From 380f2fde8666bba6238795c15e3c928fac8c161a Mon Sep 17 00:00:00 2001 From: yoloyyh <1764163852@qq.com> Date: Tue, 6 Aug 2024 14:52:06 +0800 Subject: [PATCH] add jvm switch --- .../java/com/security/smith/SmithProbe.java | 57 ++++++- .../com/security/smith/SmithProbeProxy.java | 94 ++++++----- .../com/security/smith/client/Client.java | 14 ++ .../security/smith/client/MessageDecoder.java | 29 ++-- .../security/smith/client/MessageEncoder.java | 25 ++- .../security/smith/client/MessageHandler.java | 1 + .../smith/client/MessageSerializer.java | 1 + .../com/security/smith/client/Operate.java | 1 + .../smith/client/message/ClassFilter.java | 30 ++++ .../message/ClassFilterDeserializer.java | 3 + .../client/message/ClassFilterSerializer.java | 3 + .../smith/client/message/Heartbeat.java | 10 ++ .../smith/client/message/SwitchConfig.java | 27 +++ .../security/smith/client/message/Trace.java | 9 + .../client/message/TraceDeserializer.java | 1 + .../smith/client/message/TraceSerializer.java | 1 + .../com/security/smith/type/SmithMethod.java | 10 ++ .../JVMProbe/src/main/resources/class.yaml | 156 ++++++++++++++++++ rasp/librasp/src/comm.rs | 2 +- rasp/librasp/src/jvm.rs | 3 +- rasp/librasp/src/manager.rs | 12 +- rasp/plugin/src/monitor.rs | 37 ++--- rasp/plugin/src/operation.rs | 4 +- rasp/rasp_server/src/comm.rs | 4 +- rasp/rasp_server/src/proto.rs | 23 +++ 25 files changed, 449 insertions(+), 108 deletions(-) create mode 100644 rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/SwitchConfig.java diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java index da8965867..251231c40 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java @@ -149,7 +149,9 @@ public class SmithProbe implements ClassFileTransformer, MessageHandler, EventHa private Map, Filter> filters; private Map, Block> blocks; private Map, Integer> limits; + private Map> hookTypes; private Disruptor disruptor; + private Map switchConfig; private Rule_Mgr rulemgr; private Rule_Config ruleconfig; @@ -199,6 +201,8 @@ public void init() { filters = new ConcurrentHashMap<>(); blocks = new ConcurrentHashMap<>(); limits = new ConcurrentHashMap<>(); + hookTypes = new ConcurrentHashMap<>(); + switchConfig = new ConcurrentHashMap<>(); MessageSerializer.initInstance(proberVersion); MessageEncoder.initInstance(); @@ -233,16 +237,21 @@ public Trace newInstance() { Reader xreader = new InputStreamReader(inputStream); YamlReader yamlReader = new YamlReader(xreader); for (SmithClass smithClass : yamlReader.read(SmithClass[].class)) { + for (SmithMethod smithMethod : smithClass.getMethods()) { + + if (smithMethod.getTypes() != null && !smithMethod.getTypes().isEmpty()) + hookTypes.put(smithClass.getId() + "-" + smithMethod.getId(), smithMethod.getTypes()); + } smithClasses.put(smithClass.getName(), smithClass); } - } catch (IOException e) { + } catch (Throwable e) { SmithLogger.exception(e); } } else { SmithLogger.logger.info("not find class.yaml"); } - + SmithLogger.logger.info("probe init leave"); } private boolean isBypassHookClass(String className) { @@ -260,6 +269,23 @@ private boolean isBypassHookClass(String className) { return false; } + public boolean isFunctionEnabled(int classId, int methodId) { + String key = classId + "-" + methodId; + Set types = hookTypes.get(key); + + if (switchConfig == null || switchConfig.isEmpty()) { + return true; + } + + if (types != null) { + for (String type : types) { + if (switchConfig.getOrDefault(type, true)) { + return true; + } + } + } + return false; + } public void start() { SmithLogger.logger.info("probe start"); @@ -1072,6 +1098,16 @@ private void sendByte(byte[] data, String transId) { //} } + @Override + public void onSwitches(SwitchConfig switches) { + if (switches == null || switches.getSwitches() == null) { + return; + } + switchConfig = switches.getSwitches(); + + heartbeat.setSwitches(switches.getUUID()); + } + public Heartbeat getHeartbeat() { return heartbeat; } @@ -1102,4 +1138,21 @@ public Disruptor getDisruptor() { return disruptor; } + public String getFuncTypes(int classId, int methodId) { + String types = ""; + try { + + if (hookTypes.containsKey(classId + "-" + methodId)) { + for (String type: hookTypes.get(classId + "-" + methodId)) { + types += type + ","; + } + } + if (types.length() > 0) { + types = types.substring(0, types.length() - 1); + } + } catch (Exception e) { + SmithLogger.exception(e); + } + return types; + } } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java index 80e05928e..40d9cd717 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java @@ -274,7 +274,7 @@ public boolean checkReflectMethodEvil(String classname, String methodname) { } public void detect(int classID, int methodID, Object[] args) { - if(stopX) { + if(stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } @@ -311,7 +311,7 @@ public void detect(int classID, int methodID, Object[] args) { } public void trace(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if (classID >= CLASS_MAX_ID || methodID >= METHOD_MAX_ID || stopX) + if (classID >= CLASS_MAX_ID || methodID >= METHOD_MAX_ID || stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) return; while (true) { @@ -342,6 +342,7 @@ public void trace(int classID, int methodID, Object[] args, Object ret, boolean trace.setRet(ret); trace.setArgs(args); trace.setStackTrace(Thread.currentThread().getStackTrace()); + trace.setTypes(SmithProbeObj.getFuncTypes(classID, methodID)); ringBuffer.publish(sequence); } catch (InsufficientCapacityException ignored) { @@ -349,17 +350,17 @@ public void trace(int classID, int methodID, Object[] args, Object ret, boolean } } - public void sendMetadataObject(Object obj) { + public void sendMetadataObject(Object obj, int classID, int methodID) { if(stopX) { return; } if (obj != null) { - sendMetadataClass(obj.getClass()); + sendMetadataClass(obj.getClass(), classID, methodID); } } - public void sendMetadataClass(Class cla) { + public void sendMetadataClass(Class cla, int classID, int methodID) { if (cla == null || stopX) { return; } @@ -372,6 +373,9 @@ public void sendMetadataClass(Class cla) { SmithHandler.queryClassFilter(cla, classFilter); classFilter.setTransId(); classFilter.setRuleId(-1); + classFilter.setClassId(classID); + classFilter.setMethodId(methodID); + classFilter.setTypes(SmithProbeObj.getFuncTypes(classID, methodID)); classFilter.setStackTrace(Thread.currentThread().getStackTrace()); if (client != null) { Gson gson = new GsonBuilder() @@ -386,7 +390,7 @@ public void sendMetadataClass(Class cla) { } public void checkAddServletPre(int classID, int methodID, Object[] args) { - if(stopX) { + if(stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkAddServlet pre_hook call success"); @@ -404,7 +408,7 @@ public void checkAddServletPre(int classID, int methodID, Object[] args) { Class[] emptyArgTypes = new Class[]{}; Object servlet = Reflection.invokeMethod(wrapper, "getServlet", emptyArgTypes); - sendMetadataObject(servlet); + sendMetadataObject(servlet, classID, methodID); } } @@ -441,7 +445,7 @@ private Class getFilterFromLoader(Object context, String filterName) { } public void checkAddFilterPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkAddFilter pre_hook call success"); @@ -473,7 +477,7 @@ public void checkAddFilterPre(int classID, int methodID, Object[] args) { clazz = filter.getClass(); } - sendMetadataObject(clazz); + sendMetadataObject(clazz, classID, methodID); } else { needFoundfilterDef.set(filterdef); } @@ -483,7 +487,7 @@ public void checkAddFilterPre(int classID, int methodID, Object[] args) { } } public void checkFilterConfigPost(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkAddFilter post_hook call success"); @@ -497,7 +501,7 @@ public void checkFilterConfigPost(int classID, int methodID, Object[] args, Obje // shiro filter check if (needFoundfilterDef != null && needFoundfilterDef.get() == args[1]) { Object filter = getFilterFromConfig(ret); - sendMetadataObject(filter); + sendMetadataObject(filter, classID, methodID); } } catch(Exception e) { SmithLogger.exception(e); @@ -505,7 +509,7 @@ public void checkFilterConfigPost(int classID, int methodID, Object[] args, Obje } public void checkAddValvePre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 2) { @@ -513,7 +517,7 @@ public void checkAddValvePre(int classID, int methodID, Object[] args) { } try { Object valve = args[1]; - sendMetadataObject(valve); + sendMetadataObject(valve, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); @@ -525,7 +529,7 @@ public void checkAddListenerPre(int classID, int methodID, Object[] args) { } public void checkWebSocketPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("check WebSocketPre"); @@ -536,7 +540,7 @@ public void checkWebSocketPre(int classID, int methodID, Object[] args) { Object ws = args[1]; Class[] emptyArgTypes = new Class[]{}; Class endpointCla = (Class)Reflection.invokeMethod(ws, "getEndpointClass", emptyArgTypes); - sendMetadataClass(endpointCla); + sendMetadataClass(endpointCla, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); @@ -564,7 +568,7 @@ public void onTimer() { } public void checkResinAddServletPost(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 2) { @@ -575,7 +579,7 @@ public void checkResinAddServletPost(int classID, int methodID, Object[] args, O if (servletMapping != null) { Class[] emptyArgTypes = new Class[]{}; Class servletClass = (Class)Reflection.invokeMethod(servletMapping, "getServletClass", emptyArgTypes); - sendMetadataClass(servletClass); + sendMetadataClass(servletClass, classID, methodID); } } catch (Throwable e) { SmithLogger.exception(e); @@ -586,7 +590,7 @@ public void checkResinAddServletPost(int classID, int methodID, Object[] args, O * check resin servlet */ public void checkResinAddServletPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 2) { @@ -597,7 +601,7 @@ public void checkResinAddServletPre(int classID, int methodID, Object[] args) { if (servletMapping != null) { Class[] emptyArgTypes = new Class[]{}; Class servletClass = (Class)Reflection.invokeMethod(servletMapping, "getServletClass", emptyArgTypes); - sendMetadataClass(servletClass); + sendMetadataClass(servletClass, classID, methodID); } } catch (Throwable e) { SmithLogger.exception(e); @@ -608,7 +612,7 @@ public void checkResinAddServletPre(int classID, int methodID, Object[] args) { * check resin add filter memshell */ public void checkResinAddFilterPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkResinAddFilter pre_hook call success"); @@ -620,7 +624,7 @@ public void checkResinAddFilterPre(int classID, int methodID, Object[] args) { if (filterdef != null) { Class[] emptyArgTypes = new Class[]{}; Class filterCla = (Class)Reflection.invokeMethod(filterdef, "getFilterClass", emptyArgTypes); - sendMetadataClass(filterCla); + sendMetadataClass(filterCla, classID, methodID); } } catch (Throwable e) { SmithLogger.exception(e); @@ -629,7 +633,7 @@ public void checkResinAddFilterPre(int classID, int methodID, Object[] args) { } public void checkResinWebSocketPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkResinWebSocket pre_hook call success"); @@ -639,7 +643,7 @@ public void checkResinWebSocketPre(int classID, int methodID, Object[] args) { try { Object weblistener = args[2]; if (weblistener != null) { - sendMetadataObject(weblistener); + sendMetadataObject(weblistener, classID, methodID); } } catch (Exception e) { SmithLogger.exception(e); @@ -650,7 +654,7 @@ public void checkResinWebSocketPre(int classID, int methodID, Object[] args) { * TODO: add url check */ public void checkJettyMemshellPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkJettyMemshellPre pre_hook call success"); @@ -662,7 +666,7 @@ public void checkJettyMemshellPre(int classID, int methodID, Object[] args) { } try { Class newclass = (Class)args[1]; - sendMetadataClass(newclass); + sendMetadataClass(newclass, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); } @@ -672,7 +676,7 @@ public void checkJettyMemshellPre(int classID, int methodID, Object[] args) { * check Jetty 9.4 Listener memshell */ public void checkJettyListenerPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkJettyListenerPre pre_hook call success"); @@ -681,7 +685,7 @@ public void checkJettyListenerPre(int classID, int methodID, Object[] args) { } try { Object listener = args[1]; - sendMetadataObject(listener); + sendMetadataObject(listener, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); } @@ -691,7 +695,7 @@ public void checkJettyListenerPre(int classID, int methodID, Object[] args) { * used for listener check */ public void cehckJettyDeployPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (jettyDeploying != null) { @@ -701,7 +705,7 @@ public void cehckJettyDeployPre(int classID, int methodID, Object[] args) { /* user for check ServerEndpointConfig init */ public void checkWebSocketConfigPre(int classID, int metodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, metodID) == false) { return; } SmithLogger.logger.info("checkWebSocketConfigPre called"); @@ -710,7 +714,7 @@ public void checkWebSocketConfigPre(int classID, int metodID, Object[] args) { return; } Class websocket = (Class)args[0]; - sendMetadataClass(websocket); + sendMetadataClass(websocket, classID, metodID); } catch (Exception e) { SmithLogger.exception(e); @@ -721,7 +725,7 @@ public void checkWebSocketConfigPre(int classID, int metodID, Object[] args) { * used for listener check */ public void checkJettyDeployPost(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (jettyDeploying != null) { @@ -733,7 +737,7 @@ public void checkJettyDeployPost(int classID, int methodID, Object[] args, Objec * check spring controller memshell */ public void checkSpringControllerPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 3) { @@ -741,7 +745,7 @@ public void checkSpringControllerPre(int classID, int methodID, Object[] args) } try { Object controller = args[2]; - sendMetadataObject(controller); + sendMetadataObject(controller, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); } @@ -751,7 +755,7 @@ public void checkSpringControllerPre(int classID, int methodID, Object[] args) * check spring Interceptor memshell */ public void checkSpringInterceptorPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 1) { @@ -759,20 +763,20 @@ public void checkSpringInterceptorPre(int classID, int methodID, Object[] args) } try { Object interceptor = args[0]; - sendMetadataObject(interceptor); + sendMetadataObject(interceptor, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); } } public void checkMemshellInitPost(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } //SmithLogger.logger.info("checkMemshellInitPost call success"); if (ret != null) { try { - sendMetadataObject(ret); + sendMetadataObject(ret, classID, methodID); } catch (Exception e) { SmithLogger.exception(e); } @@ -799,6 +803,9 @@ private boolean checkIsRaspClass(String classname) { */ public Object processWildflyClassLoaderException(int classID, int methodID, Object[] args,Object exceptionObject) throws Throwable { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { + return null; + } if(exceptionObject instanceof ClassNotFoundException) { String classname = (String) args[1]; @@ -818,7 +825,7 @@ public ServletHandler addServlet(ServletInfo servletInfo) */ public void checkWildflyaddServletPre(int classID, int methodID, Object[] args) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkWildflyaddServlet pre_hook call success"); @@ -834,7 +841,7 @@ public void checkWildflyaddServletPre(int classID, int methodID, Object[] args) if(servletName != null) { if (servletClass != null) { - sendMetadataObject(servletClass); + sendMetadataObject(servletClass, classID, methodID); } else { SmithLogger.logger.warning("can't find "+servletName); } @@ -853,7 +860,7 @@ public ManagedFilter addFilter(FilterInfo filterInfo) */ public void checkWildflyaddFilterPre(int classID, int methodID, Object[] args) { - if (stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } SmithLogger.logger.info("checkWildflyaddFilter pre_hook call success"); @@ -869,7 +876,7 @@ public void checkWildflyaddFilterPre(int classID, int methodID, Object[] args) { if(filterName != null) { if (filterClass != null) { - sendMetadataObject(filterClass); + sendMetadataObject(filterClass, classID, methodID); } else { SmithLogger.logger.warning("can't find "+filterName); } @@ -904,7 +911,7 @@ public void handleReflectField(int classID, int methodID, Object[] args, Object } public void handleReflectMethod(int classID, int methodID, Object[] args, Object ret, boolean blocked) { - if(stopX) { + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { return; } if (args.length < 2) { @@ -932,6 +939,9 @@ public void handleReflectMethod(int classID, int methodID, Object[] args, Object public Object processGlassfishClassLoaderfindClassException(int classID, int methodID, Object[] args,Object exceptionObject) throws Throwable { //SmithLogger.logger.info("processGlassfishClassLoaderfindClass Exception_hook call success"); + if (stopX || SmithProbeObj.isFunctionEnabled(classID, methodID) == false) { + return null; + } if(exceptionObject instanceof ClassNotFoundException) { String classname = (String) args[1]; //SmithLogger.logger.info("processGlassfishClassLoaderfindClass find class:"+classname); diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java index a8f4c49df..f7f405519 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Client.java @@ -245,6 +245,20 @@ public void onMessage(Message message) { Thread scanAllClassThread = new Thread(messageHandler::onScanAllClass); scanAllClassThread.setDaemon(true); scanAllClassThread.start(); + break; + } + case Operate.SWITCHES: { + SmithLogger.logger.info("switches: " + message.getData().toString()); + + try { + Gson gson = new Gson(); + SwitchConfig config = gson.fromJson(message.getData().toString(), SwitchConfig.class); + messageHandler.onSwitches(config); + } catch (Exception e) { + SmithLogger.exception(e); + } + + break; } } } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageDecoder.