Merge pull request #152 from exexute/main

exexute · web-flow · commit c11628f9d235 · 2021-11-23T23:39:24.000+08:00
Close ISSUE #151 (remove unused code)
diff --git a/dongtai-jakarta-api/src/main/java/cn/huoxian/iast/api/RequestWrapper.java b/dongtai-jakarta-api/src/main/java/cn/huoxian/iast/api/RequestWrapper.java
@@ -10,12 +10,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
 
 
 /**
@@ -25,7 +19,6 @@ public class RequestWrapper extends HttpServletRequestWrapper {
 
     private final String body;
     private final boolean usingBody;
-    private final Map<String, String> customHeaders;
 
     public static Object cloneRequest(Object req) {
         if (req instanceof HttpServletRequest) {
@@ -36,7 +29,6 @@ public static Object cloneRequest(Object req) {
 
     private RequestWrapper(HttpServletRequest request) {
         super(request);
-        this.customHeaders = new HashMap<String, String>();
         this.usingBody = ("POST".equals(request.getMethod()) && request.getContentType().contains("application/json"));
 
         StringBuilder stringBuilder = new StringBuilder();
@@ -106,28 +98,6 @@ public BufferedReader getReader() throws IOException {
         }
     }
 
-    @Override
-    public String getHeader(String name) {
-        String headerValue = customHeaders.get(name);
-
-        if (headerValue != null) {
-            return headerValue;
-        }
-        return super.getHeader(name);
-    }
-
-    @Override
-    public Enumeration<String> getHeaderNames() {
-        Set<String> set = new HashSet<String>(customHeaders.keySet());
-
-        @SuppressWarnings("unchecked")
-        Enumeration<String> headerNames = super.getHeaderNames();
-        while (headerNames.hasMoreElements()) {
-            set.add(headerNames.nextElement());
-        }
-        return Collections.enumeration(set);
-    }
-
     public String getBody() {
         return this.body;
     }
diff --git a/dongtai-servlet-api/src/main/java/cn/huoxian/iast/api/RequestWrapper.java b/dongtai-servlet-api/src/main/java/cn/huoxian/iast/api/RequestWrapper.java
@@ -5,12 +5,8 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.util.Collections;
-import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
 import java.util.Map;
-import java.util.Set;
 import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
@@ -23,7 +19,6 @@ public class RequestWrapper extends HttpServletRequestWrapper {
 
     private final String body;
     private final boolean usingBody;
-    private final Map<String, String> customHeaders;
 
     public static Object cloneRequest(Object req) {
         if (req instanceof HttpServletRequest) {
@@ -34,7 +29,6 @@ public static Object cloneRequest(Object req) {
 
     private RequestWrapper(HttpServletRequest request) {
         super(request);
-        this.customHeaders = new HashMap<String, String>();
         this.usingBody = ("POST".equals(request.getMethod()) && request.getContentType().contains("application/json"));
 
         StringBuilder stringBuilder = new StringBuilder();
@@ -104,30 +98,6 @@ public BufferedReader getReader() throws IOException {
         }
     }
 
-    @Override
-    public String getHeader(String name) {
-        String headerValue = customHeaders.get(name);
-
-        if (headerValue != null) {
-            return headerValue;
-        }
-        return super.getHeader(name);
-    }
-
-    @Override
-    public Enumeration<String> getHeaderNames() {
-        Set<String> set = new HashSet<String>(customHeaders.keySet());
-
-        @SuppressWarnings("unchecked")
-        Enumeration<String> headerNames = super.getHeaderNames();
-        while (headerNames.hasMoreElements()) {
-            String n = headerNames.nextElement();
-            set.add(n);
-        }
-        return Collections.enumeration(set);
-    }
-
-
     public String getBody() {
         return this.body;
     }
diff --git a/iast-core/src/main/java/com/secnium/iast/core/report/AgentQueueReport.java b/iast-core/src/main/java/com/secnium/iast/core/report/AgentQueueReport.java
@@ -45,7 +45,7 @@ protected void send() throws Exception {
             StringBuilder response = HttpClientUtils.sendPost(Constants.API_REPORT_UPLOAD, generateHeartBeatMsg());
             HttpRequestReplay.sendReplayRequest(response);
         } catch (Exception e) {
-            logger.error("report error, reason: ", e);
+            logger.error("agent queue reported failed. reason: ", e);
         }
     }
 }
diff --git a/iast-core/src/main/java/com/secnium/iast/core/report/MethodReportSender.java b/iast-core/src/main/java/com/secnium/iast/core/report/MethodReportSender.java
@@ -2,38 +2,31 @@
 
