新增 Windows AMSI 支持

Author: Ghost-chu

src/main/java/com/ghostchu/peerbanhelper/Main.java

@@ -34,6 +34,7 @@
 import lombok.extern.slf4j.Slf4j;
 import org.bspfsystems.yamlconfiguration.configuration.InvalidConfigurationException;
 import org.bspfsystems.yamlconfiguration.file.YamlConfiguration;
+import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.pf4j.PluginManager;
 import org.slf4j.Logger;
@@ -51,6 +52,7 @@
 import java.nio.file.Files;
 import java.util.Arrays;
 import java.util.Locale;
+import java.util.Optional;
 import java.util.Properties;
 
 import static com.ghostchu.peerbanhelper.text.TextManager.tlUI;
@@ -98,8 +100,8 @@ public class Main {
     private static String[] startupArgs;
     @Getter
     private static final long startupAt = System.currentTimeMillis();
-    @Getter
     @Nullable
+    @Getter
     private static Platform platform;
     private static String userAgent;
     public static final int PBH_BTN_PROTOCOL_IMPL_VERSION = 20;

src/main/java/com/ghostchu/peerbanhelper/PeerBanHelper.java

@@ -15,7 +15,6 @@
 import com.ghostchu.peerbanhelper.module.impl.monitor.SwarmTrackingModule;
 import com.ghostchu.peerbanhelper.module.impl.rule.*;
 import com.ghostchu.peerbanhelper.module.impl.webapi.*;
-import com.ghostchu.peerbanhelper.platform.Platform;
 import com.ghostchu.peerbanhelper.platform.impl.win32.workingset.jna.WorkingSetManagerFactory;
 import com.ghostchu.peerbanhelper.text.Lang;
 import com.ghostchu.peerbanhelper.text.TranslationComponent;
@@ -112,8 +111,8 @@ public void start() {
     private void loadPlatformFeatures() {
         var platform = Main.getPlatform();
         if (platform == null) return;
-
-        if (platform.getEcoQosAPI().supported() && Main.getMainConfig().getBoolean("performance.windows-ecoqos-api")) {
+        var ecoQosAPI = platform.getEcoQosAPI();
+        if (ecoQosAPI != null && Main.getMainConfig().getBoolean("performance.windows-ecoqos-api")) {
             platform.getEcoQosAPI().apply();
         }
     }

src/main/java/com/ghostchu/peerbanhelper/configuration/pf4j/PBHSpringPluginManager.java

@@ -1,11 +1,10 @@
 package com.ghostchu.peerbanhelper.configuration.pf4j;
 
+import com.ghostchu.peerbanhelper.Main;
+import com.ghostchu.peerbanhelper.text.Lang;
 import jakarta.annotation.PostConstruct;
 import lombok.extern.slf4j.Slf4j;
-import org.pf4j.ExtensionFactory;
-import org.pf4j.PluginState;
-import org.pf4j.PluginStateEvent;
-import org.pf4j.PluginWrapper;
+import org.pf4j.*;
 import org.pf4j.spring.ExtensionsInjector;
 import org.pf4j.spring.SpringExtensionFactory;
 import org.pf4j.spring.SpringPluginManager;
@@ -14,11 +13,15 @@
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
 
+import java.io.File;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 
+import static com.ghostchu.peerbanhelper.text.TextManager.tlUI;
+
 @Slf4j
 public class PBHSpringPluginManager extends SpringPluginManager implements ApplicationContextAware {
     private ApplicationContext applicationContext;
@@ -62,6 +65,44 @@ public void init() {
         extensionsInjector.injectExtensions();
     }
 