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageDecoder.java index c0d90b3ca..c20ace889 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageDecoder.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageDecoder.java @@ -29,22 +29,17 @@ public static void initInstance() { @Override protected void decode(ChannelHandlerContext ctx, ByteBuf in, List out) throws IOException { - try { - long payloadSize = in.readUnsignedInt(); - if (payloadSize > Message.MAX_PAYLOAD_SIZE) - return; - - byte[] buffer = new byte[(int) payloadSize]; - in.readBytes(buffer); - - String msg = new String(buffer); - Message message = gson.fromJson(msg,Message.class); - if (message != null) - out.add(message); - } - catch(Throwable e) { - e.printStackTrace(); - } - + + long payloadSize = in.readUnsignedInt(); + if (payloadSize > Message.MAX_PAYLOAD_SIZE) + return; + + byte[] buffer = new byte[(int) payloadSize]; + in.readBytes(buffer); + + String msg = new String(buffer); + Message message = gson.fromJson(msg,Message.class); + if (message != null) + out.add(message); } } \ No newline at end of file diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageEncoder.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageEncoder.java index dcfa3c7a7..b863408a3 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageEncoder.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageEncoder.java @@ -26,20 +26,15 @@ public static void initInstance() { @Override protected void encode(ChannelHandlerContext ctx, Object msg, ByteBuf out) { - try { - byte[] payload = gson.toJson(msg).getBytes(); - int payloadSize = payload.length; - - ByteBuffer buffer = ByteBuffer.allocate(payloadSize + Message.PROTOCOL_HEADER_SIZE); - buffer.putInt(payloadSize); - buffer.put(payload); - buffer.flip(); - - out.writeBytes(buffer); - } - catch(Throwable e) { - e.printStackTrace(); - } - + + byte[] payload = gson.toJson(msg).getBytes(); + int payloadSize = payload.length; + + ByteBuffer buffer = ByteBuffer.allocate(payloadSize + Message.PROTOCOL_HEADER_SIZE); + buffer.putInt(payloadSize); + buffer.put(payload); + buffer.flip(); + + out.writeBytes(buffer); } } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageHandler.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageHandler.java index 59c695455..a933f3c87 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageHandler.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageHandler.java @@ -14,4 +14,5 @@ public interface MessageHandler { boolean OnAddRule(Rule_Data ruleData); boolean OnAddRule(String rulejson); void onScanAllClass(); + void onSwitches(SwitchConfig switches); } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java index 27700d06f..67ac3eea6 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java @@ -9,6 +9,7 @@ import com.google.gson.JsonSerializer; import com.security.smith.common.ProcessHelper; + import java.lang.management.ManagementFactory; import java.time.Instant; diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Operate.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Operate.java index 039578d5b..2cb19eb2c 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Operate.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Operate.java @@ -19,4 +19,5 @@ public class Operate { public static final int CLASSUPLOADSTART = 15; // start to send class public static final int CLASSUPLOAD = 16; public static final int CLASSUPLOADEND = 17; // end to send class + public static final int SWITCHES = 18; // switch } \ No newline at end of file diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java index 4dabadac9..a6951d079 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java @@ -13,6 +13,9 @@ public class ClassFilter { private String parent_class_name = ""; private String parent_class_loader_name = ""; private long rule_id = -1; + private int class_id = -1; + private int method_id = -1; + private String types = ""; @SerializedName("stackTrace") private StackTraceElement[] stack_trace = {}; @@ -81,6 +84,30 @@ public void setRuleId(long ruleId) { this.rule_id = ruleId; } + public int getClassId() { + return class_id; + } + + public void setClassId(int classId) { + this.class_id = classId; + } + + public int getMethodId() { + return method_id; + } + + public void setMethodId(int methodId) { + this.method_id = methodId; + } + + public String getTypes() { + return types; + } + + public void setTypes(String types) { + this.types = types; + } + public StackTraceElement[] getStackTrace() { return stack_trace; } @@ -93,6 +120,9 @@ public void setStackTrace(StackTraceElement[] stackTrace) { public String toString() { return "{" + "trans_id: '" + trans_id + '\'' + + ", class_id: '" + class_id + '\'' + + ", method_id: '" + method_id + '\'' + + ", types: '" + types + '\'' + ", class_name: '" + class_name + '\'' + ", class_path: '" + class_path + '\'' + ", interfaces_name: '" + interfaces_name + '\'' + diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java index ed0828a46..12c68350d 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java @@ -20,6 +20,9 @@ public ClassFilter deserialize(JsonElement json, Type typeOfT, com.google.gson.J filter.setParentClassName(jsonObject.getAsJsonPrimitive("parent_Class_name").getAsString()); filter.setParentClassLoaderName(jsonObject.getAsJsonPrimitive("parent_class_Loader_name").getAsString()); filter.setRuleId(jsonObject.getAsJsonPrimitive("rule_id").getAsInt()); + filter.setClassId(jsonObject.getAsJsonPrimitive("class_id").getAsInt()); + filter.setMethodId(jsonObject.getAsJsonPrimitive("method_id").getAsInt()); + filter.setTypes(jsonObject.getAsJsonPrimitive("types").getAsString()); filter.