Merge pull request #322 from Nizernizer/main

Release 1.7.0

Author: Nizernizer

dongtai-agent/src/test/java/com/secnium/iast/agent/AgentTest.java

@@ -1,9 +1,15 @@
 package com.secnium.iast.agent;
 
+import java.io.*;
 import java.lang.management.ManagementFactory;
 import java.lang.management.RuntimeMXBean;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.Arrays;
+import java.util.Scanner;
 
+import io.dongtai.iast.agent.IastProperties;
+import io.dongtai.iast.agent.report.AgentRegisterReport;
 import io.dongtai.log.DongTaiLog;
 import org.junit.Test;
 
@@ -21,7 +27,75 @@ public void appendToolsPath() {
         }
     }
 
+    @Test
+    public void changeFile() {
+        replace("/Users/erzhuangniu/workspace/DongTai-agent-java/dongtai-agent/src/main/resources/bin/fluent.conf");
+    }
+
+    public static void replace(String path) {
+        String temp = "";
+
+        try {
+            File file = new File(path);
+            FileInputStream fis = new FileInputStream(file);
+            InputStreamReader isr = new InputStreamReader(fis);
+            BufferedReader br = new BufferedReader(isr);
+            StringBuffer buf = new StringBuffer();
+            // 保存该行前面的内容
+            while ((temp = br.readLine()) != null) {
+                if (temp.contains("${HOSTNAME_AGENT_ID}")){
+                    temp.replace("${HOSTNAME_AGENT_ID}", AgentRegisterReport.getInternalHostName()+"-"+AgentRegisterReport.getAgentFlag().toString());
+                }else if (temp.contains("${HOSTNAME}")){
+                    temp.replace("${HOSTNAME}",AgentRegisterReport.getInternalHostName());
+                }else if (temp.contains("${AGENT_ID}")){
+                    temp.replace("${AGENT_ID}",AgentRegisterReport.getAgentFlag().toString());
+                }else if (temp.contains("${OPENAPI}")){
+                    temp.replace("${OPENAPI}", IastProperties.getInstance().getBaseUrl());
+                }else if (temp.contains("${LOG_PORT}")){
+                    temp.replace("${LOG_PORT}",IastProperties.getInstance().getLogPort());
+                }else if (temp.contains("${LOG_PATH}")){
+                    temp.replace("${LOG_PATH}", System.getProperty("dongtai.log.path")+File.separator+"dongtai_javaagent.log");
+                }
+                buf = buf.append(temp);
+                buf = buf.append(System.getProperty("line.separator"));
+            }
+            br.close();
+            FileOutputStream fos = new FileOutputStream(file);
+            PrintWriter pw = new PrintWriter(fos);
+            pw.write(buf.toString().toCharArray());
+            pw.flush();
+            pw.close();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void doFluent() {
+        String[] execution = {
+                "nohup",
+                "tail",
+                "-f",
+                "/var/folders/xy/xyx56h3s29z6376gvk32621h0000gn/T//gunsTest001-042401-8579dc8d088d4a1680977352f6652aba/iast/fluent.conf"
+        };
+        try {
+            Runtime.getRuntime().exec(execution);
+            System.out.println("aasdasdsa");
+        } catch (IOException e) {
+            DongTaiLog.error(e);
+        }
+    }
+
+    @Test
+    public void doAaaa() {
+        String s = "https://iast.io/openapi";
+        int i = s.indexOf("://");
+        int i1 = s.indexOf("/openapi");
+        System.out.println();
+    }
+
     public static void main(String[] args) {
-        System.out.println(System.getProperty("java.io.tmpdir.dongtai"));
+        String a = "52.81.92.214:30158";
+        System.out.println(a.substring(a.indexOf(":")+1));
     }
 }

dongtai-core/src/main/java/io/dongtai/iast/core/utils/Constants.java

@@ -4,7 +4,7 @@
  * @author [email protected]
  */
 public class Constants {
-    public static final String AGENT_VERSION_VALUE = "v1.7.2";
+    public static final String AGENT_VERSION_VALUE = "v1.7.0";
     public final static String API_REPORT_UPLOAD = "/api/v1/report/upload";
     public final static String SERVER_ADDRESS = "/api/v1/agent/update";
     public final static String API_HOOK_PROFILE = "/api/v1/profiles";

dongtai-core/src/test/java/com/secnium/iast/core/AgentEngineTest.java

@@ -1,27 +1,43 @@
 package com.secnium.iast.core;
 