+    @Override
+    public void loadPlugins() {
+        log.debug("Lookup plugins in '{}'", pluginsRoots);
+
+        // check for plugins roots
+        if (pluginsRoots.isEmpty()) {
+            log.warn("No plugins roots configured");
+            return;
+        }
+        pluginsRoots.forEach(path -> {
+            if (Files.notExists(path) || !Files.isDirectory(path)) {
+                log.warn("No '{}' root", path);
+            }
+        });
+
+        // get all plugin paths from repository
+        List<Path> pluginPaths = pluginRepository.getPluginPaths();
+
+        // check for no plugins
+        if (pluginPaths.isEmpty()) {
+            log.info("No plugins");
+            return;
+        }
+
+        log.debug("Found {} possible plugins: {}", pluginPaths.size(), pluginPaths);
+
+        // load plugins from plugin paths
+        for (Path pluginPath : pluginPaths) {
+            try {
+                loadPluginFromPath(pluginPath);
+            } catch (PluginRuntimeException e) {
+                log.error("Cannot load plugin '{}'", pluginPath, e);
+            }
+        }
+
+        resolvePlugins();
+    }
+
     @Override
     public void startPlugins() {
         for (PluginWrapper pluginWrapper : resolvedPlugins) {
@@ -83,6 +124,7 @@ public void startPlugins() {
             }
         }
     }
+
     /**
      * Stop all active plugins.
      */
@@ -111,4 +153,32 @@ public void stopPlugins() {
             }
         }
     }
+
+    /**
+     * Load a plugin from disk. If the path is a zip file, first unpack.
+     *
+     * @param pluginPath plugin location on disk
+     * @return PluginWrapper for the loaded plugin or null if not loaded
+     * @throws PluginRuntimeException if problems during load
+     */
+    @Override
+    protected PluginWrapper loadPluginFromPath(Path pluginPath) {
+        var platform = Main.getPlatform();
+        if (platform != null) {
+            var scanner = platform.getMalwareScanner();
+            if (scanner != null) {
+                try (scanner) {
+                    File file = pluginPath.toFile();
+                    if (scanner.isMalicious(file)) {
+                        throw new PluginRuntimeException(tlUI(Lang.MALWARE_SCANNER_DETECTED, "[JavaPlugin", pluginPath.toAbsolutePath()));
+                    }
+                } catch (PluginRuntimeException e) {
+                    throw e;
+                } catch (Exception e) {
+                    log.debug("Malware scan failed for plugin '{}': Unable to close scanner", pluginPath, e);
+                }
+            }
+        }
+        return super.loadPluginFromPath(pluginPath);
+    }
 }

src/main/java/com/ghostchu/peerbanhelper/module/impl/rule/ExpressionRule.java

@@ -80,7 +80,7 @@ public void onEnable() {
         }
         javalinWebContainer.javalin()
                 .get("/api/" + getConfigName() + "/scripts", this::listScripts, Role.USER_READ)
-                .get("/api/"+getConfigName()+"/editable", this::editable, Role.USER_READ)
+                .get("/api/" + getConfigName() + "/editable", this::editable, Role.USER_READ)
                 .get("/api/" + getConfigName() + "/{scriptId}", this::readScript, Role.USER_READ)
                 .put("/api/" + getConfigName() + "/{scriptId}", this::writeScript, Role.USER_WRITE)
                 .delete("/api/" + getConfigName() + "/{scriptId}", this::deleteScript, Role.USER_WRITE);
@@ -130,7 +130,20 @@ private void writeScript(Context context) throws IOException {
             context.json(new StdResp(false, "Access to this resource is disallowed", null));
             return;
         }
-        Files.write(readFile.toPath(), context.bodyAsBytes(), StandardOpenOption.CREATE);
+        var content = context.bodyAsBytes();
+        var platform = Main.getPlatform();
+        if (platform != null) {
+            var scanner = platform.getMalwareScanner();
+            if (scanner != null) {
+                if (scanner.isMalicious(context.body())) {
+                    context.status(HttpStatus.BAD_REQUEST);
+                    context.json(new StdResp(false, tl(locale(context), Lang.MALWARE_SCANNER_DETECTED, "WebAPI-ScriptCreate", scriptId), null));
+                    log.error(tlUI(Lang.MALWARE_SCANNER_DETECTED, "WebAPI-ScriptCreate", scriptId));
+                    return;
+                }
+            }
+        }
+        Files.write(readFile.toPath(), content, StandardOpenOption.CREATE);
         context.json(new StdResp(true, tl(locale(context), Lang.EXPRESS_RULE_ENGINE_SAVED), null));
         reloadConfig();
     }
@@ -166,13 +179,13 @@ private File getIfAllowedScriptId(String scriptId) {
         return null;
     }
 
