fix: String hash enhance.

‘niuerzhuang’ · ‘niuerzhuang’ · commit e6180bc40fad · 2023-06-06T17:05:18.000+08:00
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java b/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java
@@ -136,16 +136,16 @@ public static void enterHttpEntry(Map<String, Object> requestMeta) {
         }
         REQUEST_CONTEXT.set(requestMeta);
         TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));
-        TAINT_HASH_CODES.set(new HashSet<Integer>());
-        TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
+        TAINT_HASH_CODES.set(new HashSet<Long>());
+        TAINT_RANGES_POOL.set(new HashMap<Long, TaintRanges>());
         ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter();
     }
 
     public static void enterDubboEntry(Map<String, Object> requestMeta) {
         REQUEST_CONTEXT.set(requestMeta);
         TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));
-        TAINT_HASH_CODES.set(new HashSet<Integer>());
-        TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
+        TAINT_HASH_CODES.set(new HashSet<Long>());
+        TAINT_RANGES_POOL.set(new HashMap<Long, TaintRanges>());
         ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter();
     }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java
@@ -101,7 +101,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation,
 
         // for display taint range (full arguments value)
         String fv = event.parameterValues.get(0).getValue();
-        int hash = System.identityHashCode(fv);
+        long hash = TaintPoolUtils.toStringHash(fv.hashCode(),System.identityHashCode(fv));
         int len = TaintRangesBuilder.getLength(fv);
         TaintRanges tr = new TaintRanges(new TaintRange(0, len));
         event.targetRanges.add(0, new MethodEvent.MethodEventTargetRange(hash, tr));
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java
@@ -165,7 +165,7 @@ private static boolean setTarget(PropagatorNode propagatorNode, MethodEvent even
     }
 
     private static TaintRanges getTaintRanges(Object obj) {
-        int hash = System.identityHashCode(obj);
+        long hash = TaintPoolUtils.getStringHash(obj);
         TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash);
         if (tr == null) {
             tr = new TaintRanges();
@@ -209,7 +209,7 @@ private static void trackTaintRange(PropagatorNode propagatorNode, MethodEvent e
             }
         }
 
-        int tgtHash = 0;
+        long tgtHash = 0;
         Object tgt = null;
         Set<TaintPosition> targetLocs = propagatorNode.getTargets();
         // may have multiple targets?
@@ -218,17 +218,16 @@ private static void trackTaintRange(PropagatorNode propagatorNode, MethodEvent e
         }
         if (TaintPosition.hasObject(targetLocs)) {
             tgt = event.objectInstance;
-            tgtHash = System.identityHashCode(tgt);
+            tgtHash = TaintPoolUtils.getStringHash(tgt);
             oldTaintRanges = getTaintRanges(tgt);
         } else if (TaintPosition.hasReturn(targetLocs)) {
-            tgt = event.returnInstance;
-            tgtHash = System.identityHashCode(tgt);
+            tgtHash = TaintPoolUtils.getStringHash(tgt);
         } else if (TaintPosition.hasParameter(targetLocs)) {
             for (TaintPosition targetLoc : targetLocs) {
                 int parameterIndex = targetLoc.getParameterIndex();
                 if (event.parameterInstances.length > parameterIndex) {
                     tgt = event.parameterInstances[parameterIndex];
-                    tgtHash = System.identityHashCode(tgt);
+                    tgtHash = TaintPoolUtils.getStringHash(tgt);
                     oldTaintRanges = getTaintRanges(tgt);
                 }
             }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java
@@ -82,9 +82,9 @@ public class MethodEvent {
      */
     public String returnValue;
 
-    private final Set<Integer> sourceHashes = new HashSet<Integer>();
+    private final Set<Long> sourceHashes = new HashSet<Long>();
 
-    private final Set<Integer> targetHashes = new HashSet<Integer>();
+    private final Set<Long> targetHashes = new HashSet<Long>();
 
     public List<MethodEventTargetRange> targetRanges = new ArrayList<MethodEventTargetRange>();
 
@@ -118,10 +118,10 @@ public JSONObject toJson() {
     }
 
     public static class MethodEventSourceType {
-        private final Integer hash;
+        private final Long hash;
         private final String type;
 
-        public MethodEventSourceType(Integer hash, String type) {
+        public MethodEventSourceType(Long hash, String type) {
             this.hash = hash;
             this.type = type;
         }
@@ -135,10 +135,10 @@ public JSONObject toJson() {
     }
 
     public static class MethodEventTargetRange {
-        private final Integer hash;
+        private final Long hash;
         private final TaintRanges ranges;
 
-        public MethodEventTargetRange(Integer hash, TaintRanges ranges) {
+        public MethodEventTargetRange(Long hash, TaintRanges ranges) {
             this.hash = hash;
             this.ranges = ranges;
         }
@@ -234,19 +234,19 @@ private String formatValue(Object val, boolean hasTaint) {
                 + (hasTaint ? "*" : "") + String.valueOf(str.length());
     }
 
