HXSecurity
diff --git a/‎.github/workflows/code-check.yml‎
Lines changed: 6 additions & 2 deletions b/‎.github/workflows/code-check.yml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 6 additions & 2 deletions b/‎.github/workflows/codeql-analysis.yml‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java‎
Lines changed: 1 addition & 1 deletion b/‎dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/Scope.java‎
Lines changed: 3 additions & 0 deletions b/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/Scope.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeAggregator.java‎
Lines changed: 15 additions & 0 deletions b/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeAggregator.java‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeTracker.java‎
Lines changed: 7 additions & 1 deletion b/‎dongtai-common/src/main/java/io/dongtai/iast/common/scope/ScopeTracker.java‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java‎
Lines changed: 8 additions & 0 deletions b/‎dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java‎
Lines changed: 63 additions & 2 deletions b/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/asm/AsmMethods.java‎
Lines changed: 63 additions & 2 deletions
diff --git a/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java‎
Lines changed: 2 additions & 0 deletions b/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DispatchDubbo.java‎
Lines changed: 39 additions & 0 deletions b/‎dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/framework/dubbo/DispatchDubbo.java‎
Lines changed: 39 additions & 0 deletions
@@ -5,9 +5,13 @@ name: Build Agent and Upload To OSS
 
 on:
   push:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
   pull_request:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'
 
@@ -13,7 +13,9 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'
@@ -24,7 +26,9 @@ on:
       - 'LICENSE'
       - '.gitignore'
   pull_request:
-    branches: [ main ]
+    branches:
+      - main
+      - beta
     paths-ignore:
       - '.github/**'
       - 'changes/**'
 
@@ -1,7 +1,7 @@
 package io.dongtai.iast.common.constants;
 
 public class AgentConstant {
-    public static final String VERSION_VALUE = "v1.8.2";
+    public static final String VERSION_VALUE = "v1.9.0-beta1";
     public static final String LANGUAGE = "JAVA";
     public static final String THREAD_NAME_PREFIX = "DongTai-IAST-";
     public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-";
 
@@ -5,6 +5,9 @@ public enum Scope {
     HTTP_ENTRY(2),
     SERVLET_INPUT_STREAM_READ(3),
     SERVLET_OUTPUT_WRITE(4),
+    DUBBO_REQUEST(5),
+    DUBBO_ENTRY(6),
+    DUBBO_SOURCE(7),
     ;
 
     private final int id;
 
@@ -3,6 +3,9 @@
 public class ScopeAggregator {
     private final GeneralScope httpRequestScope = new GeneralScope();
     private final GeneralScope httpEntryScope = new GeneralScope();
+    private final GeneralScope dubboRequestScope = new GeneralScope();
+    private final GeneralScope dubboEntryScope = new GeneralScope();
+    private final GeneralScope dubboSourceScope = new GeneralScope();
     private final GeneralScope servletInputStreamReadScope = new GeneralScope();
     private final GeneralScope servletOutputStreamWriteScope = new GeneralScope();
     private final PolicyScope policyScope = new PolicyScope();
@@ -15,6 +18,18 @@ public GeneralScope getHttpEntryScope() {
         return httpEntryScope;
     }
 
+    public GeneralScope getDubboRequestScope() {
+        return dubboRequestScope;
+    }
+
+    public GeneralScope getDubboEntryScope() {
+        return dubboEntryScope;
+    }
+
+    public GeneralScope getDubboSourceScope() {
+        return dubboSourceScope;
+    }
+
     public GeneralScope getServletInputStreamReadScope() {
         return servletInputStreamReadScope;
     }
 
@@ -16,13 +16,19 @@ public GeneralScope getScope(Scope scope) {
                 return this.get().getServletInputStreamReadScope();
             case SERVLET_OUTPUT_WRITE:
                 return this.get().getServletOutputStreamWriteScope();
+            case DUBBO_REQUEST:
+                return this.get().getDubboRequestScope();
+            case DUBBO_ENTRY:
+                return this.get().getDubboEntryScope();
+            case DUBBO_SOURCE:
+                return this.get().getDubboSourceScope();
             default:
                 return null;
         }
     }
 
     public boolean inEnterEntry() {
-        return this.get().getHttpEntryScope().in();
+        return this.get().getHttpEntryScope().in() || this.get().getDubboRequestScope().in();
     }
 
