolUtils;
+import io.dongtai.iast.core.utils.matcher.ConfigMatcher;
 import io.dongtai.log.DongTaiLog;
 import io.dongtai.log.ErrorCode;
 
 import java.lang.dongtai.SpyDispatcher;
+import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.InetSocketAddress;
@@ -184,6 +188,14 @@ public void collectHttpRequest(Object obj, Object req, Object resp, StringBuffer
                 put("headers", headers);
                 put("replay-request", !StringUtils.isEmpty(headers.get("dongtai-replay-id")));
             }};
+            if (ConfigMatcher.getInstance().getBlackUrl(requestMeta)) {
+                BlackUrlBypass.setIsBlackUrl(true);
+                return;
+            }
+            if (null != headers.get(BlackUrlBypass.getHeaderKey()) && headers.get(BlackUrlBypass.getHeaderKey()).equals("true")){
+                BlackUrlBypass.setIsBlackUrl(true);
+                return;
+            }
             HttpImpl.solveHttpRequest(obj, req, resp, requestMeta);
         } catch (Throwable e) {
             DongTaiLog.warn(ErrorCode.get("SPY_COLLECT_HTTP_FAILED"), "request", e);
@@ -701,20 +713,40 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,
     }
 
     @Override
-    public boolean isSkipCollect(Object invocation) {
-        if (BlackUrlSkipHandler.isBlackUrl()){
+    public boolean isSkipCollectDubbo(Object invocation) {
+        if (BlackUrlBypass.isBlackUrl()){
             Method setAttachmentMethod = null;
             try {
                 setAttachmentMethod = invocation.getClass().getMethod("setAttachment", String.class, String.class);
                 setAttachmentMethod.setAccessible(true);
-                setAttachmentMethod.invoke(invocation, BlackUrlSkipHandler.getHeaderKey(), BlackUrlSkipHandler.isBlackUrl().toString());
+                setAttachmentMethod.invoke(invocation, BlackUrlBypass.getHeaderKey(), BlackUrlBypass.isBlackUrl().toString());
             } catch (NoSuchMethodException | InvocationTargetException | IllegalAccessException e) {
-                DongTaiLog.error(ErrorCode.get("SPY_SKIP_COLLECT_DUBBO_FAILED"), e);
+                DongTaiLog.error(ErrorCode.get("BYPASS_FAILED_DUBBO"), e);
             }
         }
         return false;
     }
 
+    @Override
+    public boolean isSkipCollectFeign(Object instance) {
+        Field metadataField = null;
+        try {
+            metadataField = instance.getClass().getDeclaredField("metadata");
+            metadataField.setAccessible(true);
+            Object metadata = metadataField.get(instance);
+            Method templateMethod = metadata.getClass().getMethod("template");
+            Object template = templateMethod.invoke(metadata);
+
+            Method addHeaderMethod = template.getClass().getDeclaredMethod("header", String.class, String[].class);
+            addHeaderMethod.setAccessible(true);
+            addHeaderMethod.invoke(template, BlackUrlBypass.getHeaderKey(), new String[]{});
+            addHeaderMethod.invoke(template, BlackUrlBypass.getHeaderKey(), new String[]{BlackUrlBypass.isBlackUrl().toString()});
+        } catch (NoSuchFieldException | NoSuchMethodException | InvocationTargetException | IllegalAccessException e) {
+            DongTaiLog.error(ErrorCode.get("BYPASS_FAILED_FEIGN"), e);
+        }
+        return false;
+    }
+
     private boolean isCollectAllowed(boolean isEnterEntry) {
         if (!EngineManager.isEngineRunning()) {
             return false;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java
@@ -4,7 +4,7 @@
 import io.dongtai.iast.common.config.ConfigBuilder;
 import io.dongtai.iast.common.config.ConfigKey;
 import io.dongtai.iast.core.EngineManager;
-import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
+import io.dongtai.iast.core.handler.bypass.BlackUrlBypass;
 import io.dongtai.iast.core.handler.context.ContextManager;
 import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
 import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode;
@@ -55,7 +55,8 @@ public static void collectDubboRequestSource(Object handler, Object invocation,
         if (requestMeta == null) {
             return;
         }
-        if (null != headers.get(BlackUrlSkipHandler.getHeaderKey()) && headers.get(BlackUrlSkipHandler.getHeaderKey()).equals("true")){
+        if (null != headers.get(BlackUrlBypass.getHeaderKey()) && headers.get(BlackUrlBypass.getHeaderKey()).equals("true")){
+            BlackUrlBypass.setIsBlackUrl(true);
             return;
         }
 
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java
@@ -3,7 +3,6 @@
 import io.dongtai.iast.common.config.*;
 import io.dongtai.iast.common.constants.AgentConstant;
 import io.dongtai.iast.core.EngineManager;
-import io.dongtai.iast.core.handler.skip.BlackUrlSkipHandler;
 import io.dongtai.iast.core.handler.hookpoint.IastClassLoader;
 import io.dongtai.iast.core.utils.*;
 import io.dongtai.iast.core.utils.matcher.ConfigMatcher;
@@ -74,10 +73,6 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
         if (ConfigMatcher.getInstance().disableExtension((String) requestMeta.get("requestURI"))) {
             return;
         }
-        if (ConfigMatcher.getInstance().getBlackUrl(requestMeta)) {
-            BlackUrlSkipHandler.setIsBlackUrl(true);
-            return;
-        }
 
         try {
             boolean enableVersionHeader = ConfigBuilder.getInstance().get(ConfigKey.ENABLE_VERSION_HEADER);
diff --git a/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java b/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java
@@ -65,6 +65,7 @@ public enum ErrorCode {
     TRANSFORM_ENGINE_DESTROY_REDEFINE_CLASSES_FAILED(20122, "transform engine failed to redefine classes when destroy"),
     ENGINE_PROPERTIES_INITIALIZE_FAILED(20131, "engine properties initialize failed"),
     CLASS_DIAGRAM_SCAN_JAR_ANCESTOR_FAILED(20141, "class diagram scan jar ancestor failed"),
+    REDEFINE_MODULE_FAILED(20142, "There was a problem redefining the java.base module"),
 
