Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix bug #329

Merged
merged 1 commit into from
Jun 17, 2022
Merged

fix bug #329

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 37 additions & 2 deletions dongtai-agent/src/main/java/io/dongtai/iast/agent/manager/EngineManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,12 +29,14 @@ public class EngineManager {
private static final String REMOTE_CONFIG_UTILS_CLASS = "io.dongtai.iast.core.utils.config.RemoteConfigUtils";
private static final String ENGINE_MANAGER_CLASS = "io.dongtai.iast.core.EngineManager";
private static final String INJECT_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-spy";
private static final String INJECT_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-spy-jdk6";
private static final String ENGINE_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-core";
private static final String ENGINE_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-core-jdk6";
private static final String API_PACKAGE_REMOTE_URI = "/api/v1/engine/download?engineName=dongtai-api";
private static final String API_PACKAGE_REMOTE_URI_JDK6 = "/api/v1/engine/download?engineName=dongtai-api-jdk6";
private static IastClassLoader IAST_CLASS_LOADER;
private static EngineManager INSTANCE;
private static String PID;

private final Instrumentation inst;
private int runningStatus;
private static boolean isCoreStop;
Expand Down Expand Up @@ -247,6 +249,22 @@ public boolean downloadPackageFromServer() {
downloadJarPackageToCacheFromUrl(baseUrl + "/api/v1/engine/download?engineName=dongtai-grpc", getGrpcPackagePath());
}

/**
* 更新IAST引擎需要的jar包,用于启动时加载和热更新检测引擎 - iast-core.jar - iast-inject.jar
*
* @return 更新状态,成功为true,失败为false
*/
public boolean downloadPackageFromServerJdk6() {
String baseUrl = properties.getBaseUrl();
// 自定义jar下载地址
String spyJarUrl = "".equals(properties.getCustomSpyJarUrl()) ? baseUrl + INJECT_PACKAGE_REMOTE_URI_JDK6 : properties.getCustomSpyJarUrl();
String coreJarUrl = "".equals(properties.getCustomCoreJarUrl()) ? baseUrl + ENGINE_PACKAGE_REMOTE_URI_JDK6 : properties.getCustomCoreJarUrl();
String apiJarUrl = "".equals(properties.getCustomApiJarUrl()) ? baseUrl + API_PACKAGE_REMOTE_URI_JDK6 : properties.getCustomApiJarUrl();
return downloadJarPackageToCacheFromUrl(spyJarUrl, getInjectPackageCachePath()) &&
downloadJarPackageToCacheFromUrl(coreJarUrl, getEnginePackageCachePath()) &&
downloadJarPackageToCacheFromUrl(apiJarUrl, getApiPackagePath());
}

/**
* 从 dongtai-agent.jar 提取相关的jar包
*
Expand Down Expand Up @@ -284,6 +302,24 @@ public boolean extractPackage() {
}
}

public boolean extractPackageJdk6() {
// 解析jar包到本地
String spyPackage = getInjectPackageCachePath();
String enginePackage = getEnginePackageCachePath();
String apiPackage = getApiPackagePath();
if (properties.isDebug()) {
DongTaiLog.info("current mode: debug, try to read package from directory {}", System.getProperty("java.io.tmpdir.dongtai"));
if ((new File(spyPackage)).exists() && (new File(enginePackage)).exists() && (new File(apiPackage)).exists()) {
return true;
}
}
if(properties.getIsDownloadPackage().equals("true")){
return downloadPackageFromServerJdk6();
}else {
return extractPackageFromAgent();
}
}

public boolean install() {
String spyPackage = EngineManager.getInjectPackageCachePath();
String corePackage = EngineManager.getEnginePackageCachePath();
Expand Down Expand Up @@ -311,7 +347,6 @@ public boolean install() {
} catch (Throwable throwable) {
DongTaiLog.error("Throwable: DongTai engine start failed, please contact staff for help.");
DongTaiLog.error(throwable);

}
return false;
}
Expand Down
17 changes: 12 additions & 5 deletions dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/MonitorDaemonThread.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,11 +70,18 @@ public void run() {


public void startEngine() {
boolean status = couldInstallEngine();
// todo: 下载功能优先走本地缓存
status = status && engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
boolean status = true;
if(couldInstallEngine()){
// jdk8以上
status = status && engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
}else {
// jdk6-7
status = status && engineManager.extractPackageJdk6();
status = status && engineManager.install();
status = status && engineManager.start();
}
if (!status) {
DongTaiLog.info("DongTai IAST started failure");
}
Expand Down
2 changes: 1 addition & 1 deletion ...agent/src/main/java/io/dongtai/iast/agent/monitor/collector/MetricsBindCollectorEnum.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ public enum MetricsBindCollectorEnum {

