feature API

Author: ‘niuerzhuang’

iast-core/dependency-reduced-pom.xml

@@ -137,6 +137,38 @@
       <version>0.6.1</version>
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>org.springframework</groupId>
+      <artifactId>spring-webmvc</artifactId>
+      <version>5.2.8.RELEASE</version>
+      <scope>provided</scope>
+      <exclusions>
+        <exclusion>
+          <artifactId>spring-aop</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>spring-beans</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>spring-context</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>spring-core</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>spring-expression</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+        <exclusion>
+          <artifactId>spring-web</artifactId>
+          <groupId>org.springframework</groupId>
+        </exclusion>
+      </exclusions>
+    </dependency>
   </dependencies>
   <properties>
     <jdk.version.level>2</jdk.version.level>

iast-core/pom.xml

@@ -203,6 +203,13 @@
             <artifactId>json</artifactId>
             <version>${json.version}</version>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <version>5.2.8.RELEASE</version>
+            <scope>provided</scope>
+        </dependency>
     </dependencies>
 
 </project>

iast-core/src/main/java/com/secnium/iast/core/enhance/IastClassFileTransformer.java

@@ -75,6 +75,10 @@ public byte[] transform(final ClassLoader loader,
             EngineManager.turnOffLingzhi();
         }
 
+        if (internalClassName.equals("org/springframework/web/servlet/DispatcherServlet")){
+            System.out.println("a");
+        }
+
         StopWatch clock = null;
         if (logger.isDebugEnabled()) {
             clock = new StopWatch();

iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/PluginRegister.java

@@ -33,13 +33,13 @@ public ClassVisitor initial(ClassVisitor classVisitor, IastContext context) {
 
     static {
         PLUGINS = new ArrayList<DispatchPlugin>();
+        PLUGINS.add(new DispatchSpringApplication());
         //PLUGINS.add(new DispatchTechnologyPlugin());
         PLUGINS.add(new DispatchJ2ee());
         //PLUGINS.add(new DispatchJsp());
         PLUGINS.add(new DispatchCookie());
         //PLUGINS.add(new DispatchSpringAutoBinding());
         PLUGINS.add(new DispatchClassPlugin());
         //PLUGINS.add()
-        PLUGINS.add(new DispatchSpringApplication());
     }
 }

iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/DispatchSpringApplication.java

@@ -6,13 +6,13 @@
 
 public class DispatchSpringApplication implements DispatchPlugin {
 
-    static String autoBindClassname = " org.springframework.boot.SpringApplication".substring(1);
+    static String autoBindClassname = " org.springframework.web.servlet.FrameworkServlet".substring(1);
+
     private String classname;
 
     @Override
     public ClassVisitor dispatch(ClassVisitor classVisitor, IastContext context) {
         classname = context.getClassName();
-
         System.out.println(classname);
         if (autoBindClassname.equals(classname)) {
             classVisitor = new SpringApplicationAdapter(classVisitor, context);

iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/SpringApplicationAdapter.java

@@ -1,13 +1,9 @@
 package com.secnium.iast.core.enhance.plugins.api;
 
 import com.secnium.iast.core.enhance.IastContext;
-import com.secnium.iast.core.enhance.plugins.AbstractAdviceAdapter;
 import com.secnium.iast.core.enhance.plugins.AbstractClassVisitor;
-import com.secnium.iast.core.enhance.plugins.core.adapter.PropagateAdviceAdapter;
-import com.secnium.iast.core.handler.controller.HookType;
 import org.objectweb.asm.ClassVisitor;
 import org.objectweb.asm.MethodVisitor;
-import org.objectweb.asm.Type;
 
 public class SpringApplicationAdapter extends AbstractClassVisitor {
 
@@ -28,16 +24,8 @@ public MethodVisitor visitMethod(int access, String name, String descriptor, Str
                 descriptor,
                 signature,
                 exceptions);
-        if ("run".equals(name) && Type.getArgumentTypes(descriptor).length == 1) {
-            System.out.println(context.getClassName());
-//            methodVisitor = new SpringApplicationAdviceAdapter(methodVisitor,
-//                    access,
-//                    name,
-//                    descriptor,
-//                    context,
-//                    "spring",
-//                    "signature"
-//            );
+        if ("getWebApplicationContext".equals(name)) {
+//            System.out.println(context.getClassName());
             methodVisitor = new SpringApplicationAdviceAdapter(
                     methodVisitor,
                     access,

iast-core/src/main/java/com/secnium/iast/core/enhance/plugins/api/SpringApplicationImpl.java