 import com.secnium.iast.core.AbstractThread;
 import com.secnium.iast.core.EngineManager;
-import com.secnium.iast.core.replay.HttpRequestReplay;
 import com.secnium.iast.core.util.Constants;
 import com.secnium.iast.core.util.HttpClientUtils;
 import com.secnium.iast.core.util.LogUtils;
 import org.slf4j.Logger;
 
-import java.util.regex.Pattern;
-
 /**
  * 发送报告的功能实现
  *
  * @author dongzhiyong@huoxian.cn
  */
 public class MethodReportSender extends AbstractThread {
+
     private final Logger logger = LogUtils.getLogger(MethodReportSender.class);
-    private final Pattern PATTERN = Pattern.compile("\"type\":1}");
 
     @Override
     protected void send() throws Exception {
-        StringBuilder response;
         while (EngineManager.hasMethodReport()) {
             String report = EngineManager.getMethodReport();
             try {
                 if (report != null && !report.isEmpty()) {
-                    response = HttpClientUtils.sendPost(Constants.API_REPORT_UPLOAD, report);
-                    if (PATTERN.matcher(report).find()) {
-                        HttpRequestReplay.sendReplayRequest(response);
-                    }
+                    HttpClientUtils.sendPost(Constants.API_REPORT_UPLOAD, report);
                 }
             } catch (Exception e) {
                 logger.info(report);
-                throw e;
+                logger.error("send method report error, reason: ", e);
             }
         }
     }
diff --git a/iast-core/src/main/java/com/secnium/iast/core/report/ReportSender.java b/iast-core/src/main/java/com/secnium/iast/core/report/ReportSender.java
@@ -13,8 +13,8 @@
  * @author dongzhiyong@huoxian.cn
  */
 public class ReportSender extends AbstractThread {
+
     private final Logger logger = LogUtils.getLogger(ReportSender.class);
-//    private final Pattern PATTERN = Pattern.compile("\"type\":1}");
 
     @Override
     protected void send() throws Exception {
diff --git a/iast-core/src/main/java/com/secnium/iast/core/threadlocalpool/IastTaintPool.java b/iast-core/src/main/java/com/secnium/iast/core/threadlocalpool/IastTaintPool.java
@@ -3,7 +3,6 @@
 import com.secnium.iast.core.EngineManager;
 import com.secnium.iast.core.PropertyUtils;
 import com.secnium.iast.core.handler.models.MethodEvent;
-
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
@@ -12,6 +11,7 @@
  * @author dongzhiyong@huoxian.cn
  */
 public class IastTaintPool extends ThreadLocal<HashSet<Object>> {
+
     private static final PropertyUtils PROPERTIES = PropertyUtils.getInstance();
 