MEM_USAGE_COLLECTOR(MEM_USAGE, MemUsageCollector.class, "绑定内存使用率收集器"),

MEM_NO_HEAP_USAGE_COLLECTOR(MEM_NO_HEAP_USAGE, MemNoHeapUsageCollector.class, "绑定堆外内存使用率收集器"),
MEM_NO_HEAP_USAGE_COLLECTOR(MEM_NO_HEAP_USAGE, SystemMemUsageCollector.class, "绑定系统内存使用率收集器"),

GARBAGE_INFO_COLLECTOR(GARBAGE_INFO, GarbageInfoCollector.class, "绑定垃圾回收信息收集器"),

Expand Down
50 changes: 30 additions & 20 deletions ...i-agent/src/main/java/io/dongtai/iast/agent/monitor/collector/impl/CpuUsageCollector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,11 @@
import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
import io.dongtai.iast.common.entity.performance.metrics.CpuInfoMetrics;
import io.dongtai.iast.common.enums.MetricsKey;
import io.dongtai.iast.common.utils.version.JavaVersionUtils;
import oshi.SystemInfo;
import oshi.hardware.CentralProcessor;

import java.lang.management.ManagementFactory;
import java.util.concurrent.TimeUnit;

/**
Expand All @@ -18,27 +20,35 @@ public class CpuUsageCollector extends AbstractPerformanceCollector {

@Override
public PerformanceMetrics getMetrics() {
SystemInfo systemInfo = new SystemInfo();
CentralProcessor processor = systemInfo.getHardware().getProcessor();
long[] prevTicks = processor.getSystemCpuLoadTicks();
try {
TimeUnit.SECONDS.sleep(1);
} catch (InterruptedException ignored) {
}
long[] ticks = processor.getSystemCpuLoadTicks();
long nice = ticks[CentralProcessor.TickType.NICE.getIndex()] - prevTicks[CentralProcessor.TickType.NICE.getIndex()];
long irq = ticks[CentralProcessor.TickType.IRQ.getIndex()] - prevTicks[CentralProcessor.TickType.IRQ.getIndex()];
long softirq = ticks[CentralProcessor.TickType.SOFTIRQ.getIndex()] - prevTicks[CentralProcessor.TickType.SOFTIRQ.getIndex()];
long steal = ticks[CentralProcessor.TickType.STEAL.getIndex()] - prevTicks[CentralProcessor.TickType.STEAL.getIndex()];
long cSys = ticks[CentralProcessor.TickType.SYSTEM.getIndex()] - prevTicks[CentralProcessor.TickType.SYSTEM.getIndex()];
long user = ticks[CentralProcessor.TickType.USER.getIndex()] - prevTicks[CentralProcessor.TickType.USER.getIndex()];
long iowait = ticks[CentralProcessor.TickType.IOWAIT.getIndex()] - prevTicks[CentralProcessor.TickType.IOWAIT.getIndex()];
long idle = ticks[CentralProcessor.TickType.IDLE.getIndex()] - prevTicks[CentralProcessor.TickType.IDLE.getIndex()];
long totalCpu = user + nice + cSys + idle + iowait + irq + softirq + steal;
if (JavaVersionUtils.isJava6()){
com.sun.management.OperatingSystemMXBean osmxb = (com.sun.management.OperatingSystemMXBean) ManagementFactory.getOperatingSystemMXBean();
double systemCpuLoad = osmxb.getSystemCpuLoad()*100;
CpuInfoMetrics metricsValue = new CpuInfoMetrics();
metricsValue.setCpuUsagePercentage(systemCpuLoad);
return buildMetricsData(MetricsKey.CPU_USAGE, metricsValue);
}else {
SystemInfo systemInfo = new SystemInfo();
CentralProcessor processor = systemInfo.getHardware().getProcessor();
long[] prevTicks = processor.getSystemCpuLoadTicks();
try {
TimeUnit.SECONDS.sleep(1);
} catch (InterruptedException ignored) {
}
long[] ticks = processor.getSystemCpuLoadTicks();
long nice = ticks[CentralProcessor.TickType.NICE.getIndex()] - prevTicks[CentralProcessor.TickType.NICE.getIndex()];
long irq = ticks[CentralProcessor.TickType.IRQ.getIndex()] - prevTicks[CentralProcessor.TickType.IRQ.getIndex()];
long softirq = ticks[CentralProcessor.TickType.SOFTIRQ.getIndex()] - prevTicks[CentralProcessor.TickType.SOFTIRQ.getIndex()];
long steal = ticks[CentralProcessor.TickType.STEAL.getIndex()] - prevTicks[CentralProcessor.TickType.STEAL.getIndex()];
long cSys = ticks[CentralProcessor.TickType.SYSTEM.getIndex()] - prevTicks[CentralProcessor.TickType.SYSTEM.getIndex()];
long user = ticks[CentralProcessor.TickType.USER.getIndex()] - prevTicks[CentralProcessor.TickType.USER.getIndex()];
long iowait = ticks[CentralProcessor.TickType.IOWAIT.getIndex()] - prevTicks[CentralProcessor.TickType.IOWAIT.getIndex()];
long idle = ticks[CentralProcessor.TickType.IDLE.getIndex()] - prevTicks[CentralProcessor.TickType.IDLE.getIndex()];
long totalCpu = user + nice + cSys + idle + iowait + irq + softirq + steal;