@@ -0,0 +1,140 @@
+package com.secnium.iast.core.enhance.plugins.api;
+
+import com.secnium.iast.core.handler.models.ApiDataModel;
+import com.secnium.iast.core.handler.models.MethodEvent;
+import org.springframework.aop.support.AopUtils;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.mvc.condition.PatternsRequestCondition;
+import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
+import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+import java.lang.reflect.Parameter;
+import java.util.*;
+import java.util.concurrent.atomic.AtomicInteger;
+
+import static com.secnium.iast.core.report.ApiReport.sendReport;
+
+/**
+ * [email protected]
+ */
+public class SpringApplicationImpl {
+
+    public static boolean isSend;
+
+    public static void getWebApplicationContext(MethodEvent event, AtomicInteger invokeIdSequencer) {
+        ApplicationContext applicationContext = (ApplicationContext) event.returnValue;
+        if(!isSend) {
+        List<ApiDataModel> api = getAPI(applicationContext);
+        sendReport(api);
+        isSend = true;
+        }
+    }
+
+    public static List<ApiDataModel> getAPI(ApplicationContext applicationContext) {
+        RequestMappingHandlerMapping mapping = applicationContext.getBean(RequestMappingHandlerMapping.class);
+        Map<RequestMappingInfo, HandlerMethod> methodMap = mapping.getHandlerMethods();
+        List<ApiDataModel> apiList = new ArrayList<>();
+        for (RequestMappingInfo info : methodMap.keySet()) {
+            ApiDataModel apiDataModel = new ApiDataModel();
+            HandlerMethod handlerMethod = methodMap.get(info);
+            String clazz = handlerMethod.getBeanType().toString().substring(6);
+            apiDataModel.setClazz(clazz);
+            String method = info.getMethodsCondition().toString().replace("[", "").replace("]", "");
+            String[] methods;
+            if ("".equals(method)) {
+                methods = new String[2];
+                methods[0] = "GET";
+                methods[1] = "POST";
+            }else {
+                methods = new String[1];
+                methods[0] = method;
+            }
+            apiDataModel.setMethod(methods);
+            Method declaredMethod = null;
+            try {
+                HandlerMethod handlerMethodData = methodMap.get(info);
+                String beanType = handlerMethodData.getBeanType().toString().substring(6);
+                apiDataModel.setController(beanType);
+                Method methodData = handlerMethodData.getMethod();
+                String methodName = methodData.getName();
+                Parameter[] parameters = methodData.getParameters();
+                List<Class<?>> parameterList = new ArrayList<>();
+                for (Parameter parameter : parameters
+                ) {
+                    parameterList.add(parameter.getType());
+                }
+                int parameterListSize = parameterList.size();
+                Class<?>[] classes = new Class[parameterListSize];
+                for (int i = 0; i < parameterListSize; i++) {
+                    classes[i] = parameterList.get(i);
+                }
+                declaredMethod = AopUtils.getTargetClass(applicationContext.getBean(handlerMethod.getBean().toString())).getDeclaredMethod(methodName, classes);
+                parameters = declaredMethod.getParameters();
+                List<Map<String, String>> parameterMaps = new ArrayList<>();
+                for (Parameter parameter : parameters
+                ) {
+                    Map<String, String> parameterMap = new HashMap<>();
+                    String className = parameter.getName();
+                    String classType = parameter.getType().toString();
+                    if (classType.contains(" ")) {
+                        classType = classType.substring(classType.indexOf(" ") + 1);
+                    }
+                    Annotation[] declaredAnnotations = parameter.getDeclaredAnnotations();
+                    StringBuilder annos = new StringBuilder();
+                    for (Annotation annotation : declaredAnnotations
+                    ) {
+                        String anno = annotation.annotationType().toString();
+                        anno = anno.substring(anno.lastIndexOf(".")+1);
+                        if ("PathVariable".equals(anno)){
+                            anno = "restful访问参数";
+                        }else if ("RequestHeader".equals(anno)){
+                            anno = "Header参数";
+                        }else if ("CookieValue".equals(anno)){
+                            anno = "Cookie参数";
+                        }else if ("RequestParam".equals(anno)){
+                            anno = "GET请求参数";
+                        }else if ("RequestBody".equals(anno)){
+                            anno = "POST请求的body参数";
+                        }else if ("Validated".equals(anno)){
+                            anno = "GET请求参数对象";
+                        }
+                        annos.append(anno);
+                    }
+                    parameterMap.put("name", className);
+                    parameterMap.put("type", classType);
+                    parameterMap.put("annotation", String.valueOf(annos));
+                    parameterMaps.add(parameterMap);
+                }
+                apiDataModel.setParameters(parameterMaps);
+                String returnType = declaredMethod.getReturnType().toString();
+                if (returnType.contains("class ")) {
+                    returnType = declaredMethod.getReturnType().toString().substring(6);
+                }
+                apiDataModel.setReturnType(returnType);
+            } catch (NoSuchMethodException ignore) {
+            }
+
+
+            PatternsRequestCondition patternsCondition = info.getPatternsCondition();
+            Set<String> patterns = patternsCondition.getPatterns();
+            if (patterns.size()>1){
+                for (String s:patterns
+                ) {
+                    String uri = s.replace("[", "").replace("]", "");
+                    apiDataModel.setUrl(uri);
+                    apiList.add(apiDataModel);
+                }
+            }else {
+                String uri = info.getPatternsCondition().toString().replace("[", "").replace("]", "");
+                apiDataModel.setUrl(uri);
+                apiList.add(apiDataModel);
+            }
+        }
+        return apiList;
+    }
+
+
+}

