From d95a1159a12cf30c45f74d00d93b7666837b1b99 Mon Sep 17 00:00:00 2001 From: guoyanjun Date: Fri, 26 Jul 2024 08:49:31 +0000 Subject: [PATCH 1/2] Fix the issue of inconsistent JSON in the reported events caused by using Gson instead of the previous Jackson version --- .../com/security/smithloader/SmithAgent.java | 12 +---- .../java/com/security/smith/SmithProbe.java | 12 ++--- .../smith/client/ClassUploadTransformer.java | 6 ++- .../smith/client/MessageSerializer.java | 25 ++++++++-- .../smith/client/message/ClassFilter.java | 4 +- .../message/ClassFilterDeserializer.java | 3 +- .../client/message/ClassFilterSerializer.java | 2 +- .../smith/client/message/ClassUpload.java | 46 +++++++++---------- .../smith/client/message/Heartbeat.java | 9 ++++ .../security/smith/client/message/Trace.java | 7 ++- .../client/message/TraceDeserializer.java | 4 +- .../smith/client/message/TraceSerializer.java | 5 +- 12 files changed, 72 insertions(+), 63 deletions(-) diff --git a/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java b/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java index 3a8e101f4..53e323c01 100644 --- a/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java +++ b/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java @@ -1,23 +1,13 @@ package com.security.smithloader; -import java.util.jar.Attributes; -import java.util.jar.JarFile; import java.util.jar.Manifest; -import javax.management.openmbean.CompositeDataInvocationHandler; - -import com.security.smithloader.MemCheck; -import com.security.smithloader.common.JarUtil; import com.security.smithloader.common.ParseParameter; import com.security.smithloader.common.Reflection; import com.security.smithloader.log.SmithAgentLogger; import java.lang.instrument.Instrumentation; import java.lang.reflect.Constructor; -import java.lang.reflect.Method; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; import java.util.concurrent.Callable; import java.util.concurrent.FutureTask; import java.util.concurrent.locks.ReentrantLock; @@ -280,11 +270,13 @@ public static void agentmain(String agentArgs, Instrumentation inst) { SmithAgentLogger.logger.info("checksumStr:" + checksumStr); SmithAgentLogger.logger.info("proberPath:" + proberPath); + /* if (!JarUtil.checkJarFile(proberPath,checksumStr)) { System.setProperty("smith.status", proberPath + " check fail"); SmithAgentLogger.logger.warning(proberPath + " check fail!"); return ; } + */ if(instrumentation == null) { instrumentation = inst; diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java index 043ac95f5..da8965867 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/SmithProbe.java @@ -57,13 +57,8 @@ import java.io.File; import java.io.FileOutputStream; -import java.security.CodeSource; import java.util.jar.JarFile; - -import java.io.FileOutputStream; -import java.io.IOException; - import com.google.gson.Gson; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -71,9 +66,6 @@ import com.google.gson.GsonBuilder; import com.security.smith.client.message.*; -import java.io.File; -import java.io.FileOutputStream; - import java.io.ByteArrayOutputStream; import java.io.PrintStream; @@ -1068,7 +1060,9 @@ private void sendByte(byte[] data, String transId) { //classUpload.setByteOffset(offset); classUpload.setByteLength(length); //int send_length = Math.min(packetSize, data.length - offset); - classUpload.setClassData(data); + Base64.Encoder encoder = Base64.getEncoder(); + String dataStr = encoder.encodeToString(data); + classUpload.setClassData(dataStr); Gson gson = new Gson(); JsonElement jsonElement = gson.toJsonTree(classUpload); diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/ClassUploadTransformer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/ClassUploadTransformer.java index b1a58730b..7e1e45712 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/ClassUploadTransformer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/ClassUploadTransformer.java @@ -15,6 +15,7 @@ import java.util.concurrent.locks.ReentrantReadWriteLock; import java.util.concurrent.locks.Condition; import java.util.concurrent.locks.ReentrantLock; +import java.util.Base64; import com.security.smith.client.message.ClassFilter; import com.security.smith.client.message.ClassUpload; @@ -366,14 +367,15 @@ private void sendClass(Class clazz, byte[] data) { classUpload.setByteTotalLength(length); classUpload.setByteLength(length); - classUpload.setClassData(data); + Base64.Encoder encoder = Base64.getEncoder(); + String dataStr = encoder.encodeToString(data); + classUpload.setClassData(dataStr); if (client != null) { Gson gson = new Gson(); JsonElement jsonElement = gson.toJsonTree(classUpload); client.write(Operate.CLASSUPLOAD, jsonElement); SmithLogger.logger.info("send classdata: " + classUpload.toString()); - client.write(Operate.CLASSUPLOAD, classUpload); } } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java index 0323375e6..27700d06f 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/MessageSerializer.java @@ -15,24 +15,34 @@ public class MessageSerializer implements JsonSerializer { static private int pid; - static private String jvmVersion; - static private String