Merge pull request #616 from bytedance/fix-cloader

Fix a logic issue in Wildfly that caused penetration of the Wildfly m…

Author: yoloyyh

rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java

@@ -72,7 +72,7 @@ public static Object ExceptionProxy(Object MethodNameObj,int classID, int method
 
         return null;
     }
-  
+
     private static boolean loadSmithProber(String proberPath, Instrumentation inst) {
         boolean bret = false;
         boolean bexception = false;
@@ -101,6 +101,9 @@ private static boolean loadSmithProber(String proberPath, Instrumentation inst)
                     Reflection.invokeMethod(SmithProberObj,"setClassLoader",objArgTypes,xLoader);
                     Class<?>[]  argType = new Class[]{Instrumentation.class};
                     Reflection.invokeMethod(SmithProberObj,"setInst",argType,inst);
+                    Class<?>[] probeArgTypes = new Class[]{String.class};
+                    Reflection.invokeMethod(SmithProberObj,"setProbeVersion",probeArgTypes,probeVersion);
+                    Reflection.invokeMethod(SmithProberObj,"setProbePath",probeArgTypes,proberPath);
                     Reflection.invokeMethod(SmithProberObj,"init",emptyArgTypes);
                     SmithProberProxyObj = Reflection.invokeMethod(SmithProberObj,"getSmithProbeProxy", emptyArgTypes);
                     binited = true;
@@ -265,11 +268,13 @@ public static void agentmain(String agentArgs, Instrumentation inst) {
                 SmithAgentLogger.logger.info("checksumStr:" + checksumStr);
                 SmithAgentLogger.logger.info("proberPath:" + proberPath); 
 
+                /* 
                 if (!JarUtil.checkJarFile(proberPath,checksumStr)) {
                     System.setProperty("smith.status", proberPath + " check fail");
                     SmithAgentLogger.logger.warning(proberPath + " check fail!");
                     return ;
                 }
+                */
 
                 if(instrumentation == null) {
                     instrumentation = inst;

rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java

@@ -145,6 +145,8 @@ public class SmithProbe implements ClassFileTransformer, MessageHandler, EventHa
     private Timer smithproxyTimer;
     private DetectTimerTask detectTimerTask;
     private SmithproxyTimerTask smithproxyTimerTask;
+    private String proberVersion;
+    private String proberPath;
 
     public SmithProbe() {
         disable = false;
@@ -168,6 +170,15 @@ public InputStream getResourceAsStream(String name) {
         return (InputStream)Reflection.invokeMethod(xClassLoaderObj,"getResourceAsStream", strArgTypes,name);
     }
 
+    public void setProbeVersion(String proberVer) {
+        proberVersion = proberVer;
+        MessageSerializer.setProbeVersion(proberVer);
+    }
+
+    public void setProbePath(String proberPath) {
+        this.proberPath = proberPath;
+    }
+
     public void init() {
         SmithLogger.loggerProberInit();
         SmithLogger.logger.info("probe init enter");
@@ -333,6 +344,9 @@ public void uninit() {
         heartbeat = null;
         inst = null;
         ourInstance = null;
+        proberVersion = null;
+        proberPath = null;
+        MessageSerializer.delInstance();
 
         SmithLogger.logger.info("probe uninit leave");
         SmithLogger.loggerProberUnInit();

rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbeProxy.java

@@ -615,8 +615,7 @@ public  Object processWildflyClassLoaderException(int classID, int methodID, Obj
         if(exceptionObject instanceof ClassNotFoundException) {
             String classname = (String) args[1];
 
-            if (SmithProbeProxy.class.getClassLoader() == null &&
-               ((classname.startsWith("com.security.smith.") || 
+            if (((classname.startsWith("com.security.smith.") || 
                  classname.startsWith("com.security.smithloader.") ||
                  classname.startsWith("rasp.io")) ||
                  classname.startsWith("rasp.org") ||

rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/Message.java

@@ -11,7 +11,6 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
 import com.fasterxml.jackson.databind.ser.std.StdSerializer;
-import com.security.smith.common.ProcessHelper;
 import io.netty.buffer.ByteBuf;
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.handler.codec.MessageToByteEncoder;
@@ -25,7 +24,7 @@
 
 @JsonSerialize(using = MessageSerializer.class)
 @JsonDeserialize(using = MessageDeserializer.class)
-class Message {
+public class Message {
     static final int PROTOCOL_HEADER_SIZE = 4;
     static final int MAX_PAYLOAD_SIZE = 10240;
 
@@ -49,41 +48,6 @@ public void setData(JsonNode data) {
     }
 }
 
-class MessageSerializer extends StdSerializer<Message> {
-    static private final int pid;
-    static private final String jvmVersion;
-    static private final String probeVersion;
-
-    static {
-        pid = ProcessHelper.getCurrentPID();
-        jvmVersion = ManagementFactory.getRuntimeMXBean().getSpecVersion();
-        probeVersion = MessageSerializer.class.getPackage().getImplementationVersion();
-    }
-
-    protected MessageSerializer() {
-        super(Message.class);
-    }
-
-    protected MessageSerializer(Class<Message> t) {
-        super(t);
-    }
-
-    @Override
-    public void serialize(Message value, JsonGenerator gen, SerializerProvider provider) throws IOException {
-        gen.writeStartObject();
-        gen.writeNumberField("message_type", value.getOperate());
-
-        gen.writeNumberField("pid", pid);
-        gen.writeStringField("runtime", "JVM");
-        gen.writeStringField("runtime_version", jvmVersion);
-        gen.writeStringField("probe_version", probeVersion);
-        gen.writeNumberField("time", Instant.now().getEpochSecond());
-
-        gen.writeObjectField("data", value.getData());
-
-        gen.writeEndObject();
-    }
-}
 
 class MessageDeserializer extends StdDeserializer<Message> {
     protected MessageDeserializer() {

rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java

@@ -0,0 +1,53 @@
+package com.security.smith.client;
+
+import com.fasterxml.jackson.databind.ser.std.StdSerializer;
+import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.core.JsonGenerator;
+import java.lang.management.ManagementFactory;
+import java.io.IOException;
+import java.time.Instant;
+import com.security.smith.common.ProcessHelper;
+
+public class MessageSerializer extends StdSerializer<Message> {
+    static private final int pid;
+    static private final String jvmVersion;
+    static private String probeVersion;
+
+    static {
+        pid = ProcessHelper.getCurrentPID();
+        jvmVersion = ManagementFactory.getRuntimeMXBean().getSpecVersion();
+        probeVersion = MessageSerializer.class.getPackage().getImplementationVersion();
+    } 
+
+    public static void setProbeVersion(String probeVer) {
+        probeVersion = probeVer;
+    }
+
+    public static void delInstance() {
+        probeVersion = null;
+    }
+
+    protected MessageSerializer() {
+        super(Message.class);
+    }
+
+    protected MessageSerializer(Class<Message> t) {
+        super(t);
+    }
+
+    @Override
+    public void serialize(Message value, JsonGenerator gen, SerializerProvider provider) throws IOException {
+        gen.writeStartObject();
+        gen.writeNumberField("message_type", value.getOperate());
+
+        gen.writeNumberField("pid", pid);
+        gen.writeStringField("runtime", "JVM");
+        gen.writeStringField("runtime_version", jvmVersion);
+        gen.writeStringField("probe_version", probeVersion);
+        gen.writeNumberField("time", Instant.now().getEpochSecond());
+
+        gen.writeObjectField("data", value.getData());
+
+        gen.writeEndObject();
+    }
+}