Skip to content

Commit

Permalink
Merge pull request #681 from bytedance/rasp-jsengine
Browse files Browse the repository at this point in the history
Rasp jsengine
  • Loading branch information
yoloyyh authored Sep 9, 2024
2 parents f9deefb + baddcf1 commit 8fcdef3
Show file tree
Hide file tree
Showing 17 changed files with 1,753 additions and 138 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/Elkeid.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
- name: Build RASP
run: |
curl -fsSL https://lf3-static.bytednsdoc.com/obj/eden-cn/kplrsl/ljhwZthlaukjlkulzlp/php-headers.tar.gz | tar -xz -C rasp/php
docker run --rm --pull=always -v $(pwd):/Elkeid yoloyyh/rasp-toolchain:v1.0 \
docker run --rm --pull=always -v $(pwd):/Elkeid yoloyyh/rasp-toolchain:v3.0 \
make -C /Elkeid/rasp \
STATIC=TRUE \
PY_PREBUILT=TRUE \
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/Elkeid_rasp_release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
- name: Build
run: |
curl -fsSL https://lf3-static.bytednsdoc.com/obj/eden-cn/kplrsl/ljhwZthlaukjlkulzlp/php-headers.tar.gz | tar -xz -C rasp/php
docker run --rm --pull=always -v $(pwd):/Elkeid yoloyyh/rasp-toolchain:v1.0 \
docker run --rm --pull=always -v $(pwd):/Elkeid yoloyyh/rasp-toolchain:v3.0 \
make -C /Elkeid/rasp \
STATIC=TRUE \
PY_PREBUILT=TRUE \
Expand Down
3 changes: 3 additions & 0 deletions rasp/jvm/JVMProbe/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ repositories {
}

dependencies {
implementation files('lib/nashorn.jar')
testImplementation group: 'junit', name: 'junit', version: '4.13.1'
implementation group: 'org.ow2.asm', name: 'asm-tree', version: '9.6'
implementation group: 'org.ow2.asm', name: 'asm-commons', version: '9.6'
Expand All @@ -19,6 +20,7 @@ dependencies {
implementation group: 'com.lmax', name: 'disruptor', version: '3.4.4'
implementation 'com.google.code.gson:gson:2.8.9'
implementation 'com.esotericsoftware.yamlbeans:yamlbeans:1.14'
implementation 'org.lz4:lz4-java:1.8.0'
api group: 'org.javassist', name: 'javassist', version: '3.29.0-GA'
}

Expand Down Expand Up @@ -48,5 +50,6 @@ shadowJar {
relocate 'com.google','rasp.com.google'
relocate 'com.esotericsoftware', 'rasp.com.esotericsoftware'
relocate 'javassist', 'rasp.javassist'
relocate 'net.jpountz', 'rasp.net.jpountz'
relocate 'META-INF/native/libnetty', 'META-INF/native/librasp_netty'
}
Binary file added rasp/jvm/JVMProbe/lib/nashorn.jar
Binary file not shown.
93 changes: 89 additions & 4 deletions rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
import com.security.smith.log.AttachInfo;
import com.security.smith.log.SmithLogger;
import com.security.smith.module.Patcher;
import com.security.smith.ruleengine.JsRuleEngine;
import com.security.smith.rulemgr.StackRuleManager;
import com.security.smith.type.*;
import com.security.smith.client.*;
import com.esotericsoftware.yamlbeans.YamlReader;
Expand Down Expand Up @@ -161,6 +163,7 @@ public class SmithProbe implements ClassFileTransformer, MessageHandler, EventHa
private SmithproxyTimerTask smithproxyTimerTask;
private String proberVersion;
private String proberPath;
private JsRuleEngine jsRuleEngine;

public SmithProbe() {
disable = false;
Expand Down Expand Up @@ -192,6 +195,11 @@ public void setProbePath(String proberPath) {
this.proberPath = proberPath;
}

public String getProbePath() {
return proberPath;

}

public void init() {
AttachInfo.info();
SmithLogger.loggerProberInit();
Expand Down Expand Up @@ -228,8 +236,9 @@ public Trace newInstance() {
ruleconfig = new Rule_Config(rulemgr);

smithProxy = new SmithProbeProxy();

InputStream inputStream = getResourceAsStream("class.yaml");


InputStream inputStream = getResourceAsStream("class.yaml");

if(inputStream != null) {
SmithLogger.logger.info("find class.yaml");
Expand All @@ -251,9 +260,76 @@ public Trace newInstance() {
else {
SmithLogger.logger.info("not find class.yaml");
}

try {
SmithLogger.logger.info("jsRuleEngine init");
jsRuleEngine = JsRuleEngine.InitializeEngine();
if (jsRuleEngine != null) {
SmithLogger.logger.info("jsRuleEngine init success");
}
} catch (Throwable e) {
SmithLogger.exception(e);
}

SmithLogger.logger.info("probe init leave");
}

public boolean addJsFile(Path scriptFilePath) {
boolean ret = false;
try {
if (scriptFilePath != null && jsRuleEngine != null) {
SmithLogger.logger.info("add js rule enter");
int result = jsRuleEngine.addJsRule(scriptFilePath);
if (result == 0) {
SmithLogger.logger.info("add js rule success");
ret = true;
} else {
SmithLogger.logger.info("add js rule failed, ret :" + result);
}
} else {
SmithLogger.logger.info("not find js rule path: " + scriptFilePath);
}
}
catch (Throwable e) {
SmithLogger.exception(e);
}
return ret;
}
public void addJsRule() {
try {
// SmithLogger.logger.info("add js rule");
File ruleFile = new File(getProbePath());
File ruleDir = new File(ruleFile.getParent(), "rules");
if (ruleDir == null || !ruleDir.exists() || !ruleDir.isDirectory()) {
SmithLogger.logger.info("not find js rule dir: " + ruleDir);
return;
}
SmithLogger.logger.info("find js rule dir: " + ruleDir);

File[] files = ruleDir.listFiles();
if (files != null) {
for (File file : files) {
if (file.isFile()) {
Path jsPath = file.toPath();
if (addJsFile(jsPath)) {
SmithLogger.logger.info("add js rule success: " + jsPath);
} else {
SmithLogger.logger.info("add js rule failed: " + jsPath);
}
}
}
}



} catch (Throwable e) {
SmithLogger.exception(e);
}

}
public JsRuleEngine getJsRuleEngine() {
return jsRuleEngine;
}
private boolean isBypassHookClass(String className) {

if(SmithTools.isGlassfish() && SmithTools.getMajorVersion() > 5) {
Expand All @@ -269,6 +345,7 @@ private boolean isBypassHookClass(String className) {

return false;
}

public boolean isFunctionEnabled(int classId, int methodId) {
String key = classId + "-" + methodId;
Set<String> types = hookTypes.get(key);
Expand Down Expand Up @@ -324,8 +401,13 @@ public void start() {
smithProxy.setClient(client);
smithProxy.setDisruptor(disruptor);
smithProxy.setProbe(this);
smithProxy.setReflectField();
smithProxy.setReflectMethod();

try {
addJsRule();
} catch (Exception e) {
SmithLogger.exception(e);
}


inst.addTransformer(this, true);
reloadClasses();
Expand Down Expand Up @@ -413,6 +495,9 @@ public void uninit() {
ourInstance = null;
proberVersion = null;
proberPath = null;
JsRuleEngine.UninitializeEngine();
jsRuleEngine = null;

MessageSerializer.delInstance();

MessageEncoder.delInstance();
Expand Down
Loading

0 comments on commit 8fcdef3

Please sign in to comment.