-    private boolean isSafeNetworkEnvironment(Context context){
+    private boolean isSafeNetworkEnvironment(Context context) {
         var value = ExternalSwitch.parse("pbh.please-disable-safe-network-environment-check-i-know-this-is-very-dangerous-and-i-may-lose-my-data-and-hacker-may-attack-me-via-this-endpoint-and-steal-my-data-or-destroy-my-computer-i-am-fully-responsible-for-this-action-and-i-will-not-blame-the-developer-for-any-loss");
-        if(value != null && value.equals("true")){
+        if (value != null && value.equals("true")) {
             return true;
         }
         var ip = IPAddressUtil.getIPAddress(context.ip());
-        if(ip == null){
+        if (ip == null) {
             throw new IllegalArgumentException("Safe check for IPAddress failed, the IP cannot be null");
         }
         return (ip.isLocal() || ip.isLoopback()) && !WebUtil.isUsingReserveProxy(context);
@@ -266,7 +279,7 @@ public CheckResult runExpression(CompiledScript script, @NotNull Torrent torrent
                         returns = script.expression().execute(env);
                     }
                 }
-                result = scriptEngine.handleResult(script,banDuration, returns);
+                result = scriptEngine.handleResult(script, banDuration, returns);
             } catch (TimeoutException timeoutException) {
                 return pass();
             } catch (Exception ex) {
@@ -310,8 +323,8 @@ private void reloadConfig() throws IOException {
                             }
                             try {
                                 String scriptContent = java.nio.file.Files.readString(script.toPath(), StandardCharsets.UTF_8);
-                                var compiledScript = scriptEngine.compileScript(script,script.getName(),scriptContent);
-                                if(compiledScript == null) return;
+                                var compiledScript = scriptEngine.compileScript(script, script.getName(), scriptContent);
+                                if (compiledScript == null) return;
                                 this.scripts.add(compiledScript);
                             } catch (IOException e) {
                                 log.error("Unable to load script file", e);

src/main/java/com/ghostchu/peerbanhelper/platform/Platform.java

@@ -1,8 +1,11 @@
 package com.ghostchu.peerbanhelper.platform;
 
 import com.ghostchu.peerbanhelper.platform.types.EcoQosAPI;
+import com.ghostchu.peerbanhelper.platform.types.MalwareScanner;
 import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 
 public interface Platform {
-    @NotNull EcoQosAPI getEcoQosAPI();
+    @Nullable EcoQosAPI getEcoQosAPI();
+    @Nullable MalwareScanner getMalwareScanner();
 }

src/main/java/com/ghostchu/peerbanhelper/platform/WindowsEcoQosAPI.java

@@ -6,8 +6,6 @@
 import com.ghostchu.peerbanhelper.text.Lang;
 import lombok.extern.slf4j.Slf4j;
 
-import java.util.Locale;
-
 import static com.ghostchu.peerbanhelper.text.TextManager.tlUI;
 
 @Slf4j
@@ -23,10 +21,4 @@ public void apply() throws UnsupportedOperationException {
         log.info(tlUI(Lang.IN_ECOMODE_DESCRIPTION));
         ExchangeMap.GUI_DISPLAY_FLAGS.add(new ExchangeMap.DisplayFlag("eco-mode", 10, tlUI(Lang.IN_ECOMODE_SHORT)));
     }
-
-    @Override
-    public boolean supported() {
-        String os = System.getProperty("os.name").toLowerCase(Locale.ROOT);
-        return os.startsWith("win");
-    }
 }

src/main/java/com/ghostchu/peerbanhelper/platform/impl/win32/WindowsPlatform.java