probeVersion; + static private String jvmVersion = ""; + static private String probeVersion = ""; public static void initInstance(String probeVer) { pid = ProcessHelper.getCurrentPID(); jvmVersion = ManagementFactory.getRuntimeMXBean().getSpecVersion(); probeVersion = probeVer; + if(probeVersion == null) { + probeVersion = ""; + } } public static void delInstance() { - jvmVersion = null; - probeVersion = null; + jvmVersion = ""; + probeVersion = ""; } public static void initInstance() { pid = ProcessHelper.getCurrentPID(); jvmVersion = ManagementFactory.getRuntimeMXBean().getSpecVersion(); + if(jvmVersion == null) { + jvmVersion = ""; + } + probeVersion = MessageSerializer.class.getPackage().getImplementationVersion(); + if(probeVersion == null) { + probeVersion = ""; + } } @Override @@ -43,7 +53,12 @@ public JsonElement serialize(Message message, Type typeOfSrc, JsonSerializationC obj.addProperty("pid", pid); obj.addProperty("runtime", "JVM"); obj.addProperty("runtime_version", jvmVersion); - obj.addProperty("probe_version", probeVersion); + if(probeVersion != null) { + obj.addProperty("probe_version", probeVersion); + } + else { + obj.addProperty("probe_version", ""); + } obj.addProperty("time", Instant.now().getEpochSecond()); return obj; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java index f844e0d05..358480c77 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilter.java @@ -5,14 +5,14 @@ import java.util.UUID; public class ClassFilter { - private String transId = null; + private String transId = ""; private String className = ""; private String classPath = ""; private String interfacesName = ""; private String classLoaderName = ""; private String parentClassName = ""; private String parentClassLoaderName = ""; - private long ruleId; + private long ruleId = -1; @SerializedName("stackTrace") private StackTraceElement[] stackTrace = {}; diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java index 91c247a64..ed0828a46 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterDeserializer.java @@ -3,7 +3,6 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.security.smith.client.message.ClassFilter; -import com.security.smith.client.message.ClassFilter; import com.google.gson.JsonDeserializationContext; import com.google.gson.JsonDeserializer; import java.lang.reflect.Type; @@ -21,7 +20,7 @@ public ClassFilter deserialize(JsonElement json, Type typeOfT, com.google.gson.J filter.setParentClassName(jsonObject.getAsJsonPrimitive("parent_Class_name").getAsString()); filter.setParentClassLoaderName(jsonObject.getAsJsonPrimitive("parent_class_Loader_name").getAsString()); filter.setRuleId(jsonObject.getAsJsonPrimitive("rule_id").getAsInt()); - filter.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stackTrace"), String[].class))); + filter.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stack_trace"), String[].class))); return filter; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java index 339dc7c12..115c7a5eb 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassFilterSerializer.java @@ -22,7 +22,7 @@ public JsonElement serialize(ClassFilter src, Type typeOfSrc, JsonSerializationC jsonObject.addProperty("parent_Class_name", src.getParentClassName()); jsonObject.addProperty("parent_class_Loader_name", src.getParentClassLoaderName()); jsonObject.addProperty("rule_id", src.getRuleId()); - jsonObject.add("stackTrace", context.serialize(convertStackTrace(src.getStackTrace()))); + jsonObject.add("stack_trace", context.serialize(convertStackTrace(src.getStackTrace()))); return jsonObject; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassUpload.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassUpload.java index bd1ff8878..92cdc3923 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassUpload.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/ClassUpload.java @@ -1,64 +1,64 @@ package com.security.smith.client.message; import java.time.Instant; -import java.util.Arrays; public class ClassUpload { - private String transId; - private int byteTotalLength; - private int byteOffset; - private int byteLength; - private byte[] classData; + private String trans_id = ""; + private int byte_total_length; + private int byte_offset; + private int byte_length; + private String class_data = ""; public String getTransId() { - return transId; + return trans_id; } public void setTransId(String traceId) { - this.transId = traceId; + this.trans_id = traceId; } - public int getByteTotalLength() { - return byteTotalLength; + public int getByte_Total_Length() { + return byte_total_length; } public void setByteTotalLength(int byteTotallength) { - this.byteTotalLength = byteTotallength; + this.byte_total_length = byteTotallength; } public int getByteOffset() { - return byteOffset; + return byte_offset; } public void setByteOffset(int byteOffset) { - this.byteOffset = byteOffset; + this.byte_offset = byteOffset; } public int getByteLength() { - return byteLength; + return byte_length; } public void setByteLength(int byteLength) { - this.byteLength = byteLength; + this.byte_length = byteLength; } - public byte[] getClassData() { - return classData; + public String getClassData() { + return