     @Override
@@ -22,8 +22,7 @@ protected HashSet<Object> initialValue() {
     /**
      * 将待加入污点池中的数据插入到污点池，其中：复杂数据结构需要拆分为简单的数据结构
      * <p>
-     * 检测类型，如果是复杂类型，将复杂类型转换为简单类型仅从保存
-     * source点 获取的数据，需要将复杂类型的数据转换为简单类型进行存储
+     * 检测类型，如果是复杂类型，将复杂类型转换为简单类型仅从保存 source点 获取的数据，需要将复杂类型的数据转换为简单类型进行存储
      * <p>
      * fixme: 后续补充所有类型
      *
@@ -53,12 +52,12 @@ public void addTaintToPool(Object obj, MethodEvent event, boolean isSource) {
             this.get().add(obj);
             if (isSource) {
                 Map<String, String[]> tempMap = (Map<String, String[]>) obj;
-                Set<Map.Entry<String, String[]>> entrys = tempMap.entrySet();
-                for (Map.Entry<String, String[]> entry : entrys) {
+                Set<Map.Entry<String, String[]>> entries = tempMap.entrySet();
+                for (Map.Entry<String, String[]> entry : entries) {
                     Object key = entry.getKey();
                     Object value = entry.getValue();
-                    addTaintToPool(key, event, isSource);
-                    addTaintToPool(value, event, isSource);
+                    addTaintToPool(key, event, true);
+                    addTaintToPool(value, event, true);
                 }
             }
         } else if (obj.getClass().isArray() && !obj.getClass().getComponentType().isPrimitive()) {
@@ -73,11 +72,10 @@ public void addTaintToPool(Object obj, MethodEvent event, boolean isSource) {
             if (obj instanceof String && PROPERTIES.isNormalMode()) {
                 subHashCode = System.identityHashCode(obj);
                 EngineManager.TAINT_HASH_CODES.get().add(subHashCode);
-                event.addTargetHash(subHashCode);
             } else {
                 subHashCode = obj.hashCode();
-                event.addTargetHash(subHashCode);
             }
+            event.addTargetHash(subHashCode);
 
         }
     }
diff --git a/iast-core/src/main/java/com/secnium/iast/core/util/commonUtils.java b/iast-core/src/main/java/com/secnium/iast/core/util/commonUtils.java
@@ -6,33 +6,6 @@
  * @author dongzhiyong@huoxian.cn
  */
 public class commonUtils {
-    public static boolean arrayEquals(String[] source, String classname) {
-        if (classname == null) {
-            return false;
-        }
-        int i;
-        byte index;
-        for (i = source.length, index = 0; index < i; index++) {
-            String sourceClassName = source[index];
-            if (sourceClassName.equals(classname)) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    public static boolean endsWith(String[] prefixs, String target) {
-        int i;
-        byte b;
-        for (i = prefixs.length, b = 0; b < i; ) {
-            String prefix = prefixs[b];
-            if (target.endsWith(prefix)) {
-                return true;
-            }
-            b++;
-        }
-        return false;
-    }
 
 
     public static boolean contains(String classname, String[] prexArray) {
@@ -67,37 +40,4 @@ public static boolean isEmpty(String name) {
         return name == null || name.length() == 0;
     }
 
-    public static int a(String fieldname, String target, int start) {
-        return a(fieldname, target, start, -1);
-    }
-
-    public static int a(String fieldname, String target, int start, int end) {
-        if (isEmpty(target)) {
-            return 0;
-        }
-        if (isEmpty(fieldname)) {
-            return -1;
-        }
-
-        int index = start;
-        for (; index < fieldname.length() - target.length() + 1 && (end == -1 || index < end); index++) {
-            int j = index;
-            byte b1 = 0;
-            while (j < fieldname.length() && b1 < target.length()) {
-                if (fieldname.charAt(j) != target.charAt(b1) && (fieldname.charAt(j) | 0x20) != (target.charAt(b1) | 0x20)) {
-                    break;
-                }
-                b1++;
-                j++;
-            }
-            if (b1 == target.length()) {
-                return index;
-            }
-        }
-        return -1;
-    }
-
-    public static int c(String fieldname, String target) {
-        return a(fieldname, target, 0);
-    }
 }
diff --git a/iast-core/src/main/java/com/secnium/iast/core/util/http/HttpResponse.java b/iast-core/src/main/java/com/secnium/iast/core/util/http/HttpResponse.java

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ protected void send() throws Exception {`
`45`	`45`	`StringBuilder response = HttpClientUtils.sendPost(Constants.API_REPORT_UPLOAD, generateHeartBeatMsg());`
`46`	`46`	`HttpRequestReplay.sendReplayRequest(response);`
`47`	`47`	`} catch (Exception e) {`
`48`		`- logger.error("report error, reason: ", e);`
	`48`	`+ logger.error("agent queue reported failed. reason: ", e);`
`49`	`49`	`}`
`50`	`50`	`}`
`51`	`51`	`}`