+import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
 import io.dongtai.log.DongTaiLog;
-
-import java.util.concurrent.TimeUnit;
+import org.junit.Test;
 
 public class AgentEngineTest {
 
     public static void main(String[] args) {
-        new AgentEngineTest().a();
+
     }
 
-    public AgentEngineTest(){
+    public AgentEngineTest() {
 
     }
 
-    public void a(){
+    @Test
+    public void a() {
+        BooleanThreadLocal booleanThreadLocal = new BooleanThreadLocal(false);
+        System.out.println(booleanThreadLocal.isEnterEntry());
+        booleanThreadLocal.set(true);
+        System.out.println(booleanThreadLocal.isEnterEntry());
+        booleanThreadLocal.remove();
+        System.out.println(booleanThreadLocal.isEnterEntry());
+    }
+
+    @Test
+    public void b(boolean a) {
         try {
-            System.out.println("b");
-            TimeUnit.SECONDS.sleep(10);
-            System.out.println("a");
-        } catch (InterruptedException e) {
-            DongTaiLog.error(e);
+            if (a){
+                try {
+                    throw new IllegalStateException("DongTai agent request replay");
+                }catch (RuntimeException e){
+                    System.out.println("DongTai agent request replay, please ignore");
+                }
+            }
+        } catch (NullPointerException e) {
+            DongTaiLog.info("DongTai agent request replay, please ignore");
         }
     }
 
+
 }

dongtai-core/src/test/java/com/secnium/iast/core/Test.java

@@ -0,0 +1,24 @@
+package com.secnium.iast.core;
+
+import java.util.concurrent.atomic.AtomicLong;
+
+public class Test {
+
+    private static final ThreadLocal<Long> responseTime = new ThreadLocal<>();
+
+    public void execute(int count){
+        for (int i = 0; i < count; i++) {
+            responseTime.set(System.currentTimeMillis());
+            String testLine = "response time:"+(System.currentTimeMillis()-responseTime.get())+"ms";
+        }
+    }
+
+    @org.junit.Test
+    public void test(){
+        Long start = System.currentTimeMillis();
+        execute(10000);
+        Long end = System.currentTimeMillis();
+        System.out.println(end-start);
+    }
+
+}

