Merge branch 'main' into feature/issue/319

Author: luzhongyang

.github/workflows/build_and_upload_package.yaml

@@ -2,10 +2,12 @@ name: Build DongTai Core Package and push to Ali OSS
 
 on:
   pull_request:
-    branches: [ develop ]
-
+    branches: [ main ]
+  push:
+    branches: [ main ]
 jobs:
   build:
+    if: ${{ github.event_name == 'push' }}
     runs-on: ubuntu-latest
     strategy:
       max-parallel: 4

dongtai/engine/vul_engine.py

@@ -35,6 +35,7 @@ def __init__(self):
         self.taint_link_size = 0
         self.edge_code = 1
         self.taint_value = ''
+        self.vul_type = None
 
     @property
     def method_pool(self):
@@ -103,7 +104,8 @@ def method_pool_signatures(self):
             signatures.add(f"{method.get('className').replace('/', '.')}.{method.get('methodName')}")
         return signatures
 
-    def search(self, method_pool, vul_method_signature):
+    def search(self, method_pool, vul_method_signature, vul_type=None):
+        self.vul_type = vul_type
         self.prepare(method_pool, vul_method_signature)
         size = len(self.method_pool)
         for index in range(size):
@@ -122,6 +124,35 @@ def search(self, method_pool, vul_method_signature):
             logger.info(f'==> current taint hash: {self.pool_value}')
             if self.loop(index, size, current_link):
                 break
+        self.vul_filter()
+
+    def vul_filter(self):
+        # 分析是否存在过滤条件，排除误报
+        # 根据漏洞类型，查询filter方法
+        # 检查vul_
+        if self.vul_source_signature:
+            # mark there has a vul
+            # if vul_type has filter, do escape
+            stack_count = len(self.vul_stack)
+            for index in range(0, stack_count):
+                stack = self.vul_stack[index]
+                for item in stack:
+                    if 'java.net.URL.<init>' == item["signature"]:
+                        url = item['sourceValues']
+                        origin_source = stack[0]['targetValues']
+                        from urllib.parse import urlparse
+                        o = urlparse(url)
+                        if origin_source not in f'{o.scheme}://{o.netloc}{o.path}':
+                            print(origin_source, url)
+                            self.vul_stack[index] = []
+                            break
+            vul_source_signature = self.vul_source_signature
+            self.vul_source_signature = None
+            for index in range(0, stack_count):
+                if self.vul_stack[index]:
+                    self.vul_source_signature = vul_source_signature
+                else:
+                    continue
 
     @staticmethod
     def copy_method(method_detail, sink=False, source=False, propagator=False, filter=False):

dongtai/models/agent.py

@@ -23,6 +23,7 @@ class IastAgent(models.Model):
         related_query_name='agent',
         verbose_name=_('server'),
     )
+    is_audit = models.IntegerField(blank=True, null=True)
     is_running = models.IntegerField(blank=True, null=True)
     is_core_running = models.IntegerField(blank=True, null=True)
     control = models.IntegerField(blank=True, null=True)