From f8cd18801c6814958a8bf2f16f26b6d47e9eb07c Mon Sep 17 00:00:00 2001 From: yoloyyh <1764163852@qq.com> Date: Thu, 25 Jul 2024 11:41:54 +0800 Subject: [PATCH 1/2] feat process version check --- rasp/librasp/src/jvm.rs | 19 +++++++++++++++++++ rasp/librasp/src/manager.rs | 30 ++++++++++++++++++++++++++++-- rasp/librasp/src/nodejs.rs | 33 +++++++++++++++++++++++++++++++++ rasp/librasp/src/runtime.rs | 29 +---------------------------- 4 files changed, 81 insertions(+), 30 deletions(-) diff --git a/rasp/librasp/src/jvm.rs b/rasp/librasp/src/jvm.rs index e58ad047f..d3fd5887b 100644 --- a/rasp/librasp/src/jvm.rs +++ b/rasp/librasp/src/jvm.rs @@ -143,6 +143,25 @@ pub fn vm_version(pid: i32) -> Result { }; } +pub fn check_java_version(ver: &String, pid:i32) -> Result<()> { + let ver:u32 = match ver.parse::() { + Ok(v) => {v} + Err(_) => {0} + }; + if ver < 8 { + warn!("process {} Java version lower than 8: {}, so not inject", pid, ver); + let msg = format!("Java version lower than 8: {}, so not inject", ver); + return Err(anyhow!(msg)); + } else if ver == 13 || ver == 14 { + // jdk bug https://bugs.openjdk.org/browse/JDK-8222005 + warn!("process {} Java version {} has attach bug, so not inject", pid, ver); + let msg = format!("process {} Java version {} has attach bug, so not inject", pid, ver); + return Err(anyhow!(msg)); + } else { + return Ok(()); + } +} + pub fn prop(pid: i32) -> Result { return match jcmd(pid, " VM.system_properties") { Ok(stdout) => { diff --git a/rasp/librasp/src/manager.rs b/rasp/librasp/src/manager.rs index a045701ff..5cf4d0612 100644 --- a/rasp/librasp/src/manager.rs +++ b/rasp/librasp/src/manager.rs @@ -12,8 +12,8 @@ use log::*; use crate::cpython::{python_attach, CPythonProbe, CPythonProbeState}; use crate::golang::{golang_attach, GolangProbe, GolangProbeState}; -use crate::jvm::{java_attach, java_detach, JVMProbe, JVMProbeState}; -use crate::nodejs::{nodejs_attach, NodeJSProbe}; +use crate::jvm::{check_java_version, java_attach, java_detach, JVMProbe, JVMProbeState}; +use crate::nodejs::{check_nodejs_version, nodejs_attach, NodeJSProbe}; use crate::php::{php_attach, PHPProbeState}; use crate::{ comm::{Control, EbpfMode, ProcessMode, RASPComm, ThreadMode, check_need_mount}, @@ -334,6 +334,14 @@ impl RASPManager { Ok(true) } ProbeState::NotAttach => { + if !runtime_info.version.is_empty() { + match check_java_version(&runtime_info.version, pid) { + Ok(_) => {} + Err(e) => { + return Err(anyhow!(e)); + } + } + } if self.can_copy(mnt_namespace) { for from in JVMProbe::names().0.iter() { self.copy_file_from_to_dest(from.clone(), root_dir.clone())?; @@ -342,9 +350,19 @@ impl RASPManager { self.copy_dir_from_to_dest(from.clone(), root_dir.clone())?; } } + java_attach(process_info.pid) + } ProbeState::AttachedVersionNotMatch => { + if !runtime_info.version.is_empty() { + match check_java_version(&runtime_info.version, pid) { + Ok(_) => {} + Err(e) => { + return Err(anyhow!(e)); + } + } + } let mut diff_ns:bool = false; match check_need_mount(mnt_namespace) { Ok(value) => { @@ -473,6 +491,14 @@ impl RASPManager { } }, "NodeJS" => { + if !runtime_info.version.is_empty() { + match check_nodejs_version(&runtime_info.version) { + Ok(_) => {} + Err(e) => { + return Err(anyhow!