@@ -1,14 +1,36 @@
 package com.ghostchu.peerbanhelper.platform.impl.win32;
 
+import com.ghostchu.peerbanhelper.ExternalSwitch;
 import com.ghostchu.peerbanhelper.platform.Platform;
 import com.ghostchu.peerbanhelper.platform.WindowsEcoQosAPI;
+import com.ghostchu.peerbanhelper.platform.impl.win32.amsi.AmsiScanner;
 import com.ghostchu.peerbanhelper.platform.types.EcoQosAPI;
-import org.jetbrains.annotations.NotNull;
+import com.ghostchu.peerbanhelper.platform.types.MalwareScanner;
+import lombok.extern.slf4j.Slf4j;
+import org.jetbrains.annotations.Nullable;
 
+@Slf4j
 public class WindowsPlatform implements Platform {
     private final EcoQosAPI ecoQosAPI = new WindowsEcoQosAPI();
+
     @Override
-    public @NotNull EcoQosAPI getEcoQosAPI() {
+    public @Nullable EcoQosAPI getEcoQosAPI() {
+        if (!ExternalSwitch.parseBoolean("pbh.platform.ecoqos-api", true)) {
+            return null;
+        }
         return ecoQosAPI;
     }
+
+    @Override
+    public @Nullable MalwareScanner getMalwareScanner() {
+        if (!ExternalSwitch.parseBoolean("pbh.platform.malware-scanner", true)) {
+            return null;
+        }
+        try {
+            return new AmsiScanner("PeerBanHelper");
+        } catch (Exception e) {
+            log.debug("AMSI Scanner is not available: {}", e.getMessage());
+            return null;
+        }
+    }
 }

src/main/java/com/ghostchu/peerbanhelper/platform/impl/win32/amsi/AmsiLib.java

@@ -0,0 +1,29 @@
+package com.ghostchu.peerbanhelper.platform.impl.win32.amsi;
+
+import com.sun.jna.Library;
+import com.sun.jna.Native;
+import com.sun.jna.Pointer;
+import com.sun.jna.WString;
+import com.sun.jna.ptr.PointerByReference;
+
+public interface AmsiLib extends Library {
+    AmsiLib INSTANCE = Native.load("amsi", AmsiLib.class);
+
+    // HRESULT AmsiInitialize(LPCWSTR appName, HAMSICONTEXT* amsiContext)
+    int AmsiInitialize(String appName, PointerByReference amsiContext);
+
+    // void AmsiUninitialize(HAMSICONTEXT amsiContext)
+    void AmsiUninitialize(Pointer amsiContext);
+
+    // HRESULT AmsiOpenSession(HAMSICONTEXT amsiContext, HAMSISESSION* amsiSession)
+    int AmsiOpenSession(Pointer amsiContext, PointerByReference amsiSession);
+
+    // void AmsiCloseSession(HAMSICONTEXT amsiContext, HAMSISESSION amsiSession)
+    void AmsiCloseSession(Pointer amsiContext, Pointer amsiSession);
+
+    // HRESULT AmsiScanString(HAMSICONTEXT amsiContext, LPCWSTR string, LPCWSTR contentName, HAMSISESSION amsiSession, AMSI_RESULT* result)
+    int AmsiScanString(Pointer amsiContext, WString string, WString contentName, Pointer amsiSession, int[] result);
+
+    // HRESULT AmsiScanBuffer(HAMSICONTEXT amsiContext, Pointer buffer, ULONG length, LPCWSTR contentName, HAMSISESSION amsiSession, AMSI_RESULT* result)
+    int AmsiScanBuffer(Pointer amsiContext, Pointer buffer, int length, WString contentName, Pointer amsiSession, int[] result);
+}