dongtai-core/src/test/java/io/dongtai/iast/core/RemoteConfig.java

@@ -0,0 +1,200 @@
+package io.dongtai.iast.core;
+
+import com.google.gson.reflect.TypeToken;
+import io.dongtai.iast.common.entity.performance.PerformanceMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.CpuInfoMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.MemoryUsageMetrics;
+import io.dongtai.iast.common.entity.performance.metrics.ThreadInfoMetrics;
+import io.dongtai.iast.common.entity.response.PlainResult;
+import io.dongtai.iast.core.bytecode.enhance.plugin.fallback.FallbackSwitch;
+import io.dongtai.iast.core.utils.config.entity.RemoteConfigEntityV2;
+import io.dongtai.iast.core.utils.config.entity.PerformanceEntity;
+import io.dongtai.iast.core.utils.config.entity.PerformanceLimitThreshold;
+import io.dongtai.iast.core.utils.json.GsonUtils;
+import io.dongtai.iast.core.utils.threadlocal.BooleanThreadLocal;
+import io.dongtai.log.DongTaiLog;
+import org.json.JSONObject;
+import org.junit.Test;
+
+import java.util.List;
+
+public class RemoteConfig {
+
+    /**
+     * 全局配置
+     */
+    private static String existsRemoteConfigMeta = "{}";
+    private static Boolean enableAutoFallback;
+    /**
+     * 高频hook限流相关配置
+     */
+    private static Double hookLimitTokenPerSecond;
+    private static Double hookLimitInitBurstSeconds;
+    /**
+     * 高频流量限流相关配置
+     */
+    private static Double heavyTrafficLimitTokenPerSecond;
+    private static Double heavyTrafficLimitInitBurstSeconds;
+    private static Integer heavyTrafficBreakerWaitDuration;
+    /**
+     * 性能熔断阈值相关配置
+     */
+    private static Integer performanceBreakerWindowSize;
+    private static Double performanceBreakerFailureRate;
+    private static Integer performanceBreakerWaitDuration;
+    private static Integer performanceLimitRiskMaxMetricsCount;
+    private static List<PerformanceMetrics> performanceLimitRiskThreshold;
+    private static List<PerformanceMetrics> performanceLimitMaxThreshold;
+    /**
+     * 二次降级阈值相关配置
+     */
+    private static Double secondFallbackFrequencyTokenPerSecond;
+    private static Double secondFallbackFrequencyInitBurstSeconds;
+    private static Long secondFallbackDuration;
+
+
+    private static final String REMOTE_CONFIG_DEFAULT_META = "{}";
+    private static final String REMOTE_CONFIG_NEW_META = "{\"status\":201,\"msg\":\"\\u64cd\\u4f5c\\u6210\\u529f\",\"data\":{\"enableAutoFallback\":true,\"performanceLimitRiskMaxMetricsCount\":30,\"systemIsUninstall\":true,\"jvmIsUninstall\": true,\"applicationIsUninstall\": true,\"system\":[{\"fallbackName\":\"cpuUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"系统 CPU 使用率阈值\"},{\"fallbackName\":\"sysMemUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"系统内存使用率阈值\"},{\"fallbackName\":\"sysMemUsageUsed\",\"conditions\":\"greater\",\"value\":100000000000,\"description\":\"系统内存使用值阈值\"}],\"jvm\":[{\"fallbackName\":\"jvmMemUsagePercentage\",\"conditions\":\"greater\",\"value\":100,\"description\":\"JVM 内存使用率阈值\"},{\"fallbackName\":\"jvmMemUsageUsed\",\"conditions\":\"greater\",\"value\":100000000000,\"description\":\"JVM 内存使用值阈值\"},{\"fallbackName\":\"threadCount\",\"conditions\":\"greater\",\"value\":100000,\"description\":\"总线程数阈值\"},{\"fallbackName\":\"daemonThreadCount\",\"conditions\":\"greater\",\"value\":1000000,\"description\":\"守护线程数阈值\"},{\"fallbackName\":\"dongTaiThreadCount\",\"conditions\":\"greater\",\"value\":1000000,\"description\":\"洞态IAST线程数阈值\"}],\"appliaction\":[{\"fallbackName\":\"hookLimitTokenPerSecond\",\"conditions\":\"greater\",\"value\":10000,\"description\":\"单请求 HOOK 限流\"},{\"fallbackName\":\"heavyTrafficLimitTokenPerSecond\",\"conditions\":\"greater\",\"value\":100000000,\"description\":\"高频 HOOK 限流\"}]}}";
+
+    /**
+     * 解析远程配置响应
+     */
+    private static RemoteConfigEntityV2 parseRemoteConfigResponse(String remoteResponse) {
+        try {
+            // 默认响应标识调用失败
+            if (REMOTE_CONFIG_DEFAULT_META.equals(remoteResponse)) {
+                FallbackSwitch.setPerformanceFallback(false);
+                return null;
+            }
+            if (REMOTE_CONFIG_DEFAULT_META.equals(new JSONObject(remoteResponse).get("data"))){
+                FallbackSwitch.setPerformanceFallback(false);
+                return null;
+            }
+            PlainResult<RemoteConfigEntityV2> result = GsonUtils.toObject(remoteResponse, new TypeToken<PlainResult<RemoteConfigEntityV2>>() {
+            }.getType());
+            // 服务端响应成功状态码
+            if (result.isSuccess()) {
+                return result.getData();
+            } else {
+                DongTaiLog.warn("remoteConfig request not success, status:{}, msg:{},response:{}", result.getStatus(), result.getMsg(),
+                        GsonUtils.toJson(remoteResponse));
+                return null;
+            }
+        } catch (Throwable t) {
+            DongTaiLog.warn("remoteConfig parse failed: msg:{}, err:{}, response:{}", t.getMessage(), t.getCause(), GsonUtils.toJson(remoteResponse));
+            return null;
+        }
+    }
+
+    public void syncRemoteConfig() {
+        try {
+            // 远端有配置且和上次配置内容不一致时，重新更新配置文件
+            String remoteResponse = REMOTE_CONFIG_NEW_META;
+            RemoteConfigEntityV2 remoteConfigEntity = parseRemoteConfigResponse(remoteResponse);
+            List<PerformanceEntity> application = remoteConfigEntity.getApplication();
+            List<PerformanceEntity> jvm = remoteConfigEntity.getJvm();
+            List<PerformanceEntity> system = remoteConfigEntity.getSystem();
