feat process version check

yoloyyh · yoloyyh · commit f8cd18801c68 · 2024-07-25T11:41:54.000+08:00
diff --git a/rasp/librasp/src/jvm.rs b/rasp/librasp/src/jvm.rs
@@ -143,6 +143,25 @@ pub fn vm_version(pid: i32) -> Result<i32> {
     };
 }
 
+pub fn check_java_version(ver: &String, pid:i32) -> Result<()> {
+    let ver:u32 = match ver.parse::<u32>() {
+        Ok(v) => {v}
+        Err(_) => {0}
+    };
+    if ver < 8 {
+        warn!("process {} Java version lower than 8: {}, so not inject", pid, ver);
+        let msg = format!("Java version lower than 8: {}, so not inject", ver);
+        return Err(anyhow!(msg));
+    } else if ver == 13 || ver == 14 {
+        // jdk bug https://bugs.openjdk.org/browse/JDK-8222005
+        warn!("process {} Java version {} has attach bug, so not inject", pid, ver);
+        let msg = format!("process {} Java version {} has attach bug, so not inject", pid, ver);
+        return Err(anyhow!(msg));
+    } else {
+        return Ok(());
+    }
+}
+
 pub fn prop(pid: i32) -> Result<ProbeState> {
     return match jcmd(pid, " VM.system_properties") {
         Ok(stdout) => {
diff --git a/rasp/librasp/src/manager.rs b/rasp/librasp/src/manager.rs
@@ -12,8 +12,8 @@ use log::*;
 
 use crate::cpython::{python_attach, CPythonProbe, CPythonProbeState};
 use crate::golang::{golang_attach, GolangProbe, GolangProbeState};
-use crate::jvm::{java_attach, java_detach, JVMProbe, JVMProbeState};
-use crate::nodejs::{nodejs_attach, NodeJSProbe};
+use crate::jvm::{check_java_version, java_attach, java_detach, JVMProbe, JVMProbeState};
+use crate::nodejs::{check_nodejs_version, nodejs_attach, NodeJSProbe};
 use crate::php::{php_attach, PHPProbeState};
 use crate::{
     comm::{Control, EbpfMode, ProcessMode, RASPComm, ThreadMode, check_need_mount},
@@ -334,6 +334,14 @@ impl RASPManager {
                     Ok(true)
                 }
                 ProbeState::NotAttach => {
+                    if !runtime_info.version.is_empty() {
+                        match check_java_version(&runtime_info.version, pid) {
+                            Ok(_) => {}
+                            Err(e) => {
+                                return Err(anyhow!(e));
+                            }
+                        }
+                    }
                     if self.can_copy(mnt_namespace) {
                         for from in JVMProbe::names().0.iter() {
                             self.copy_file_from_to_dest(from.clone(), root_dir.clone())?;
@@ -342,9 +350,19 @@ impl RASPManager {
                             self.copy_dir_from_to_dest(from.clone(), root_dir.clone())?;
                         }
                     }
+                    
                     java_attach(process_info.pid)
+
                 }
                 ProbeState::AttachedVersionNotMatch => {
+                    if !runtime_info.version.is_empty() {
+                        match check_java_version(&runtime_info.version, pid) {
+                            Ok(_) => {}
+                            Err(e) => {
+                                return Err(anyhow!(e));
+                            }
+                        }
+                    }
                     let mut diff_ns:bool = false;
                     match check_need_mount(mnt_namespace) {
                         Ok(value) => {
@@ -473,6 +491,14 @@ impl RASPManager {
                 }
             },
             "NodeJS" => {
+                if !runtime_info.version.is_empty() {
+                    match check_nodejs_version(&runtime_info.version) {
+                        Ok(_) => {}
+                        Err(e) => {
+                            return Err(anyhow!(e));
+                        }
+                    }
+                }
                 if self.can_copy(mnt_namespace) {
                     for from in NodeJSProbe::names().0.iter() {
                         self.copy_file_from_to_dest(from.clone(), root_dir.clone())?;
diff --git a/rasp/librasp/src/nodejs.rs b/rasp/librasp/src/nodejs.rs
@@ -150,3 +150,36 @@ pub fn nodejs_version(pid: i32, nodejs_bin_path: &String) -> Result<(u32, u32, S
     };
     Ok((major_number, minor_number, String::from(version)))
 }
+
+pub fn check_nodejs_version(ver: &String) -> Result<()> {
+    let major_minor: Option<(u32, u32)> = match ver.split('.').next() {
+        Some(major_str) => {
+            if let Ok(major) = major_str.parse::<u32>() {
+                if let Some(minor_str) = ver.split('.').nth(1) {
+                    if let Ok(minor) = minor_str.parse::<u32>() {
+                        Some((major, minor))
+                    } else {
+                        None
+                    }
+                } else {
+                    Some((major, 0))
+                }
+            } else {
+                None
+            }
+        }
+        None => None,
+    };
+
+    if let Some((major, minor)) = major_minor {
+        if major > 8 || (major == 8 && minor >= 6) {
+            return Ok(());
+        } else {
+            let msg = format!("nodejs version lower than 8.6: {}", ver);
+            return Err(anyhow!(msg));
+        }
+    } else {
+        let msg = format!("nodejs version cannot parse: {}", ver);
+        return Err(anyhow!(msg));
+    }
+}
diff --git a/rasp/librasp/src/runtime.rs b/rasp/librasp/src/runtime.rs
@@ -112,28 +112,11 @@ pub trait RuntimeInspect {
                 Err(e) => info!("Failed to check '+DisableAttachMechanism': {}", e),
             }
             
-            // https://bugs.openjdk.org/browse/JDK-8292695
-            // let uptime = count_uptime(process_info.start_time.unwrap()).unwrap_or(0);
-            // if uptime > 0  && uptime < 5 {
-            //     let interval = 5 - uptime;
-            //     info!("JVM process {} just start, so sleep {} sec", process_info.pid, interval);
-            //     std::thread::sleep(Duration::from_secs(interval));
-            // }
             match Self::check_signal_dispatch(process_info.pid) {
                 Ok(v) => {
                     if v == true {
                         let version = match vm_version(process_info.pid) {
                             Ok(ver) => {
-                                if ver < 8 {
-                                    warn!("process {} Java version lower than 8: {}, so not inject", process_info.pid, ver);
-                                    let msg = format!("Java version lower than 8: {}, so not inject", ver);
-                                    return Err(anyhow!(msg));
-                                } else if ver == 13 || ver == 14 {
-                                    // jdk bug https://bugs.openjdk.org/browse/JDK-8222005
-                                    warn!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver);
-                                    let msg = format!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver);
-                                    return Err(anyhow!(msg));
-                                }
                                 ver.to_string()
                             }
                             Err(e) => {
@@ -193,17 +176,7 @@ pub trait RuntimeInspect {
             };
         if nodejs_process_filter_check_reuslt {
             let version = match nodejs_version(process_info.pid, &process_exe_file) {
-                Ok((major, minor, v)) => {
-                    if major < 8 {
-                        let msg = format!("nodejs version lower than 8.6: {}", v);
-                        return Err(anyhow!(msg));
-                    }
-                    if major == 8 {
-                        if minor < 6 {
-                            let msg = format!("nodejs version lower than 8.6: {}", v);
-                            return Err(anyhow!(msg));
-                        }
-                    }
+                Ok((_, _, v)) => {
                     v
                 }
                 Err(e) => {