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stack_trace"), String[].class))); return filter; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java index 115c7a5eb..44b996d95 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java @@ -22,6 +22,9 @@ public JsonElement serialize(ClassFilter src, Type typeOfSrc, JsonSerializationC jsonObject.addProperty("parent_Class_name", src.getParentClassName()); jsonObject.addProperty("parent_class_Loader_name", src.getParentClassLoaderName()); jsonObject.addProperty("rule_id", src.getRuleId()); + jsonObject.addProperty("class_id", src.getClassId()); + jsonObject.addProperty("method_id", src.getMethodId()); + jsonObject.addProperty("types", src.getTypes()); jsonObject.add("stack_trace", context.serialize(convertStackTrace(src.getStackTrace()))); return jsonObject; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java index 378b0078e..2b41c4aec 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java @@ -11,6 +11,7 @@ public class Heartbeat { private String limit; private String patch; private String class_filter_version; + private String switches; private int discard_count; public Heartbeat() { @@ -19,6 +20,7 @@ public Heartbeat() { limit = ""; patch = ""; class_filter_version = ""; + switches = ""; discard_count = 0; } @@ -62,6 +64,14 @@ public void setClassFilterVersion(String classFilterVersion) { this.class_filter_version = classFilterVersion; } + public String getSwicthes() { + return switches; + } + + public void setSwitches(String switches) { + this.switches = switches; + } + public synchronized int getDiscardCount() { return discard_count; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/SwitchConfig.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/SwitchConfig.java new file mode 100644 index 000000000..0b567fe91 --- /dev/null +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/SwitchConfig.java @@ -0,0 +1,27 @@ +package com.security.smith.client.message; + +import java.util.List; +import java.util.Map; + +import org.apache.commons.lang3.tuple.Pair; + +public class SwitchConfig { + private String uuid; + private Map switches; + + public String getUUID() { + return uuid; + } + + public void setUUID(String uuid) { + this.uuid = uuid; + } + + public Map getSwitches() { + return switches; + } + + public void setSwitches(Map switches) { + this.switches = switches; + } +} \ No newline at end of file diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java index 52d568e2d..a4ef1e96a 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java @@ -9,6 +9,7 @@ public class Trace { private int classID; private int methodID; + private String types; private boolean blocked = false; private String policyID = ""; @@ -72,4 +73,12 @@ public StackTraceElement[] getStackTrace() { public void setStackTrace(StackTraceElement[] stackTrace) { this.stackTrace = stackTrace; } + + public String getTypes() { + return types; + } + + public void setTypes(String types) { + this.types = types; + } } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java index f5293a271..7a01accf7 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java @@ -18,6 +18,7 @@ public Trace deserialize(JsonElement json, Type typeOfT, com.google.gson.JsonDes trace.setRet(context.deserialize(jsonObject.get("ret"), Object.class)); trace.setArgs(context.deserialize(jsonObject.get("args"), Object[].class)); trace.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stack_trace"), String[].class))); + trace.setTypes(jsonObject.getAsJsonPrimitive("types").getAsString()); return trace; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java index 37ca8e5a9..8377d8875 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java @@ -20,6 +20,7 @@ public JsonElement serialize(Trace src, Type typeOfSrc, JsonSerializationContext jsonObject.add("ret",context.serialize(convertRet(src.getRet()))); jsonObject.add("args",context.serialize(convertArgs(src.getArgs()))); jsonObject.add("stack_trace", context.serialize(convertStackTrace(src.getStackTrace()))); + jsonObject.addProperty("types", src.getTypes()); return jsonObject; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/type/SmithMethod.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/type/SmithMethod.java index 567cc8aa4..bd2eca264 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/type/SmithMethod.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/type/SmithMethod.java @@ -1,5 +1,6 @@ package com.security.smith.type; +import java.util.Set; public class SmithMethod { private int id; private String name; @@ -8,6 +9,7 @@ public class SmithMethod { private String preHook; private String postHook; private String exceptionHook; + private Set types; public int getId() { return id; @@ -64,4 +66,12 @@ public String getExceptionHook() { public void setExceptionHook(String exceptionHook) { this.exceptionHook = exceptionHook; } + + public Set getTypes() { + return types; + } + + public void setTypes(Set types) { + this.types = types; + } } diff --git a/rasp/jvm/JVMProbe/src/main/resources/class.yaml b/rasp/jvm/JVMProbe/src/main/resources/class.yaml index 671879c32..d5f69d379 100644 --- a/rasp/jvm/JVMProbe/src/main/resources/class.yaml +++ b/rasp/jvm/JVMProbe/src/main/resources/class.yaml @@ -5,21 +5,33 @@ name: start desc: ([Ljava/lang/String;Ljava/util/Map;Ljava/lang/String;[Ljava/lang/ProcessBuilder$Redirect;Z)Ljava/lang/Process; block: true + types: + - process - id: 1 name: getOutputStream desc: ()Ljava/io/OutputStream; + types: + - process - id: 2 name: getInputStream desc: ()Ljava/io/InputStream; + types: + - process - id: 3 name: getErrorStream desc: ()Ljava/io/InputStream; + types: + - process - id: 4 name: desc: ([B[BI[BI[B[IZZ)V + types: + - process - id: 5 name: desc: (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;[JZ)V + types: + - process - id: 1 name: java.io.FileInputStream @@ -27,153 +39,229 @@ - id: 0 name: desc: (Ljava/io/File;)V + types: + - file - id: 2 name: java.io.FileOutputStream methods: - id: 0 name: desc: (Ljava/io/File;Z)V + types: + - file - id: 3 name: java.io.File methods: - id: 0 name: renameTo desc: (Ljava/io/File;)Z + types: + - file - id: 1 name: list desc: ()[Ljava/lang/String; + types: + - file - id: 2 name: delete desc: ()Z + types: + - file - id: 3 name: createNewFile desc: ()Z + types: + - file - id: 4 name: desc: (Ljava/lang/String;Ljava/lang/String;)V + types: + - file - id: 4 name: java.net.Socket methods: - id: 0 name: connect desc: (Ljava/net/SocketAddress;I)V + types: + - net - id: 5 name: sun.nio.ch.Net methods: - id: 0 name: connect desc: (Ljava/net/ProtocolFamily;Ljava/io/FileDescriptor;Ljava/net/InetAddress;I)I + types: + - net - id: 6 name: java.lang.ClassLoader methods: - id: 0 name: loadLibrary desc: (Ljava/lang/Class;Ljava/lang/String;Z)V + types: + - load - id: 7 name: java.net.URLClassLoader methods: - id: 0 name: desc: ([Ljava/net/URL;Ljava/lang/ClassLoader;)V + types: + - load - id: 1 name: desc: ([Ljava/net/URL;)V + types: + - load - id: 2 name: desc: ([Ljava/net/URL;Ljava/lang/ClassLoader;Ljava/net/URLStreamHandlerFactory;)V + types: + - load - id: 3 name: desc: (Ljava/lang/String;[Ljava/net/URL;Ljava/lang/ClassLoader;)V + types: + - load - id: 4 name: desc: (Ljava/lang/String;[Ljava/net/URL;Ljava/lang/ClassLoader;Ljava/net/URLStreamHandlerFactory;)V + types: + - load - id: 5 name: addURL desc: (Ljava/net/URL;)V + types: + - load - id: 8 name: java.net.InetAddress methods: - id: 0 name: getAllByName desc: (Ljava/lang/String;Ljava/net/InetAddress;)[Ljava/net/InetAddress; + types: + - net - id: 9 name: java.net.DatagramSocket methods: - id: 0 name: connectInternal desc: (Ljava/net/InetAddress;I)V + types: + - net - id: 10 name: java.lang.UNIXProcess methods: - id: 0 name: desc: ([B[BI[BI[B[IZ)V + types: + - process - id: 1 name: getOutputStream desc: ()Ljava/io/OutputStream; + types: + - process - id: 2 name: getInputStream desc: ()Ljava/io/InputStream; + types: + - process - id: 3 name: getErrorStream desc: ()Ljava/io/InputStream; + types: + - process - id: 11 name: sun.nio.fs.UnixNativeDispatcher methods: - id: 0 name: open desc: (Lsun/nio/fs/UnixPath;II)I + types: + - file - id: 1 name: openat desc: (I[BII)I + types: + - file - id: 2 name: link desc: (Lsun/nio/fs/UnixPath;Lsun/nio/fs/UnixPath;)V + types: + - file - id: 3 name: unlink desc: (Lsun/nio/fs/UnixPath;)V + types: + - file - id: 4 name: unlinkat desc: (I[BI)V + types: + - file - id: 5 name: mknod desc: (Lsun/nio/fs/UnixPath;IJ)V + types: + - file - id: 6 name: rename desc: (Lsun/nio/fs/UnixPath;Lsun/nio/fs/UnixPath;)V + types: + - file - id: 7 name: renameat desc: (I[BI[B)V + types: + - file - id: 8 name: mkdir desc: (Lsun/nio/fs/UnixPath;I)V + types: + - file - id: 9 name: rmdir desc: (Lsun/nio/fs/UnixPath;)V + types: + - file - id: 10 name: readlink desc: (Lsun/nio/fs/UnixPath;)[B + types: + - file - id: 11 name: symlink desc: ([BLsun/nio/fs/UnixPath;)V + types: + - file - id: 12 name: opendir desc: (Lsun/nio/fs/UnixPath;)J + types: + - file - id: 12 name: java.io.RandomAccessFile methods: - id: 0 name: desc: (Ljava/io/File;Ljava/lang/String;)V + types: + - file - id: 13 name: java.nio.file.Files methods: - id: 0 name: copy desc: (Ljava/nio/file/Path;Ljava/nio/file/Path;[Ljava/nio/file/CopyOption;)Ljava/nio/file/Path; + types: + - file - id: 1 name: move desc: (Ljava/nio/file/Path;Ljava/nio/file/Path;[Ljava/nio/file/CopyOption;)Ljava/nio/file/Path; + types: + - file - id: 14 name: org.apache.catalina.core.StandardPipeline methods: @@ -181,6 +269,8 @@ name: addValve desc: (Lorg/apache/catalina/Valve;)V preHook: checkAddValvePre + types: + - memshell - id: 15 name: org.apache.catalina.core.StandardContext methods: @@ -188,18 +278,26 @@ name: addServletMapping desc: (Ljava/lang/String;Ljava/lang/String;Z)V preHook: checkAddServletPre + types: + - memshell - id: 1 name: addApplicationEventListener desc: (Ljava/lang/Object;)V preHook: checkAddListenerPre + types: + - memshell - id: 2 name: addFilterDef desc: (Lorg/apache/tomcat/util/descriptor/web/FilterDef;)V preHook: checkAddFilterPre + types: + - memshell - id: 3 name: addServletMappingDecoded desc: (Ljava/lang/String;Ljava/lang/String;Z)V preHook: checkAddServletPre + types: + - memshell - id: 16 name: org.apache.catalina.core.ApplicationFilterConfig methods: @@ -207,6 +305,8 @@ name: desc: "" postHook: checkFilterConfigPost + types: + - memshell - id: 17 name: com.caucho.server.dispatch.FilterManager methods: @@ -214,6 +314,8 @@ name: addFilter desc: (Lcom/caucho/server/dispatch/FilterConfigImpl;)V preHook: checkResinAddFilterPre + types: + - memshell - id: 18 name: com.caucho.server.dispatch.ServletManager methods: @@ -221,6 +323,8 @@ name: addServlet desc: (Lcom/caucho/server/dispatch/ServletConfigImpl;Z)V preHook: checkResinAddServletPre + types: + - memshell - id: 19 name: com.caucho.server.webapp.WebApp methods: @@ -228,6 +332,8 @@ name: addListenerObject desc: (Ljava/lang/Object;Z)V preHook: checkAddListenerPre + types: + - memshell - id: 20 name: org.eclipse.jetty.servlet.BaseHolder methods: @@ -235,6 +341,8 @@ name: setHeldClass desc: (Ljava/lang/Class;)V preHook: checkJettyMemshellPre + types: + - memshell - id: 21 name: org.eclipse.jetty.servlet.Holder methods: @@ -242,6 +350,8 @@ name: setHeldClass desc: (Ljava/lang/Class;)V preHook: checkJettyMemshellPre + types: + - memshell - id: 22 name: org.eclipse.jetty.server.handler.ContextHandler methods: @@ -249,6 +359,8 @@ name: addEventListener desc: (Ljava/util/EventListener;)V preHook: checkJettyListenerPre + types: + - memshell - id: 23 name: org.springframework.web.servlet.handler.AbstractUrlHandlerMapping methods: @@ -256,6 +368,8 @@ name: registerHandler desc: (Ljava/lang/String;Ljava/lang/Object;)V preHook: checkSpringControllerPre + types: + - memshell - id: 24 name: org.springframework.web.servlet.handler.AbstractHandlerMethodMapping$MappingRegistry methods: @@ -263,6 +377,8 @@ name: register desc: (Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/reflect/Method;)V preHook: checkSpringControllerPre + types: + - memshell - id: 25 name: org.springframework.web.servlet.HandlerInterceptor methods: @@ -270,6 +386,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 26 name: javax.servlet.Filter methods: @@ -277,6 +395,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 27 name: javax.servlet.Servlet methods: @@ -284,6 +404,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 28 name: javax.servlet.ServletRequestListener methods: @@ -291,6 +413,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 29 name: javax.websocket.Endpoint methods: @@ -298,6 +422,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 30 name: jakarta.servlet.Filter methods: @@ -305,6 +431,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 31 name: jakarta.servlet.Servlet methods: @@ -312,6 +440,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 32 name: jakarta.servlet.ServletRequestListener methods: @@ -319,6 +449,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 33 name: io.undertow.servlet.core.ManagedServlets methods: @@ -326,6 +458,8 @@ name: addServlet desc: (Lio/undertow/servlet/api/ServletInfo;)Lio/undertow/servlet/handlers/ServletHandler; preHook: checkWildflyaddServletPre + types: + - memshell - id: 34 name: org.jboss.modules.ModuleClassLoader methods: @@ -333,6 +467,8 @@ name: findClass desc: (Ljava/lang/String;ZZ)Ljava/lang/Class; exceptionHook: processWildflyClassLoaderException + types: + - memshell - id: 35 name: com.caucho.server.http.WebSocketContextImpl methods: @@ -340,6 +476,8 @@ name: desc: "" preHook: checkResinWebSocketPre + types: + - memshell - id: 36 name: javax.websocket.server.DefaultServerEndpointConfig methods: @@ -347,12 +485,16 @@ name: desc: "" preHook: checkWebSocketConfigPre + types: + - memshell - id: 37 name: sun.nio.ch.SocketChannelImpl methods: - id: 0 name: connect desc: (Ljava/net/SocketAddress;)Z + types: + - net - id: 38 name: io.undertow.servlet.core.ManagedFilters methods: @@ -360,6 +502,8 @@ name: addFilter desc: (Lio/undertow/servlet/api/FilterInfo;)Lio/undertow/servlet/core/ManagedFilter; preHook: checkWildflyaddFilterPre + types: + - memshell - id: 39 name: org.apache.tomcat.util.threads.ThreadPoolExecutor methods: @@ -367,6 +511,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 40 name: org.apache.coyote.UpgradeProtocol methods: @@ -374,6 +520,8 @@ name: desc: "" postHook: checkMemshellInitPost + types: + - memshell - id: 41 name: org.apache.felix.framework.BundleWiringImpl$BundleClassLoader methods: @@ -381,10 +529,14 @@ name: findClass desc: (Ljava/lang/String;)Ljava/lang/Class; exceptionHook: processGlassfishClassLoaderfindClassException + types: + - memshell - id: 1 name: loadClass desc: (Ljava/lang/String;Z)Ljava/lang/Class; exceptionHook: processGlassfishClassLoaderfindClassException + types: + - memshell - id: 42 name: java.lang.reflect.Field methods: @@ -392,6 +544,8 @@ name: desc: "" postHook: handleReflectField + types: + - reflect - id: 43 name: java.lang.reflect.Method methods: @@ -399,3 +553,5 @@ name: desc: "" postHook: handleReflectMethod + types: + - reflect diff --git a/rasp/librasp/src/comm.rs b/rasp/librasp/src/comm.rs index ce51d0a75..afb4c9726 100644 --- a/rasp/librasp/src/comm.rs +++ b/rasp/librasp/src/comm.rs @@ -221,7 +221,7 @@ impl RASPComm for ThreadMode { target = resolved_path; } - make_path_exist(target.clone()); + let _ = make_path_exist(target.clone()); match fs::symlink(self.bind_path.clone(), target.clone()) { Ok(()) => { diff --git a/rasp/librasp/src/jvm.rs b/rasp/librasp/src/jvm.rs index ed1fba007..4de13c99a 100644 --- a/rasp/librasp/src/jvm.rs +++ b/rasp/librasp/src/jvm.rs @@ -8,8 +8,7 @@ use crate::process::ProcessInfo; use crate::runtime::{ProbeCopy, ProbeState, ProbeStateInspect}; use crate::settings::{self, RASP_VERSION}; use lazy_static::lazy_static; -use anyhow::{anyhow, Result, Result as AnyhowResult}; -use fs_extra::file::{copy as file_copy, remove as file_remove, CopyOptions as FileCopyOptions}; +use anyhow::{anyhow, Result}; lazy_static! { static ref RASP_JAVA_CHECKSUMSTR: String = { diff --git a/rasp/librasp/src/manager.rs b/rasp/librasp/src/manager.rs index 5cf4d0612..16c235607 100644 --- a/rasp/librasp/src/manager.rs +++ b/rasp/librasp/src/manager.rs @@ -203,7 +203,7 @@ impl RASPManager { serde_json::from_str(message)?; let mut valid_messages: Vec = Vec::new(); if messages.len() <= 0 { - for message_type in [6, 7, 8, 9, 12, 13, 14] { + for message_type in [6, 7, 8, 9, 12, 13, 14, 18] { messages.push(PidMissingProbeConfig { message_type, data: ProbeConfigData::empty(message_type)?, @@ -363,14 +363,14 @@ impl RASPManager { } } } - let mut diff_ns:bool = false; + match check_need_mount(mnt_namespace) { Ok(value) => { - diff_ns = value; + let diff_ns = value; if diff_ns { let to = format!