-    public Set<Integer> getSourceHashes() {
+    public Set<Long> getSourceHashes() {
         return sourceHashes;
     }
 
-    public void addSourceHash(int hashcode) {
+    public void addSourceHash(long hashcode) {
         this.sourceHashes.add(hashcode);
     }
 
-    public Set<Integer> getTargetHashes() {
+    public Set<Long> getTargetHashes() {
         return targetHashes;
     }
 
-    public void addTargetHash(int hashCode) {
+    public void addTargetHash(long hashCode) {
         this.targetHashes.add(hashCode);
     }
 
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java
@@ -122,7 +122,7 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) {
         if (VulnType.REFLECTED_XSS.equals(sinkNode.getVulType()) && !sourceInstances.isEmpty()) {
             boolean tagsHit = false;
             for (Object sourceInstance : sourceInstances) {
-                int hash = System.identityHashCode(sourceInstance);
+                long hash = TaintPoolUtils.getStringHash(sourceInstance);
                 TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash);
                 if (tr == null || tr.isEmpty()) {
                     continue;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java
@@ -112,7 +112,7 @@ private boolean checkPath(String path, MethodEvent event) {
             return false;
         }
 
-        TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(path));
+        TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(TaintPoolUtils.toStringHash(path.hashCode(),System.identityHashCode(path)));
         if (tr.isEmpty()) {
             return false;
         }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java
@@ -361,7 +361,8 @@ private boolean addSourceType(MethodEvent event, Map<String, Object> sourceMap)
 
     private boolean checkTaintPool(MethodEvent event, String key, Object value) {
         if (!"".equals(value) && TaintPoolUtils.poolContains(value, event)) {
-            event.sourceTypes.add(new MethodEvent.MethodEventSourceType(System.identityHashCode(value), key));
+            long hash = TaintPoolUtils.getStringHash(value);
+            event.sourceTypes.add(new MethodEvent.MethodEventSourceType(hash, key));
             return true;
         }
         return false;
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java
@@ -125,8 +125,8 @@ private boolean checkValue(Object val, MethodEvent event) {
         if (!TaintPoolUtils.poolContains(val, event)) {
             return false;
         }
-
-        TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(val));
+        long hash = TaintPoolUtils.getStringHash(val);
+        TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash);
         if (tr.isEmpty()) {
             return false;
         }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java
@@ -4,7 +4,7 @@
  * @author dongzhiyong@huoxian.cn
  */
 public class HashCode {
-    public static int calc(Object obj) {
+    public static long calc(Object obj) {
         if (obj instanceof String) {
             return ((String) obj).hashCode();
         } else {
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java
@@ -29,11 +29,12 @@ public static boolean poolContains(Object obj, MethodEvent event) {
             return false;
         }
 
+        long hash = getStringHash(obj);
         boolean isContains;
         // check object hash exists
-        isContains = contains(obj);
+        isContains = contains(hash);
         if (isContains) {
-            event.addSourceHash(System.identityHashCode(obj));
+            event.addSourceHash(hash);
             return true;
         }
 
@@ -59,11 +60,11 @@ public static boolean poolContains(Object obj, MethodEvent event) {
     /**
      * 判断污点是否匹配
      *
-     * @param obj Object
+     * @param hash long
      * @return boolean
      */
-    private static boolean contains(Object obj) {
-        return EngineManager.TAINT_HASH_CODES.contains(System.identityHashCode(obj));
+    private static boolean contains(long hash) {
+        return EngineManager.TAINT_HASH_CODES.contains(hash);
     }
 
     /**
@@ -141,10 +142,17 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
             return;
         }
 
-        int hash = 0;
+        long hash = 0;
+        long identityHash = 0;
         boolean isSourceNode = policyNode instanceof SourceNode;
         if (isSourceNode) {
-            hash = System.identityHashCode(obj);
+            if (obj instanceof String){
+                identityHash = System.identityHashCode(obj);
+                hash = toStringHash(obj.hashCode(),identityHash);
+            }else {
+                hash = System.identityHashCode(obj);
+                identityHash = hash;
+            }
             if (EngineManager.TAINT_HASH_CODES.contains(hash)) {
                 return;
             }
@@ -170,7 +178,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
         } else {
             if (isSourceNode) {
                 int len = TaintRangesBuilder.getLength(obj);
-                if (hash == 0 || len == 0) {
+                if (identityHash == 0 || len == 0) {
                     return;
                 }
 
