feat rasp plugin and Probe and log init

yoloyyh · yoloyyh · commit 1c035ff5247f · 2024-05-13T21:06:27.000+08:00
diff --git a/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java b/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java
@@ -11,6 +11,7 @@
 import com.security.smithloader.log.SmithAgentLogger;
 
 import java.lang.instrument.Instrumentation;
+import java.lang.reflect.Constructor;
 import java.lang.reflect.Method;
 import java.util.concurrent.locks.ReentrantLock;
 
@@ -74,32 +75,34 @@ private static boolean loadSmithProber(String proberPath, Instrumentation inst)
         try {
             xLoader = new SmithLoader(proberPath, null);
             SmithProberClazz = xLoader.loadClass("com.security.smith.SmithProbe");
-            Method[] methods = SmithProberClazz.getDeclaredMethods();
-            for (Method method : methods) {
-                if (method.isSynthetic()) {
-                    System.out.println("Lambda method: " + method.getName());
-                }
-                else {
-                    System.out.println("method: " + method.getName());
-                }
-            }
             
             Class<?>[] emptyArgTypes = new Class[]{};
             //SmithProberObj = Reflection.invokeStaticMethod(SmithProberClazz,"getInstance", emptyArgTypes);
-            SmithProberObj = SmithProberClazz.newInstance();
-
-            Class<?>[] objArgTypes = new Class[]{Object.class};
-            Reflection.invokeMethod(SmithProberObj,"setClassLoader",objArgTypes,xLoader);
-            Class<?>[]  argType = new Class[]{Instrumentation.class};
-            Reflection.invokeMethod(SmithProberObj,"setInst",argType,inst);
-            Reflection.invokeMethod(SmithProberObj,"init",emptyArgTypes);
-            SmithProberProxyObj = Reflection.invokeMethod(SmithProberObj,"getSmithProbeProxy", emptyArgTypes);
-            binited = true;
-
-
-            Reflection.invokeMethod(SmithProberObj,"start",emptyArgTypes);
-
-            bret = true;
+            if (SmithProberClazz != null) {
+                Constructor<?> constructor = SmithProberClazz.getDeclaredConstructor();
+                constructor.setAccessible(true);
+                SmithProberObj = constructor.newInstance();
+                if (SmithProberObj != null) {
+                    Class<?>[] objArgTypes = new Class[]{Object.class};
+                    Reflection.invokeMethod(SmithProberObj,"setClassLoader",objArgTypes,xLoader);
+                    Class<?>[]  argType = new Class[]{Instrumentation.class};
+                    Reflection.invokeMethod(SmithProberObj,"setInst",argType,inst);
+                    Reflection.invokeMethod(SmithProberObj,"init",emptyArgTypes);
+                    SmithProberProxyObj = Reflection.invokeMethod(SmithProberObj,"getSmithProbeProxy", emptyArgTypes);
+                    binited = true;
+
+
+                    Reflection.invokeMethod(SmithProberObj,"start",emptyArgTypes);
+
+                    bret = true; 
+                } else {
+                    SmithAgentLogger.logger.info("call SmithProbe init failed");
+                } 
+            } else {
+                SmithAgentLogger.logger.info("load com.security.smith.SmithProbe failed");
+                bret = false;
+            }
+            
         }
         catch(Exception e) {
             SmithAgentLogger.exception(e);
@@ -135,7 +138,7 @@ private static Boolean unLoadSmithProber() {
         SmithAgentLogger.logger.info("unLoadSmithProber Entry");
 
         try {
-            if(SmithProberObj != null) {
+            if (SmithProberObj != null) {
                 SmithAgentLogger.logger.info("Start unload prober");
                 Class<?>[] emptyArgTypes = new Class[]{};
                 Reflection.invokeMethod(SmithProberObj,"stop",emptyArgTypes);
@@ -151,8 +154,7 @@ private static Boolean unLoadSmithProber() {
                 SmithAgentLogger.logger.info("unload prober end");
 
                 bret = true;
-            }
-            else {
+            } else {
                 bret = true;
             }
         }
@@ -253,8 +255,8 @@ public static void agentmain(String agentArgs, Instrumentation inst) {
                         else {
                             System.setProperty("smith.rasp", probeVersion+"-"+checksumStr);
                             System.setProperty("smith.status", "attach");
+                            System.setProperty("rasp.probe", "smith");
                         }
-                        System.setProperty("rasp.probe", "smith");
                     }
                 }
                 finally {
diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java
@@ -164,6 +164,7 @@ public InputStream getResourceAsStream(String name) {
     }
 
     public void init() {
+        SmithLogger.loggerProberInit();
         SmithLogger.logger.info("probe init enter");
         smithClasses = new ConcurrentHashMap<>();
         patchers = new ConcurrentHashMap<>();
@@ -276,9 +277,8 @@ public void stop() {
         smithproxyTimerTask = null;
         smithproxyTimer = null;
 