class_data; } - public void setClassData(byte[] class_data) { - this.classData = class_data; + public void setClassData(String class_data) { + this.class_data = class_data; } @Override public String toString() { return "{" + - "transId: '" + transId + '\'' + - ", byteTotalLength: " + byteTotalLength + - ", byteOffset: " + byteOffset + - ", byteLength: " + byteLength + + "transId: '" + trans_id + '\'' + + ", byteTotalLength: " + byte_total_length + + ", byteOffset: " + byte_offset + + ", byteLength: " + byte_length + ", timestamp: " + Instant.now().getEpochSecond() + + ", classData: " + class_data + '}'; } } \ No newline at end of file diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java index c1c1ba8d2..378b0078e 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Heartbeat.java @@ -13,6 +13,15 @@ public class Heartbeat { private String class_filter_version; private int discard_count; + public Heartbeat() { + filter = ""; + block = ""; + limit = ""; + patch = ""; + class_filter_version = ""; + discard_count = 0; + } + public String getFilter() { return filter; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java index 4dcd8be7b..52d568e2d 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/Trace.java @@ -3,16 +3,15 @@ import com.google.gson.Gson; import com.google.gson.JsonElement; import com.google.gson.JsonObject; -import com.google.gson.JsonPrimitive; - import java.util.Arrays; public class Trace { private int classID; private int methodID; - private boolean blocked; - private String policyID; + private boolean blocked = false; + + private String policyID = ""; private Object ret; private Object[] args; diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java index 78a12dec8..f5293a271 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceDeserializer.java @@ -14,10 +14,10 @@ public Trace deserialize(JsonElement json, Type typeOfT, com.google.gson.JsonDes trace.setClassID(jsonObject.getAsJsonPrimitive("class_id").getAsInt()); trace.setMethodID(jsonObject.getAsJsonPrimitive("method_id").getAsInt()); trace.setBlocked(jsonObject.getAsJsonPrimitive("blocked").getAsBoolean()); - trace.setPolicyID(jsonObject.getAsJsonPrimitive("policyID").getAsString()); + trace.setPolicyID(jsonObject.getAsJsonPrimitive("policy_id").getAsString()); trace.setRet(context.deserialize(jsonObject.get("ret"), Object.class)); trace.setArgs(context.deserialize(jsonObject.get("args"), Object[].class)); - trace.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stackTrace"), String[].class))); + trace.setStackTrace(convertStackTrace(context.deserialize(jsonObject.get("stack_trace"), String[].class))); return trace; } diff --git a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java index bce3eafa0..37ca8e5a9 100644 --- a/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java +++ b/rasp/jvm/JVMProbe/src/main/java/com/security/smith/client/message/TraceSerializer.java @@ -16,10 +16,10 @@ public JsonElement serialize(Trace src, Type typeOfSrc, JsonSerializationContext jsonObject.addProperty("class_id", src.getClassID()); jsonObject.addProperty("method_id", src.getMethodID()); jsonObject.addProperty("blocked", src.isBlocked()); - jsonObject.addProperty("policyID", src.getPolicyID()); + jsonObject.addProperty("policy_id",src.getPolicyID()); jsonObject.add("ret",context.serialize(convertRet(src.getRet()))); jsonObject.add("args",context.serialize(convertArgs(src.getArgs()))); - jsonObject.add("stackTrace", context.serialize(convertStackTrace(src.getStackTrace()))); + jsonObject.add("stack_trace", context.serialize(convertStackTrace(src.getStackTrace()))); return jsonObject; } @@ -33,7 +33,6 @@ private String[] convertArgs(Object[] value) { result[i] = String.valueOf(value[i]); } return result; -// return Arrays.stream(value).map(String::valueOf).toArray(String[]::new); } private String[] convertStackTrace(StackTraceElement[] stackTrace) { From e172417c0e1524e597411c33a532404f5ffb06ae Mon Sep 17 00:00:00 2001 From: guoyanjun Date: Fri, 26 Jul 2024 08:57:37 +0000 Subject: [PATCH 2/2] Restore the commented-out checkJarFile functionality --- .../src/main/java/com/security/smithloader/SmithAgent.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java b/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java index 53e323c01..de0dedafe 100644 --- a/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java +++ b/rasp/jvm/JVMAgent/src/main/java/com/security/smithloader/SmithAgent.java @@ -2,6 +2,7 @@ import java.util.jar.Manifest; +import com.security.smithloader.common.JarUtil; import com.security.smithloader.common.ParseParameter; import com.security.smithloader.common.Reflection; import com.security.smithloader.log.SmithAgentLogger; @@ -270,13 +271,11 @@ public static void agentmain(String agentArgs, Instrumentation inst) { SmithAgentLogger.logger.info("checksumStr:" + checksumStr); SmithAgentLogger.logger.info("proberPath:" + proberPath); - /* if (!JarUtil.checkJarFile(proberPath,checksumStr)) { System.setProperty("smith.status", proberPath + " check fail"); SmithAgentLogger.logger.warning(proberPath + " check fail!"); return ; } - */ if(instrumentation == null) { instrumentation = inst;