     public PolicyScope getPolicyScope() {
 
@@ -140,4 +140,12 @@ public static void enterHttpEntry(Map<String, Object> requestMeta) {
         TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
         ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter();
     }
+
+    public static void enterDubboEntry(Map<String, Object> requestMeta) {
+        REQUEST_CONTEXT.set(requestMeta);
+        TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));
+        TAINT_HASH_CODES.set(new HashSet<Integer>());
+        TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());
+        ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter();
+    }
 }
@@ -4,8 +4,8 @@
 
 import java.lang.dongtai.SpyDispatcher;
 import java.lang.dongtai.SpyDispatcherHandler;
-import java.util.Collection;
-import java.util.Enumeration;
+import java.net.InetSocketAddress;
+import java.util.*;
 
 /**
  * 常用的ASM method 集合 省得我到处声明
@@ -132,6 +132,54 @@ static Method getAsmMethod(final Class<?> clazz,
             int.class
     );
 
+    Method SPY$enterDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "enterDubbo"
+    );
+    Method SPY$leaveDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "leaveDubbo",
+            Object.class,
+            Object.class
+    );
+    Method SPY$isFirstLevelDubbo = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "isFirstLevelDubbo"
+    );
+    Method SPY$collectDubboRequest = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboRequest",
+            Object.class,
+            Object.class,
+            Object.class,
+            String.class,
+            InetSocketAddress.class,
+            boolean.class,
+            boolean.class,
+            boolean.class,
+            boolean.class
+    );
+
+    Method SPY$collectDubboRequestSource = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboRequestSource",
+            Object.class,
+            Object.class,
+            String.class,
+            Object[].class,
+            Map.class,
+            String.class,
+            String.class,
+            String.class
+    );
+
+    Method SPY$collectDubboResponse = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "collectDubboResponse",
+            Object.class,
+            byte.class
+    );
+
     Method SPY$enterSource = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "enterSource"
@@ -209,6 +257,19 @@ static Method getAsmMethod(final Class<?> clazz,
             String.class
     );
 
+    Method SPY$traceDubboInvoke = InnerHelper.getAsmMethod(
+            SpyDispatcher.class,
+            "traceDubboInvoke",
+            Object.class,
+            String.class,
+            Object.class,
+            Object[].class,
+            Map.class,
+            String.class,
+            String.class,
+            String.class
+    );
+
     Method SPY$reportService = InnerHelper.getAsmMethod(
             SpyDispatcher.class,
             "reportService",
 
@@ -3,6 +3,7 @@
 import io.dongtai.iast.core.bytecode.enhance.ClassContext;
 import io.dongtai.iast.core.bytecode.enhance.plugin.authentication.shiro.DispatchShiro;
 import io.dongtai.iast.core.bytecode.enhance.plugin.core.DispatchClassPlugin;
+import io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo.DispatchDubbo;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.feign.DispatchFeign;
 import io.dongtai.iast.core.bytecode.enhance.plugin.framework.j2ee.dispatch.DispatchJ2ee;
 import io.dongtai.iast.core.bytecode.enhance.plugin.hardcoded.DispatchHardcodedPlugin;
@@ -34,6 +35,7 @@ public PluginRegister() {
         this.plugins.add(new DispatchJdbc());
         this.plugins.add(new DispatchShiro());
         this.plugins.add(new DispatchFeign());
+        this.plugins.add(new DispatchDubbo());
 