-        SmithLogger.loggerProberUnInit();
-
         SmithLogger.logger.info("probe stop leave");
+        SmithLogger.loggerProberUnInit();
     }
 
     public void uninit() {
@@ -586,7 +586,6 @@ public byte[] transform(ClassLoader loader, String className, Class<?> classBein
             else {
                 classWriter = new SmithClassWriter(ClassWriter.COMPUTE_FRAMES);
             }
-
             ClassVisitor classVisitor = new SmithClassVisitor(
                     Opcodes.ASM9,
                     classWriter,
@@ -596,15 +595,6 @@ public byte[] transform(ClassLoader loader, String className, Class<?> classBein
             );
 
             classReader.accept(classVisitor, ClassReader.EXPAND_FRAMES);  
-            /* 
-            try (FileOutputStream fos = new FileOutputStream("/tmp/"+classType.getClassName()+".class")) {
-                byte[] bytecode = classWriter.toByteArray();
-                fos.write(bytecode);
-                System.out.println(classType.getClassName() + " 字节码保存成功！");
-            } catch (IOException e) {
-                e.printStackTrace();
-            }
-            */
 
             return classWriter.toByteArray();
         } catch (Exception e) {
diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java
@@ -99,7 +99,7 @@ else if(className.contains("java.lang.ThreadLocal")) {
                 }
             }
             catch(Throwable t) {
-                t.printStackTrace();
+                SmithLogger.exception(t);
             }
         }
 
diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/log/SmithLogger.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/log/SmithLogger.java
@@ -14,7 +14,8 @@ public class SmithLogger {
     public static Logger logger = Logger.getLogger("RASP");
     private static FileHandler fileHandler = null;
 
-    static {
+
+    public static void loggerProberInit() {
         logger.setUseParentHandlers(false);
 
         try {
diff --git a/rasp/librasp/src/comm.rs b/rasp/librasp/src/comm.rs
@@ -192,17 +192,8 @@ impl RASPComm for ThreadMode {
     ) -> AnyhowResult<()> {
         match check_need_mount(_mnt_namespace) {
             Ok(same_ns) => {
-                if same_ns{
-                    self.using_mount = false;
-                    info!(
-                        "process {} namespace as same as root, so no need to mount, using_mount : {}", pid, self.using_mount
-                    );
-                } else {
-                    self.using_mount = true;
-                    info!(
-                        "process {} namespace are not same as root, so need to mount", pid
-                    );
-                }
+                self.using_mount = same_ns;
+                info!("process {} namespace using_mount : {}", pid, self.using_mount);
             }
             Err(e) => {
                 warn!(
@@ -294,13 +285,13 @@ fn mount(pid: i32, from: &str, to: &str) -> AnyhowResult<()> {
     };
 }
 
-fn check_need_mount(pid_mntns: &String) -> AnyhowResult<bool> {
+pub fn check_need_mount(pid_mntns: &String) -> AnyhowResult<bool> {
     let root_mnt = std::fs::read_link("/proc/1/ns/mnt")?;
     debug!(
         "pid namespace && root namespace : {} && {}",
         pid_mntns, root_mnt.display()
     );
-    Ok(&root_mnt.display().to_string() == pid_mntns)
+    Ok(&root_mnt.display().to_string() != pid_mntns)
 }
 
 pub struct EbpfMode {
diff --git a/rasp/librasp/src/manager.rs b/rasp/librasp/src/manager.rs
@@ -7,7 +7,7 @@ use std::process::Command;
 use anyhow::{anyhow, Result, Result as AnyhowResult};
 use crossbeam::channel::Sender;
 use fs_extra::dir::{copy, create_all, CopyOptions};
-use fs_extra::file::{copy as file_copy, CopyOptions as FileCopyOptions};
+use fs_extra::file::{copy as file_copy, remove as file_remove, CopyOptions as FileCopyOptions};
 use libraspserver::proto::{PidMissingProbeConfig, ProbeConfigData};
 use log::*;
 
@@ -17,7 +17,7 @@ use crate::jvm::{java_attach, java_detach, JVMProbe, JVMProbeState};
 use crate::nodejs::{nodejs_attach, NodeJSProbe};
 use crate::php::{php_attach, PHPProbeState};
 use crate::{
-    comm::{Control, EbpfMode, ProcessMode, RASPComm, ThreadMode},
+    comm::{Control, EbpfMode, ProcessMode, RASPComm, ThreadMode, check_need_mount},
     process::ProcessInfo,
     runtime::{ProbeCopy, ProbeState, ProbeStateInspect, RuntimeInspect},
     settings,
@@ -348,6 +348,9 @@ impl RASPManager {
                 ProbeState::AttachedVersionNotMatch => {
                   match java_detach(pid) {
                     Ok(result) => {
+                        if let Ok(true) = check_need_mount(mnt_namespace) {
+                            Self::remove_dir_from_to_dest(format!("{}/{}", root_dir.clone(), settings::RASP_JAVA_DIR()));
+                        }
                         if self.can_copy(mnt_namespace) {
                             for from in JVMProbe::names().0.iter() {
                                 self.copy_file_from_to_dest(from.clone(), root_dir.clone())?;
@@ -701,6 +704,25 @@ impl RASPManager {
             }
         };
     }
+
+    pub fn remove_dir_from_to_dest(dest_root: String) -> AnyhowResult<()> {
+        if Path::new(&dest_root).exists() {
+            return match std::fs::remove_dir_all(dest_root.clone()) {
+                Ok(_) => {
+                    info!("remove file: {}", dest_root);
+                    Ok(())
+                }
+                Err(e) => {
+                    warn!("can not remove: {}", e);
+                    Err(anyhow!(
+                        "remove failed: dir {}, err: {}",
+                        dest_root.clone(), e))
+                }
+            }
+        }
+        return Ok(());
+    }
+
     pub fn copy_dir_from_to_dest(&self, from: String, dest_root: String) -> AnyhowResult<()> {
         let target = format!("{}{}", dest_root, from);
         if Path::new(&target).exists() {

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ else if(className.contains("java.lang.ThreadLocal")) {`
`99`	`99`	`}`
`100`	`100`	`}`
`101`	`101`	`catch(Throwable t) {`
`102`		`- t.printStackTrace();`
	`102`	`+ SmithLogger.exception(t);`
`103`	`103`	`}`
`104`	`104`	`}`
`105`	`105`