iast-core/src/main/java/com/secnium/iast/core/handler/EventListenerHandlers.java

@@ -1,6 +1,7 @@
 package com.secnium.iast.core.handler;
 
 import com.secnium.iast.core.EngineManager;
+import com.secnium.iast.core.enhance.plugins.api.SpringApplicationImpl;
 import com.secnium.iast.core.handler.controller.HookType;
 import com.secnium.iast.core.handler.controller.impl.HttpImpl;
 import com.secnium.iast.core.handler.controller.impl.PropagatorImpl;
@@ -61,7 +62,7 @@ public static void onBefore(final String framework,
                             SinkImpl.solveSink(event, INVOKE_ID_SEQUENCER);
                         } else if (HookType.SPRINGAPPLICATION.equals(hookType)) {
                             // todo
-                            System.out.println("a");
+                            SpringApplicationImpl.getWebApplicationContext(event,INVOKE_ID_SEQUENCER);
                         }
                     }
                 }

iast-core/src/main/java/com/secnium/iast/core/handler/models/ApiDataModel.java

@@ -1,5 +1,6 @@
 package com.secnium.iast.core.handler.models;
 
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -10,25 +11,37 @@
 public class ApiDataModel {
 
     private String url;
-    private String method;
+    private String[] method;
     private String clazz;
-    private Map<String,String>[] parameters;
+    List<Map<String, String>> parameters;
     private String returnType;
     private String file;
     private String controller;
+    private String description;
 
     public ApiDataModel() {
     }
 
-
-    public ApiDataModel(String url, String method, String clazz, Map<String, String>[] parameters, String returnType, String file, String controller) {
+    public ApiDataModel(String url, String[] method, String clazz, List<Map<String, String>> parameters, String returnType, String file, String controller, String description) {
         this.url = url;
         this.method = method;
         this.clazz = clazz;
         this.parameters = parameters;
         this.returnType = returnType;
         this.file = file;
         this.controller = controller;
+        this.description = description;
+    }
+
+    public String getDescription() {
+        if (description == null) {
+            description = "";
+        }
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
     }
 
     public String getClazz() {
@@ -47,19 +60,19 @@ public void setUrl(String url) {
         this.url = url;
     }
 
-    public String getMethod() {
+    public String[] getMethod() {
         return method;
     }
 
-    public void setMethod(String method) {
+    public void setMethod(String[] method) {
         this.method = method;
     }
 
-    public Map<String, String>[] getParameters() {
+    public List<Map<String, String>> getParameters() {
         return parameters;
     }
 
-    public void setParameters(Map<String, String>[] parameters) {
+    public void setParameters(List<Map<String, String>> parameters) {
         this.parameters = parameters;
     }
 
@@ -72,6 +85,9 @@ public void setReturnType(String returnType) {
     }
 
     public String getFile() {
+        if (file == null) {
+            file = "";
+        }
         return file;
     }
 

iast-core/src/main/java/com/secnium/iast/core/handler/vulscan/ReportConstant.java

@@ -92,10 +92,12 @@ public class ReportConstant {
     public static final String API_DATA_URI = "uri";
     public static final String API_DATA_METHOD = "method";
     public static final String API_DATA_CLASS = "class";
+    public static final String API_DATA_PARAMETERS = "parameters";
     public static final String API_DATA_PARAMETER_NAME = "name";
     public static final String API_DATA_PARAMETER_TYPE = "type";
     public static final String API_DATA_PARAMETER_ANNOTATION = "annotation";
     public static final String API_DATA_RETURN = "return_type";
     public static final String API_DATA_FILE = "file";
     public static final String API_DATA_CONTROLLER = "controller";
+    public static final String API_DATA_DESCRIPTION = "description";
 }