         this.plugins.add(new DispatchClassPlugin());
     }
 
@@ -0,0 +1,39 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.framework.dubbo;
+
+import io.dongtai.iast.core.bytecode.enhance.ClassContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.DispatchPlugin;
+import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy;
+import org.objectweb.asm.ClassVisitor;
+
+public class DispatchDubbo implements DispatchPlugin {
+    public static final String ALIBABA_DUBBO_SYNC_HANDLER = " com.alibaba.dubbo.rpc.listener.ListenerInvokerWrapper".substring(1);
+    public static final String APACHE_DUBBO_SYNC_HANDLER = " org.apache.dubbo.rpc.listener.ListenerInvokerWrapper".substring(1);
+    public static final String ALIBABA_DUBBO_EXCHANGE_HANDLER = " com.alibaba.dubbo.remoting.exchange.support.header.HeaderExchangeHandler".substring(1);
+    public static final String APACHE_DUBBO_EXCHANGE_HANDLER = " org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeHandler".substring(1);
+    public static final String APACHE_DUBBO_EXCHANGE_CHANNEL = " org.apache.dubbo.remoting.exchange.support.header.HeaderExchangeChannel".substring(1);
+    public static final String ALIBABA_DUBBO_PROXY_HANDLER = " com.alibaba.dubbo.rpc.proxy.AbstractProxyInvoker".substring(1);
+    public static final String APACHE_DUBBO_PROXY_HANDLER = " org.apache.dubbo.rpc.proxy.AbstractProxyInvoker".substring(1);
+
+    @Override
+    public ClassVisitor dispatch(ClassVisitor classVisitor, ClassContext context, Policy policy) {
+        String className = context.getClassName();
+
+        if (ALIBABA_DUBBO_SYNC_HANDLER.equals(className)) {
+            classVisitor = new DubboSyncHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_SYNC_HANDLER.equals(className)) {
+            classVisitor = new DubboSyncHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (ALIBABA_DUBBO_EXCHANGE_HANDLER.equals(className)) {
+            classVisitor = new DubboExchangeHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_EXCHANGE_HANDLER.equals(className)) {
+            classVisitor = new DubboExchangeHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (APACHE_DUBBO_EXCHANGE_CHANNEL.equals(className)) {
+            classVisitor = new DubboExchangeChannelAdapter(classVisitor, context, " org.apache".substring(1));
+        } else if (ALIBABA_DUBBO_PROXY_HANDLER.equals(className)) {
+            classVisitor = new DubboProxyHandlerAdapter(classVisitor, context, " com.alibaba".substring(1));
+        } else if (APACHE_DUBBO_PROXY_HANDLER.equals(className)) {
+            classVisitor = new DubboProxyHandlerAdapter(classVisitor, context, " org.apache".substring(1));
+        }
+
+        return classVisitor;
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,9 @@ public enum Scope {`
`5`	`5`	`HTTP_ENTRY(2),`
`6`	`6`	`SERVLET_INPUT_STREAM_READ(3),`
`7`	`7`	`SERVLET_OUTPUT_WRITE(4),`
	`8`	`+ DUBBO_REQUEST(5),`
	`9`	`+ DUBBO_ENTRY(6),`
	`10`	`+ DUBBO_SOURCE(7),`
`8`	`11`	`;`
`9`	`12`
`10`	`13`	`private final int id;`
Original file line number	Diff line number	Diff line change
`@@ -16,13 +16,19 @@ public GeneralScope getScope(Scope scope) {`
`16`	`16`	`return this.get().getServletInputStreamReadScope();`
`17`	`17`	`case SERVLET_OUTPUT_WRITE:`
`18`	`18`	`return this.get().getServletOutputStreamWriteScope();`
	`19`	`+ case DUBBO_REQUEST:`
	`20`	`+ return this.get().getDubboRequestScope();`
	`21`	`+ case DUBBO_ENTRY:`
	`22`	`+ return this.get().getDubboEntryScope();`
	`23`	`+ case DUBBO_SOURCE:`
	`24`	`+ return this.get().getDubboSourceScope();`
`19`	`25`	`default:`
`20`	`26`	`return null;`
`21`	`27`	`}`
`22`	`28`	`}`
`23`	`29`
`24`	`30`	`public boolean inEnterEntry() {`
`25`		`- return this.get().getHttpEntryScope().in();`
	`31`	`+ return this.get().getHttpEntryScope().in() \|\| this.get().getDubboRequestScope().in();`
`26`	`32`	`}`
`27`	`33`
`28`	`34`	`public PolicyScope getPolicyScope() {`
Original file line number	Diff line number	Diff line change
`@@ -140,4 +140,12 @@ public static void enterHttpEntry(Map<String, Object> requestMeta) {`
`140`	`140`	`TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());`
`141`	`141`	`ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter();`
`142`	`142`	`}`
	`143`	`+`
	`144`	`+ public static void enterDubboEntry(Map<String, Object> requestMeta) {`
	`145`	`+ REQUEST_CONTEXT.set(requestMeta);`
	`146`	`+ TRACK_MAP.set(new HashMap<Integer, MethodEvent>(1024));`
	`147`	`+ TAINT_HASH_CODES.set(new HashSet<Integer>());`
	`148`	`+ TAINT_RANGES_POOL.set(new HashMap<Integer, TaintRanges>());`
	`149`	`+ ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter();`
	`150`	`+ }`
`143`	`151`	`}`