+            PerformanceLimitThreshold performanceLimitThreshold = new PerformanceLimitThreshold();
+            MemoryUsageMetrics memoryUsage = new MemoryUsageMetrics();
+            ThreadInfoMetrics threadInfoMetrics = new ThreadInfoMetrics();
+            CpuInfoMetrics cpuInfoMetrics = new CpuInfoMetrics();
+            MemoryUsageMetrics memoryNoHeapUsage = new MemoryUsageMetrics();
+
+
+            if (null != remoteConfigEntity && !remoteResponse.equals(existsRemoteConfigMeta)) {
+                if (remoteConfigEntity.getEnableAutoFallback() != null) {
+                    enableAutoFallback = remoteConfigEntity.getEnableAutoFallback();
+                }
+                if (remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount() != null) {
+                    performanceLimitRiskMaxMetricsCount = remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount()/30 + remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount()%30==0?0:1;
+                }
+
+                performanceLimitRiskMaxMetricsCount = remoteConfigEntity.getPerformanceLimitRiskMaxMetricsCount();
+                if (remoteConfigEntity.getApplication() != null) {
+                    for (PerformanceEntity performanceEntity:application){
+                        switch (performanceEntity.getFallbackName()){
+                            case "hookLimitTokenPerSecond":
+                                hookLimitTokenPerSecond = performanceEntity.getValue();
+                                break;
+                            case "heavyTrafficLimitTokenPerSecond":
+                                heavyTrafficLimitTokenPerSecond = performanceEntity.getValue();
+                                break;
+                        }
+                    }
+                }
+
+                if (remoteConfigEntity.getJvm() != null) {
+                    for (PerformanceEntity performanceEntity:jvm){
+                        switch (performanceEntity.getFallbackName()){
+                            case "jvmMemUsagePercentage":{
+                                memoryUsage.setMemUsagePercentage(performanceEntity.getValue());
+                                break;
+                            }
+                            case "jvmMemUsageUsed":{
+                                memoryUsage.setUsed(performanceEntity.getValue().longValue());
+                                break;
+                            }
+                            case "threadCount":{
+                                threadInfoMetrics.setThreadCount(performanceEntity.getValue().intValue());
+                                break;
+                            }
+                            case "daemonThreadCount":{
+                                threadInfoMetrics.setDaemonThreadCount(performanceEntity.getValue().intValue());
+                                break;
+                            }
+                            case "dongTaiThreadCount":{
+                                threadInfoMetrics.setDongTaiThreadCount(performanceEntity.getValue().intValue());
+                                break;
+                            }
+                        }
+                    }
+                }
+
+                if (remoteConfigEntity.getSystem() != null) {
+                    for (PerformanceEntity performanceEntity:system){
+                        switch (performanceEntity.getFallbackName()){
+                            case "cpuUsagePercentage":{
+                                cpuInfoMetrics.setCpuUsagePercentage(performanceEntity.getValue());
+                                break;
+                            }
+                            case "sysMemUsagePercentage":{
+                                memoryNoHeapUsage.setMemUsagePercentage(performanceEntity.getValue());
+                                break;
+                            }
+                            case "sysMemUsageUsed":{
+                                memoryNoHeapUsage.setUsed(performanceEntity.getValue().longValue());
+                                break;
+                            }
+                        }
+                    }
+                }
+
+                threadInfoMetrics.setPeakThreadCount(1000000000);
+                memoryUsage.setMax(1000000000000L);
+                memoryNoHeapUsage.setMax(1000000000000L);
+                performanceLimitThreshold.setThreadInfo(threadInfoMetrics);
+                performanceLimitThreshold.setMemoryUsage(memoryUsage);
+                performanceLimitThreshold.setMemoryNoHeapUsage(memoryNoHeapUsage);
+                performanceLimitThreshold.setCpuUsage(cpuInfoMetrics);
+                performanceLimitRiskThreshold = performanceLimitRiskThreshold;
+                existsRemoteConfigMeta = remoteResponse;
+                DongTaiLog.debug("Sync remote config successful.");
+            }
+        } catch (Throwable t) {
+            DongTaiLog.warn("Sync remote config failed, msg: {}, error: {}", t.getMessage(), t.getCause());
+        }
+    }
+
+    private static final BooleanThreadLocal HEAVY_HOOK_FALLBACK = new BooleanThreadLocal(false);
+
+    @Test
+    public void testJson(){
+        HEAVY_HOOK_FALLBACK.remove();
+        System.out.println(HEAVY_HOOK_FALLBACK.get());
+        HEAVY_HOOK_FALLBACK.remove();
+        System.out.println(HEAVY_HOOK_FALLBACK.get());
+        HEAVY_HOOK_FALLBACK.remove();
+        System.out.println(HEAVY_HOOK_FALLBACK.get());
+    }
+
+}