("{}{}",root_dir.clone(), settings::RASP_JAVA_AGENT_BIN()); - self.copy_file_from_to_dest(settings::RASP_JAVA_JATTACH_BIN(), root_dir.clone()); - self.copy_file_from_to_dest(settings::RASP_JAVA_AGENT_BIN(), root_dir.clone()); + let _ = self.copy_file_from_to_dest(settings::RASP_JAVA_JATTACH_BIN(), root_dir.clone()); + let _ = self.copy_file_from_to_dest(settings::RASP_JAVA_AGENT_BIN(), root_dir.clone()); info!("copy from jattach/SmithAgent.jar to {}", to.clone()); } } @@ -383,7 +383,7 @@ impl RASPManager { } match java_detach(pid) { - Ok(result) => { + Ok(_) => { if self.can_copy(mnt_namespace) { for from in JVMProbe::names().0.iter() { self.copy_file_from_to_dest(from.clone(), root_dir.clone())?; diff --git a/rasp/plugin/src/monitor.rs b/rasp/plugin/src/monitor.rs index 1016872cd..111fc2e34 100644 --- a/rasp/plugin/src/monitor.rs +++ b/rasp/plugin/src/monitor.rs @@ -215,7 +215,6 @@ pub fn rasp_monitor_start(client: Client) -> Anyhow<()> { } sleep(Duration::from_secs(10)); } - Ok(()) } fn internal_main( @@ -473,24 +472,25 @@ fn internal_main( } Err(e) => { warn!("operation failed: {:?} {}", operation_message, e); - let report = make_report( - &process.clone(), - format!("{}_failed", state.clone()).as_str(), - e.to_string(), - ); - let mut record = hashmap_to_record(report); - record.data_type = report_action_data_type.clone() as i32; - record.timestamp = time(); - if let Err(e) = operation_reporter.send( - record - ) { - warn!("operation thread send command to receiver err: {}, pid: {}", e, process.pid); + if state != "ATTACHED" { + let report = make_report( + &process.clone(), + format!("{}_failed", state.clone()).as_str(), + e.to_string(), + ); + let mut record = hashmap_to_record(report); + record.data_type = report_action_data_type.clone() as i32; + record.timestamp = time(); + if let Err(e) = operation_reporter.send( + record + ) { + warn!("operation thread send command to receiver err: {}, pid: {}", e, process.pid); + } + let _ = process.update_failed_reason(&e.to_string()); + let mut opp = operation_process_rw.write(); + opp.insert(process.pid, process.clone()); + drop(opp); } - let _ = process.update_failed_reason(&e.to_string()); - let mut opp = operation_process_rw.write(); - opp.insert(process.pid, process.clone()); - drop(opp); - continue; } }; @@ -535,5 +535,4 @@ fn internal_main( } sleep(Duration::from_secs(10)); } - Ok(()) } diff --git a/rasp/plugin/src/operation.rs b/rasp/plugin/src/operation.rs index f7ff82d55..5df91c981 100644 --- a/rasp/plugin/src/operation.rs +++ b/rasp/plugin/src/operation.rs @@ -1,6 +1,6 @@ use anyhow::{anyhow, Result as AnyhowResult}; use crossbeam::channel::{Sender}; -use librasp::{manager::{BPFSelect, RASPManager}, runtime::ProbeState}; +use librasp::manager::{BPFSelect, RASPManager}; use log::*; use librasp::process::TracingState; use crate::{utils::Control}; @@ -175,7 +175,7 @@ impl Operator { match process_state.to_string().as_str() { "ATTACHED" => { match self.detach_process(process) { - Ok(res) => { + Ok(_) => { process.tracing_state = Some(TracingState::INSPECTED); } Err(e) => { diff --git a/rasp/rasp_server/src/comm.rs b/rasp/rasp_server/src/comm.rs index 118914401..dbe7213dd 100644 --- a/rasp/rasp_server/src/comm.rs +++ b/rasp/rasp_server/src/comm.rs @@ -114,7 +114,7 @@ pub async fn start_bind(sock: RASPSock) -> Result<(), String> { error!("clean bind path err: {:?}", err); }, } - listen(&sock.server_addr.clone()); + let _ = listen(&sock.server_addr.clone()); } } }); @@ -286,7 +286,7 @@ pub async fn looping( None => { log::warn!("tx recv ctrl stop"); let _ = tx_ctrl.stop(); - drop(framed_rx.get_mut()); + //drop(framed_rx.get_mut()); return } diff --git a/rasp/rasp_server/src/proto.rs b/rasp/rasp_server/src/proto.rs index a49f40604..fcb9b5b07 100644 --- a/rasp/rasp_server/src/proto.rs +++ b/rasp/rasp_server/src/proto.rs @@ -6,6 +6,8 @@ use lazy_static::lazy_static; use log::*; use serde::{Deserialize, Serialize}; use serde_json; +use crate::proto::serde_json::Map; +use serde_json::Value; use anyhow::{Result as AnyhowResult, anyhow}; use super::utils::generate_timestamp_f64; @@ -138,6 +140,8 @@ pub struct ProbeConfigData { pub class_filter_version: Option, #[serde(skip_serializing_if = "Option::is_none")] pub rule: Option>, + #[serde(skip_serializing_if = "Option::is_none")] + pub switches: Option>, } impl ProbeConfigData { @@ -161,6 +165,7 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: None, + switches: None, }, 7 => ProbeConfigData { uuid: Some(String::new()), @@ -171,6 +176,7 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: None, + switches: None, }, 8 => ProbeConfigData { uuid: Some(String::new()), @@ -181,6 +187,7 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: None, + switches: None, }, 9 => ProbeConfigData { uuid: Some(String::new()), @@ -191,6 +198,7 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: None, + switches: None, }, 12 => ProbeConfigData { uuid: None, @@ -201,6 +209,7 @@ impl ProbeConfigData { rule_version: Some(0), class_filter_version: Some(String::new()), rule: None, + switches: None, }, 13 => ProbeConfigData { uuid: None, @@ -211,6 +220,7 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: Some(Vec::new()), + switches: None, }, 14 => ProbeConfigData { uuid: None, @@ -221,6 +231,18 @@ impl ProbeConfigData { rule_version: None, class_filter_version: None, rule: None, + switches: None, + }, + 18 => ProbeConfigData { + uuid: Some(String::new()), + blocks: None, + filters: None, + limits: None, + patches: None, + rule_version: None, + class_filter_version: None, + rule: None, + switches: Some(Map::new()), }, _ => { return Err(anyhow!("message type not valid")); @@ -294,6 +316,7 @@ pub struct ProbeConfigPatch { } #[derive(Debug, Serialize, Deserialize, Clone, Default)] +#[allow(non_snake_case)] pub struct ProbeConfigClassRule { pub virusName: String, pub flags: i32,