fixes request body fetch for x-www-form-urlencoded

lostsnow · lostsnow · commit e9cf83bae951 · 2023-02-24T12:10:52.000+08:00
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/HttpImpl.java
@@ -95,6 +95,34 @@ public static void solveHttpRequest(Object obj, Object req, Object resp, Map<Str
         } catch (Throwable ignore) {
         }
 
+        try {
+            String contentType = ((Map<String, String>) requestMeta.get("headers")).get("Content-Type");
+            String method = (String) requestMeta.get("method");
+            if (("POST".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method))
+                    && !isRawBody(contentType)) {
+                Method getParameterNamesMethod = ReflectUtils.getDeclaredMethodFromSuperClass(req.getClass(),
+                        "getParameterNames", null);
+                Method getParameterMethod = ReflectUtils.getDeclaredMethodFromSuperClass(req.getClass(),
+                        "getParameter", new Class[]{String.class});
+                Enumeration<?> parameterNames = (Enumeration<?>) getParameterNamesMethod.invoke(req);
+                StringBuilder postBody = new StringBuilder();
+                boolean first = true;
+                while (parameterNames.hasMoreElements()) {
+                    String key = (String) parameterNames.nextElement();
+                    if (first) {
+                        first = false;
+                        postBody.append(key).append("=").append((String) getParameterMethod.invoke(req, key));
+                    } else {
+                        postBody.append("&").append(key).append("=").append((String) getParameterMethod.invoke(req, key));
+                    }
+                }
+                if (postBody.length() > 0) {
+                    requestMeta.put("body", postBody.toString());
+                }
+            }
+        } catch (Throwable ignore) {
+        }
+
         EngineManager.enterHttpEntry(requestMeta);
         DongTaiLog.debug("HTTP Request:{} {} from: {}", requestMeta.get("method"), requestMeta.get("requestURI"),
                 obj.getClass().getName());
@@ -111,6 +139,9 @@ public static Map<String, String> parseRequestHeaders(Object req, Enumeration<?>
             try {
                 String key = (String) headerNames.nextElement();
                 String val = (String) getHeaderMethod.invoke(req, key);
+                if ("content-type".equalsIgnoreCase(key)) {
+                    key = "Content-Type";
+                }
                 headers.put(key, val);
             } catch (Throwable ignore) {
             }
@@ -119,6 +150,13 @@ public static Map<String, String> parseRequestHeaders(Object req, Enumeration<?>
     }
 
     public static void onServletInputStreamRead(int ret, String desc, Object stream, byte[] bs, int offset, int len) {
+        if (EngineManager.REQUEST_CONTEXT.get() != null
+                && EngineManager.REQUEST_CONTEXT.get().get("body") != null
+                && EngineManager.REQUEST_CONTEXT.get().get("body") != ""
+        ) {
+            return;
+        }
+
         if ("()I".equals(desc)) {
             if (ret == -1) {
                 return;
@@ -218,4 +256,9 @@ public static void onServletOutputStreamWrite(String desc, Object stream, int b,
     public static IastClassLoader getClassLoader() {
         return iastClassLoader;
     }
+
+    public static boolean isRawBody(String contentType) {
+        return contentType != null
+                && (contentType.contains("application/json") || contentType.contains("application/xml"));
+    }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java
@@ -81,12 +81,19 @@ public static String convertToReport(List<GraphNode> nodeList, Object request, O
         if (StringUtils.isEmpty(requestURI)) {
             return null;
         }
+
         detail.put(ReportKey.URI, requestURI);
         detail.put(ReportKey.CLIENT_IP, requestMeta.getOrDefault("remoteAddr", ""));
         detail.put(ReportKey.QUERY_STRING, requestMeta.getOrDefault("queryString", ""));
         detail.put(ReportKey.REQ_HEADER, AbstractNormalVulScan.getEncodedHeader(
                 (Map<String, String>) requestMeta.getOrDefault("headers", new HashMap<String, String>())));
-        detail.put(ReportKey.REQ_BODY, EngineManager.BODY_BUFFER.getRequest().toString());
+
+        String reqBody = (String) requestMeta.get("body");
+        if (StringUtils.isEmpty(reqBody)) {
+            reqBody = EngineManager.BODY_BUFFER.getRequest().toString();
+        }
+        detail.put(ReportKey.REQ_BODY, reqBody);
+
         detail.put(ReportKey.RES_HEADER, AbstractNormalVulScan.getEncodedResponseHeader(
                 (String) requestMeta.get("responseStatus"),
                 (Map<String, Collection<String>>) requestMeta.get("responseHeaders")));