@@ -205,7 +213,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object
                     }
                 }
             } else {
-                hash = System.identityHashCode(obj);
+                hash = getStringHash(obj);
                 if (EngineManager.TAINT_HASH_CODES.contains(hash)) {
                     event.addSourceHash(hash);
                 }
@@ -251,4 +259,19 @@ private static void trackOptional(MethodEvent event, PolicyNode policyNode, Obje
         } catch (Throwable ignore) {
         }
     }
+
+    public static Long toStringHash(long objectHashCode,long identityHashCode) {
+        return (objectHashCode << 32) | (identityHashCode & 0xFFFFFFFFL);
+    }
+
+    public static Long getStringHash(Object obj) {
+        long hash;
+        if (obj instanceof String){
+            hash = TaintPoolUtils.toStringHash(obj.hashCode(),System.identityHashCode(obj));
+        }else {
+            hash = System.identityHashCode(obj);
+        }
+        return hash;
+    }
+
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java
@@ -11,24 +11,24 @@
 /**
  * @author dongzhiyong@huoxian.cn
  */
-public class IastTaintHashCodes extends ThreadLocal<HashSet<Integer>> {
+public class IastTaintHashCodes extends ThreadLocal<HashSet<Long>> {
     @Override
-    protected HashSet<Integer> initialValue() {
+    protected HashSet<Long> initialValue() {
         return null;
     }
 
     public boolean isEmpty() {
         return this.get() == null || this.get().isEmpty();
     }
 
-    public boolean contains(Integer hashCode) {
+    public boolean contains(Long hashCode) {
         if (this.get() == null) {
             return false;
         }
         return this.get().contains(hashCode);
     }
 
-    public void add(Integer hashCode) {
+    public void add(Long hashCode) {
         if (this.get() == null) {
             return;
         }
@@ -41,16 +41,20 @@ public void addObject(Object obj, MethodEvent event) {
         }
 
         try {
-            int subHashCode = 0;
+            long subHashCode = 0;
             if (obj instanceof String[]) {
                 String[] tempObjs = (String[]) obj;
                 for (String tempObj : tempObjs) {
-                    subHashCode = System.identityHashCode(tempObj);
+                    subHashCode = TaintPoolUtils.toStringHash(tempObj.hashCode(),System.identityHashCode(tempObj));
                     this.add(subHashCode);
                     event.addTargetHash(subHashCode);
                 }
             } else if (obj instanceof Map) {
-                int hashCode = System.identityHashCode(obj);
+                long hashCode = System.identityHashCode(obj);
+                this.add(hashCode);
+                event.addTargetHash(hashCode);
+            } else if (obj instanceof String){
+                long hashCode = TaintPoolUtils.toStringHash(obj.hashCode(),System.identityHashCode(obj));
                 this.add(hashCode);
                 event.addTargetHash(hashCode);
             } else if (obj.getClass().isArray() && !obj.getClass().getComponentType().isPrimitive()) {
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java
@@ -4,17 +4,17 @@
 
 import java.util.Map;
 
-public class TaintRangesPool extends ThreadLocal<Map<Integer, TaintRanges>> {
+public class TaintRangesPool extends ThreadLocal<Map<Long, TaintRanges>> {
     @Override
-    protected Map<Integer, TaintRanges> initialValue() {
+    protected Map<Long, TaintRanges> initialValue() {
         return null;
     }
 
-    public void add(Integer hash, TaintRanges taintRanges) {
+    public void add(Long hash, TaintRanges taintRanges) {
         this.get().put(hash, taintRanges);
     }
 