     // transform
     TRANSFORM_CLASS_FAILED(20201, "transform class {} failed"),
@@ -88,7 +89,8 @@ public enum ErrorCode {
     SPY_TRACE_DUBBO_CONSUMER_INVOKE_FAILED(20361, "hookpoint trace dubbo consumer invoke failed"),
     SPY_LEAVE_DUBBO_FAILED(20362, "hookpoint leave dubbo failed"),
     SPY_COLLECT_DUBBO_FAILED(20363, "hookpoint collect dubbo {} failed"),
-    SPY_SKIP_COLLECT_DUBBO_FAILED(20364, "hookpoint skip collect dubbo {} failed"),
+    BYPASS_FAILED_DUBBO(20364, "hookpoint skip collect dubbo {} failed"),
+    BYPASS_FAILED_FEIGN(20365, "hookpoint skip collect feign {} failed"),
 
     // report & replay
     REPORT_SEND_FAILED(20401, "send report to {} error, report: {}"),
diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java b/dongtai-spy/src/main/java/java/lang/dongtai/NopSpy.java
@@ -263,7 +263,12 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,
     }
 
     @Override
-    public boolean isSkipCollect(Object invocation) {
+    public boolean isSkipCollectDubbo(Object invocation) {
+        return false;
+    }
+
+    @Override
+    public boolean isSkipCollectFeign(Object instance) {
         return false;
     }
 
diff --git a/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java b/dongtai-spy/src/main/java/java/lang/dongtai/SpyDispatcher.java
@@ -171,5 +171,7 @@ boolean traceDubboInvoke(Object instance, String url, Object invocation, Object[
                              Map<String, String> headers, String className, String methodName,
                              String signature);
 
-    boolean isSkipCollect(Object invocation);
+    boolean isSkipCollectDubbo(Object invocation);
+
+    boolean isSkipCollectFeign(Object instance);
 }

Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ private void traceMethod() {`
`118`	`118`	`private void skipCollect() {`
`119`	`119`	`invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);`
`120`	`120`	`loadArg(0);`
`121`		`- invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollect);`
	`121`	`+ invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollectDubbo);`
`122`	`122`	`pop();`
`123`	`123`	`}`
`124`	`124`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,7 @@ public void visitMaxs(int maxStack, int maxLocals) {`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`private void enterMethod() {`
	`47`	`+ skipCollect();`
`47`	`48`	`enterScope();`
`48`	`49`
`49`	`50`	`Label elseLabel = new Label();`
`@@ -89,4 +90,11 @@ private void traceMethod() {`
`89`	`90`	`invokeInterface(ASM_TYPE_SPY_DISPATCHER, SPY$traceFeignInvoke);`
`90`	`91`	`pop();`
`91`	`92`	`}`
	`93`	`+`
	`94`	`+ private void skipCollect() {`
	`95`	`+ invokeStatic(ASM_TYPE_SPY_HANDLER, SPY_HANDLER$getDispatcher);`
	`96`	`+ loadThisOrPushNullIfIsStatic();`
	`97`	`+ invokeInterface(ASM_TYPE_SPY_DISPATCHER,SPY$isSkipCollectFeign);`
	`98`	`+ pop();`
	`99`	`+ }`
`92`	`100`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`		`-package io.dongtai.iast.core.handler.skip;`
	`1`	`+package io.dongtai.iast.core.handler.bypass;`
`2`	`2`
`3`	`3`	`import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;`
`4`	`4`
`5`		`-public class BlackUrlSkipHandler {`
	`5`	`+public class BlackUrlBypass {`
`6`	`6`
`7`	`7`	`private static BooleanThreadLocal isBlackUrl = new BooleanThreadLocal(false);`
`8`	`8`
`@@ -11,7 +11,7 @@ public static Boolean isBlackUrl() {`
`11`	`11`	`}`
`12`	`12`
`13`	`13`	`public static void setIsBlackUrl(Boolean isBlackUrl) {`
`14`		`- BlackUrlSkipHandler.isBlackUrl.set(isBlackUrl);`
	`14`	`+ BlackUrlBypass.isBlackUrl.set(isBlackUrl);`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`public static String getHeaderKey() {`
Original file line number	Diff line number	Diff line change
`@@ -263,7 +263,12 @@ public boolean traceDubboInvoke(Object instance, String url, Object invocation,`
`263`	`263`	`}`
`264`	`264`
`265`	`265`	`@Override`
`266`		`- public boolean isSkipCollect(Object invocation) {`
	`266`	`+ public boolean isSkipCollectDubbo(Object invocation) {`
	`267`	`+ return false;`
	`268`	`+ }`
	`269`	`+`
	`270`	`+ @Override`
	`271`	`+ public boolean isSkipCollectFeign(Object instance) {`
`267`	`272`	`return false;`
`268`	`273`	`}`
`269`	`274`