CpuInfoMetrics metricsValue = new CpuInfoMetrics();
metricsValue.setCpuUsagePercentage((1.0 - (idle * 1.0 / totalCpu)) * 100);
return buildMetricsData(MetricsKey.CPU_USAGE, metricsValue);
CpuInfoMetrics metricsValue = new CpuInfoMetrics();
metricsValue.setCpuUsagePercentage((1.0 - (idle * 1.0 / totalCpu)) * 100);
return buildMetricsData(MetricsKey.CPU_USAGE, metricsValue);
}
}

}
24 changes: 24 additions & 0 deletions ...t/src/main/java/io/dongtai/iast/agent/monitor/collector/impl/SystemMemUsageCollector.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package io.dongtai.iast.agent.monitor.collector.impl;

import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
import io.dongtai.iast.common.enums.MetricsKey;

import java.lang.management.ManagementFactory;
import java.lang.management.MemoryUsage;

public class SystemMemUsageCollector extends AbstractPerformanceCollector {
/**
* 获取性能指标
*
* @return 性能指标
*/
@Override
public PerformanceMetrics getMetrics() {
com.sun.management.OperatingSystemMXBean osmxb = (com.sun.management.OperatingSystemMXBean) ManagementFactory.getOperatingSystemMXBean();
long totalPhysicalMemorySize = osmxb.getTotalPhysicalMemorySize();
long usedPhysicalMemorySize = totalPhysicalMemorySize - osmxb.getFreePhysicalMemorySize();
MemoryUsageMetrics metricsValue = MemoryUsageMetrics.clone(new MemoryUsage(totalPhysicalMemorySize, usedPhysicalMemorySize, usedPhysicalMemorySize, totalPhysicalMemorySize));
return buildMetricsData(MetricsKey.MEM_NO_HEAP_USAGE, metricsValue);
}
}
25 changes: 22 additions & 3 deletions dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/EngineMonitor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
import io.dongtai.iast.agent.util.ThreadUtils;
import io.dongtai.iast.agent.util.http.HttpClientUtils;
import io.dongtai.iast.agent.Constant;
import io.dongtai.iast.common.utils.version.JavaVersionUtils;
import io.dongtai.log.DongTaiLog;
import org.json.JSONObject;

Expand Down Expand Up @@ -98,14 +99,32 @@ private String checkForStatus() {
}

public void startEngine() {
boolean status = engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
boolean status = true;
if(couldInstallEngine()){
// jdk8以上
status = status && engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
}else {
// jdk6-7
status = status && engineManager.extractPackage();
status = status && engineManager.install();
status = status && engineManager.start();
}
if (!status) {
DongTaiLog.info("DongTai IAST started failure");
}
}

private boolean couldInstallEngine() {
// 低版本jdk暂不支持安装引擎core包
if (JavaVersionUtils.isJava6() || JavaVersionUtils.isJava7()) {
DongTaiLog.info("DongTai Engine core couldn't install because of low JDK version:" + JavaVersionUtils.javaVersionStr());
return false;
}
return true;
}

@Override
public void run() {
try {
Expand Down
10 changes: 0 additions & 10 deletions dongtai-agent/src/main/java/io/dongtai/iast/agent/monitor/impl/PerformanceMonitor.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,16 +131,6 @@ public void check() throws Exception {
updatePerformanceMetrics(performanceMetrics);
// 检查性能指标(用于熔断降级)
checkPerformanceMetrics(performanceMetrics);
/* int UsedRate = CPU_USAGE;
PerformanceMonitor.AGENT_THRESHOLD_VALUE = PerformanceMonitor.checkThresholdValue();
int preStatus = this.engineManager.getRunningStatus();
if (isStart(UsedRate, preStatus)) {
this.engineManager.start();
DongTaiLog.info("The current CPU usage is " + UsedRate + "%, lower than the threshold " + AGENT_THRESHOLD_VALUE + "%,and the detection engine is starting");
} else if (isStop(UsedRate, preStatus)) {
this.engineManager.stop();
DongTaiLog.info("The current CPU usage is " + UsedRate + "%, higher than the threshold " + AGENT_THRESHOLD_VALUE + "%,and the detection engine is stopping");
}*/
}