-    public TaintRanges get(int hash) {
+    public TaintRanges get(long hash) {
         return this.get().get(hash);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -136,16 +136,16 @@ public static void enterHttpEntry(Map<String, Object> requestMeta) {`
`136`	`136`	`}`
`137`	`137`	`REQUEST_CONTEXT.set(requestMeta);`
`138`	`138`	`TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));`
`139`		`- TAINT_HASH_CODES.set(new HashSet<Integer>());`
`140`		`- TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());`
	`139`	`+ TAINT_HASH_CODES.set(new HashSet<Long>());`
	`140`	`+ TAINT_RANGES_POOL.set(new HashMap<Long, TaintRanges>());`
`141`	`141`	`ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter();`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`public static void enterDubboEntry(Map<String, Object> requestMeta) {`
`145`	`145`	`REQUEST_CONTEXT.set(requestMeta);`
`146`	`146`	`TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));`
`147`		`- TAINT_HASH_CODES.set(new HashSet<Integer>());`
`148`		`- TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());`
	`147`	`+ TAINT_HASH_CODES.set(new HashSet<Long>());`
	`148`	`+ TAINT_RANGES_POOL.set(new HashMap<Long, TaintRanges>());`
`149`	`149`	`ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter();`
`150`	`150`	`}`
`151`	`151`	`}`
Original file line number	Diff line number	Diff line change
`@@ -82,9 +82,9 @@ public class MethodEvent {`
`82`	`82`	`*/`
`83`	`83`	`public String returnValue;`
`84`	`84`
`85`		`- private final Set<Integer> sourceHashes = new HashSet<Integer>();`
	`85`	`+ private final Set<Long> sourceHashes = new HashSet<Long>();`
`86`	`86`
`87`		`- private final Set<Integer> targetHashes = new HashSet<Integer>();`
	`87`	`+ private final Set<Long> targetHashes = new HashSet<Long>();`
`88`	`88`
`89`	`89`	`public List<MethodEventTargetRange> targetRanges = new ArrayList<MethodEventTargetRange>();`
`90`	`90`
`@@ -118,10 +118,10 @@ public JSONObject toJson() {`
`118`	`118`	`}`
`119`	`119`
`120`	`120`	`public static class MethodEventSourceType {`
`121`		`- private final Integer hash;`
	`121`	`+ private final Long hash;`
`122`	`122`	`private final String type;`
`123`	`123`
`124`		`- public MethodEventSourceType(Integer hash, String type) {`
	`124`	`+ public MethodEventSourceType(Long hash, String type) {`
`125`	`125`	`this.hash = hash;`
`126`	`126`	`this.type = type;`
`127`	`127`	`}`
`@@ -135,10 +135,10 @@ public JSONObject toJson() {`
`135`	`135`	`}`
`136`	`136`
`137`	`137`	`public static class MethodEventTargetRange {`
`138`		`- private final Integer hash;`
	`138`	`+ private final Long hash;`
`139`	`139`	`private final TaintRanges ranges;`
`140`	`140`
`141`		`- public MethodEventTargetRange(Integer hash, TaintRanges ranges) {`
	`141`	`+ public MethodEventTargetRange(Long hash, TaintRanges ranges) {`
`142`	`142`	`this.hash = hash;`
`143`	`143`	`this.ranges = ranges;`
`144`	`144`	`}`
`@@ -234,19 +234,19 @@ private String formatValue(Object val, boolean hasTaint) {`
`234`	`234`	`+ (hasTaint ? "*" : "") + String.valueOf(str.length());`
`235`	`235`	`}`
`236`	`236`
`237`		`- public Set<Integer> getSourceHashes() {`
	`237`	`+ public Set<Long> getSourceHashes() {`
`238`	`238`	`return sourceHashes;`
`239`	`239`	`}`
`240`	`240`
`241`		`- public void addSourceHash(int hashcode) {`
	`241`	`+ public void addSourceHash(long hashcode) {`
`242`	`242`	`this.sourceHashes.add(hashcode);`
`243`	`243`	`}`
`244`	`244`
`245`		`- public Set<Integer> getTargetHashes() {`
	`245`	`+ public Set<Long> getTargetHashes() {`
`246`	`246`	`return targetHashes;`
`247`	`247`	`}`
`248`	`248`
`249`		`- public void addTargetHash(int hashCode) {`
	`249`	`+ public void addTargetHash(long hashCode) {`
`250`	`250`	`this.targetHashes.add(hashCode);`
`251`	`251`	`}`
`252`	`252`
Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ private boolean checkPath(String path, MethodEvent event) {`
`112`	`112`	`return false;`
`113`	`113`	`}`
`114`	`114`
`115`		`- TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(path));`
	`115`	`+ TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(TaintPoolUtils.toStringHash(path.hashCode(),System.identityHashCode(path)));`
`116`	`116`	`if (tr.isEmpty()) {`
`117`	`117`	`return false;`
`118`	`118`	`}`
Original file line number	Diff line number	Diff line change
`@@ -361,7 +361,8 @@ private boolean addSourceType(MethodEvent event, Map<String, Object> sourceMap)`
`361`	`361`
`362`	`362`	`private boolean checkTaintPool(MethodEvent event, String key, Object value) {`
`363`	`363`	`if (!"".equals(value) && TaintPoolUtils.poolContains(value, event)) {`
`364`		`- event.sourceTypes.add(new MethodEvent.MethodEventSourceType(System.identityHashCode(value), key));`
	`364`	`+ long hash = TaintPoolUtils.getStringHash(value);`
	`365`	`+ event.sourceTypes.add(new MethodEvent.MethodEventSourceType(hash, key));`
`365`	`366`	`return true;`
`366`	`367`	`}`
`367`	`368`	`return false;`
Original file line number	Diff line number	Diff line change
`@@ -125,8 +125,8 @@ private boolean checkValue(Object val, MethodEvent event) {`
`125`	`125`	`if (!TaintPoolUtils.poolContains(val, event)) {`
`126`	`126`	`return false;`
`127`	`127`	`}`
`128`		`-`
`129`		`- TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(val));`
	`128`	`+ long hash = TaintPoolUtils.getStringHash(val);`
	`129`	`+ TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash);`
`130`	`130`	`if (tr.isEmpty()) {`
`131`	`131`	`return false;`
`132`	`132`	`}`