(e)); + } + } + } if self.can_copy(mnt_namespace) { for from in NodeJSProbe::names().0.iter() { self.copy_file_from_to_dest(from.clone(), root_dir.clone())?; diff --git a/rasp/librasp/src/nodejs.rs b/rasp/librasp/src/nodejs.rs index b7863b13f..38fc2b319 100644 --- a/rasp/librasp/src/nodejs.rs +++ b/rasp/librasp/src/nodejs.rs @@ -150,3 +150,36 @@ pub fn nodejs_version(pid: i32, nodejs_bin_path: &String) -> Result<(u32, u32, S }; Ok((major_number, minor_number, String::from(version))) } + +pub fn check_nodejs_version(ver: &String) -> Result<()> { + let major_minor: Option<(u32, u32)> = match ver.split('.').next() { + Some(major_str) => { + if let Ok(major) = major_str.parse::() { + if let Some(minor_str) = ver.split('.').nth(1) { + if let Ok(minor) = minor_str.parse::() { + Some((major, minor)) + } else { + None + } + } else { + Some((major, 0)) + } + } else { + None + } + } + None => None, + }; + + if let Some((major, minor)) = major_minor { + if major > 8 || (major == 8 && minor >= 6) { + return Ok(()); + } else { + let msg = format!("nodejs version lower than 8.6: {}", ver); + return Err(anyhow!(msg)); + } + } else { + let msg = format!("nodejs version cannot parse: {}", ver); + return Err(anyhow!(msg)); + } +} \ No newline at end of file diff --git a/rasp/librasp/src/runtime.rs b/rasp/librasp/src/runtime.rs index 35b3f06fc..2cbc3ffd8 100644 --- a/rasp/librasp/src/runtime.rs +++ b/rasp/librasp/src/runtime.rs @@ -112,28 +112,11 @@ pub trait RuntimeInspect { Err(e) => info!("Failed to check '+DisableAttachMechanism': {}", e), } - // https://bugs.openjdk.org/browse/JDK-8292695 - // let uptime = count_uptime(process_info.start_time.unwrap()).unwrap_or(0); - // if uptime > 0 && uptime < 5 { - // let interval = 5 - uptime; - // info!("JVM process {} just start, so sleep {} sec", process_info.pid, interval); - // std::thread::sleep(Duration::from_secs(interval)); - // } match Self::check_signal_dispatch(process_info.pid) { Ok(v) => { if v == true { let version = match vm_version(process_info.pid) { Ok(ver) => { - if ver < 8 { - warn!("process {} Java version lower than 8: {}, so not inject", process_info.pid, ver); - let msg = format!("Java version lower than 8: {}, so not inject", ver); - return Err(anyhow!(msg)); - } else if ver == 13 || ver == 14 { - // jdk bug https://bugs.openjdk.org/browse/JDK-8222005 - warn!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver); - let msg = format!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver); - return Err(anyhow!(msg)); - } ver.to_string() } Err(e) => { @@ -193,17 +176,7 @@ pub trait RuntimeInspect { }; if nodejs_process_filter_check_reuslt { let version = match nodejs_version(process_info.pid, &process_exe_file) { - Ok((major, minor, v)) => { - if major < 8 { - let msg = format!("nodejs version lower than 8.6: {}", v); - return Err(anyhow!(msg)); - } - if major == 8 { - if minor < 6 { - let msg = format!("nodejs version lower than 8.6: {}", v); - return Err(anyhow!(msg)); - } - } + Ok((_, _, v)) => { v } Err(e) => { From 43180d578915dc06be016f48c023572cf8eebdec Mon Sep 17 00:00:00 2001 From: yoloyyh <1764163852@qq.com> Date: Thu, 25 Jul 2024 14:44:46 +0800 Subject: [PATCH 2/2] fix compile error --- rasp/rasp_server/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rasp/rasp_server/Cargo.toml b/rasp/rasp_server/Cargo.toml index 54c7531a8..2e826a5b1 100644 --- a/rasp/rasp_server/Cargo.toml +++ b/rasp/rasp_server/Cargo.toml @@ -21,7 +21,7 @@ crossbeam = "0.8" log = "0.4.11" serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -tokio = { version = "1.16", features = ["full"] } +tokio = { version = "~1.34", features = ["full"] } lazy_static = "1.4" tokio-util = { version = "0.7.0", features = ["full"] } futures = "0.3"