private void updatePerformanceMetrics(List<PerformanceMetrics> performanceMetrics) {
Expand Down
48 changes: 46 additions & 2 deletions dongtai-agent/src/test/java/com/secnium/iast/agent/AgentTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@

import java.io.*;
import java.lang.management.ManagementFactory;
import java.lang.management.OperatingSystemMXBean;
import java.lang.management.RuntimeMXBean;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
Expand Down Expand Up @@ -95,7 +98,48 @@ public void doAaaa() {
}

public static void main(String[] args) {
String a = "52.81.92.214:30158";
System.out.println(a.substring(a.indexOf(":")+1));
// com.sun.management.OperatingSystemMXBean osmxb = (com.sun.management.OperatingSystemMXBean) ManagementFactory.getOperatingSystemMXBean();
// double systemCpuLoad = osmxb.getSystemCpuLoad()/osmxb.getAvailableProcessors();
// double processCpuLoad = osmxb.getProcessCpuLoad();
// System.out.println(systemCpuLoad);
// System.out.println(processCpuLoad);


// OperatingSystemMXBean operatingSystemMXBean = ManagementFactory.getOperatingSystemMXBean();
// for (Method method : operatingSystemMXBean.getClass().getDeclaredMethods()) {
// method.setAccessible(true);
// if (method.getName().startsWith("get")
// && Modifier.isPublic(method.getModifiers())) {
// Object value;
// try {
// value = method.invoke(operatingSystemMXBean);
// } catch (Exception e) {
// value = e;
// } // try
// System.out.println(method.getName() + " = " + value);
// } // if
// } // for


OperatingSystemMXBean mbean = (com.sun.management.OperatingSystemMXBean)
ManagementFactory.getOperatingSystemMXBean();
double load;
for(int i=0; i<10; i++) {
load = ((com.sun.management.OperatingSystemMXBean) mbean).getSystemCpuLoad();
System.out.println(load);
if((load<0.0 || load>1.0) && load != -1.0) {
throw new RuntimeException("getSystemCpuLoad() returns " + load
+ " which is not in the [0.0,1.0] interval");
}
try {
Thread.sleep(200);
} catch(InterruptedException e) {
e.printStackTrace();
}
}
}

private static void printUsage() {

}
}
2 changes: 2 additions & 0 deletions dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphBuilder.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,9 @@ public static List<GraphNode> build() {
event.getSourceHashes(),
event.getTargetHashes(),
properties.isLocal() ? event.obj2String(event.inValue) : "",
properties.isLocal() && event.objIsReference(event.inValue),
properties.isLocal() ? event.obj2String(event.outValue) : "",
properties.isLocal() && event.objIsReference(event.inValue),
event.getSourceHashForRpc(),
event.getTargetHashForRpc(),
event.getTraceId(),
Expand Down
10 changes: 10 additions & 0 deletions dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/graphy/GraphNode.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,12 @@ public class GraphNode {

private final String sourceValues;

private final boolean sourceIsReference;

private final String targetValues;

private final boolean targetIsReference;

/**
* 当前方法所在类继承的类名称
*/
Expand Down Expand Up @@ -126,7 +130,9 @@ public GraphNode(boolean isSource,
Set<Integer> sourceHash,
Set<Integer> targetHash,
String sourceValues,
boolean sourceIsReference,
String targetValues,
boolean targetIsReference,
Set<Integer> sourceHashForRpc,
Set<Integer> targetHashForRpc,
String traceId,
Expand All @@ -149,7 +155,9 @@ public GraphNode(boolean isSource,
this.sourceHash = sourceHash;
this.targetHash = targetHash;
this.sourceValues = sourceValues;
this.sourceIsReference = sourceIsReference;
this.targetValues = targetValues;
this.targetIsReference = targetIsReference;
this.sourceHashForRpc = sourceHashForRpc;
this.targetHashForRpc = targetHashForRpc;
this.traceId = traceId;
Expand Down Expand Up @@ -180,7 +188,9 @@ public JSONObject toJson() {
value.put("retClassName", retClassName);
value.put("sourceHash", sourceHashArray);
value.put("sourceValues", sourceValues);
value.put("sourceIsReference",sourceIsReference);
value.put("targetHash", targetHashArray);
value.put("targetIsReference", targetIsReference);
value.put("targetValues", targetValues);
value.put("sourceHashForRpc", sourceHashForRpcArray);
value.put("targetHashForRpc", targetHashForRpcArray);
Expand Down
Loading