1. 源hook点获取同一污点进行过滤

2. 将部分过滤hook点作为传播点

Author: keven1z

agent/src/main/java/com/keven1z/Agent.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2023/5/16
+ * @since 2023/5/16
  */
 public class Agent {
     public static String projectVersion;

agent/src/main/java/com/keven1z/JarFileHelper.java

@@ -11,7 +11,7 @@
 
 /**
  * @author keven1z
- * @date 2022/04/21
+ * @since 2022/04/21
  */
 public class JarFileHelper {
 

agent/src/main/java/com/keven1z/ModuleContainer.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/21
+ * @since 2023/02/21
  */
 
 public class ModuleContainer implements Module {

agent/src/main/java/com/keven1z/ModuleLoader.java

@@ -14,7 +14,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/21
+ * @since 2023/02/21
  */
 public class ModuleLoader {
     public static final String ENGINE_JAR = "iast-engine.jar";

agent/src/main/java/com/keven1z/SimpleIASTClassLoader.java

@@ -9,7 +9,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/23
+ * @since 2023/02/23
  * 参考 @link <a href="https://github.com/alibaba/jvm-sandbox/blob/master/sandbox-agent/src/main/java/com/alibaba/jvm/sandbox/agent/SandboxClassLoader.java">jvm-sandbox</a>
  */
 public class SimpleIASTClassLoader extends URLClassLoader {

engine/src/main/java/com/keven1z/core/EngineBoot.java

@@ -21,7 +21,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/21
+ * @since 2023/02/21
  */
 public class EngineBoot {
     EngineController engineController = null;

engine/src/main/java/com/keven1z/core/EngineController.java

@@ -36,7 +36,7 @@
  * 引擎加载类
  *
  * @author keven1z
- * @date 2023/02/21
+ * @since 2023/02/21
  */
 public class EngineController {
     public static final IASTContext context = IASTContext.getContext();

engine/src/main/java/com/keven1z/core/consts/HTTPConst.java

@@ -2,7 +2,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/22
+ * @since 2023/10/22
  */
 public class HTTPConst {
     /*

engine/src/main/java/com/keven1z/core/hook/asm/HardcodedClassVisitor.java

@@ -17,7 +17,7 @@
 
 /**
  * @author keven1z
- * @date 2024/07/28
+ * @since 2024/07/28
  */
 public class HardcodedClassVisitor extends ClassVisitor {
 

engine/src/main/java/com/keven1z/core/hook/asm/adapter/HookAdviceAdapter.java

@@ -12,7 +12,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/23
+ * @since 2023/10/23
  */
 public class HookAdviceAdapter extends IASTAdviceAdapter {
     protected final String methodName;

engine/src/main/java/com/keven1z/core/hook/asm/adapter/IASTAdviceAdapter.java

@@ -6,7 +6,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/19
+ * @since 2023/10/19
  */
 public class IASTAdviceAdapter extends AdviceAdapter {
     protected IASTAdviceAdapter(int api, MethodVisitor methodVisitor, int access, String name, String descriptor) {

engine/src/main/java/com/keven1z/core/hook/server/detectors/GlassfishDetector.java

@@ -9,7 +9,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class GlassfishDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " com/sun/enterprise/glassfish/bootstrap/ASMain".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/JettyDetector.java

@@ -10,7 +10,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class JettyDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " org/eclipse/jetty/server/Server".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/ResinDetector.java

@@ -7,7 +7,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class ResinDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " com/caucho/server/resin/Resin".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/TongWebDetector.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class TongWebDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " com/tongweb/web/thor/Server".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/UndertowDetector.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class UndertowDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " io/undertow/server/HttpHandler".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/WebLogicDetector.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class WebLogicDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " weblogic/Server".substring(1);

engine/src/main/java/com/keven1z/core/hook/server/detectors/WildFlyDetector.java

@@ -9,7 +9,7 @@
 
 /**
  * @author keven1z
- * @date 2024/09/22
+ * @since 2024/09/22
  */
 public class WildFlyDetector extends ServerDetector {
     private static final String SERVER_FLAG_CLASS = " org/jboss/as/server/Main".substring(1);

engine/src/main/java/com/keven1z/core/model/graph/TaintData.java

@@ -12,7 +12,7 @@
 
 /**
  * @author keven1z
- * @Date 2021/6/11
+ * @since 2021/6/11
  * @Description hook类的信息
  */
 public class TaintData {

engine/src/main/java/com/keven1z/core/model/graph/TaintGraph.java

@@ -8,7 +8,7 @@
  * hook信息图结构
  *
  * @author keven1z
- * @date 2021/11/18
+ * @since 2021/11/18
  */
 public class TaintGraph {
 

engine/src/main/java/com/keven1z/core/monitor/HeartBeatMonitor.java

@@ -7,7 +7,7 @@
  /**
   * 心跳线程
   * @author keven1z
-  * @date 2023/11/3
+  * @since 2023/11/3
   */
 
 public class HeartBeatMonitor extends Monitor {

engine/src/main/java/com/keven1z/core/pojo/HttpMessage.java

@@ -7,7 +7,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/22
+ * @since 2023/10/22
  */
 public class HttpMessage {
     private String url;

engine/src/main/java/com/keven1z/core/pojo/finding/HardcodedFindingData.java

@@ -4,7 +4,7 @@
 
 /**
  * @author keven1z
- * @date 2024/07/28
+ * @since 2024/07/28
  */
 public class HardcodedFindingData extends FindingData {
     // 类名

engine/src/main/java/com/keven1z/core/policy/Policy.java

@@ -7,7 +7,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/22
+ * @since 2023/02/22
  */
 public class Policy implements Serializable,Comparable<Policy> {
     public Policy(String className, String method, String desc) {

engine/src/main/java/com/keven1z/core/taint/resolvers/HandlerHookClassResolver.java

@@ -3,7 +3,7 @@
 /**
  * 通过解析器集合解析hook class
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  */
 public interface HandlerHookClassResolver {
 

engine/src/main/java/com/keven1z/core/taint/resolvers/HandlerHookClassResolverInitializer.java

@@ -12,7 +12,7 @@
 
 /**
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  * Hook分发初始化类
  */
 public class HandlerHookClassResolverInitializer {

engine/src/main/java/com/keven1z/core/taint/resolvers/PropagationClassResolver.java

@@ -16,7 +16,7 @@
  * 污点传播阶段的解析器
  *
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  */
 public class PropagationClassResolver implements HandlerHookClassResolver {
     @Override

engine/src/main/java/com/keven1z/core/taint/resolvers/SanitizerClassResolver.java

@@ -18,7 +18,7 @@
  * 无害处理阶段的解析器
  *
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  */
 public class SanitizerClassResolver implements HandlerHookClassResolver {
     @Override

engine/src/main/java/com/keven1z/core/taint/resolvers/SinkClassResolver.java

@@ -15,7 +15,7 @@
  * 污染汇聚点的解析器
  *
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  */
 public class SinkClassResolver implements HandlerHookClassResolver {
     @Override

engine/src/main/java/com/keven1z/core/taint/resolvers/SourceClassResolver.java

@@ -28,7 +28,7 @@
  * 污染源的解析器
  *
  * @author keven1z
- * @date 2023/01/15
+ * @since 2023/01/15
  */
 public class SourceClassResolver implements HandlerHookClassResolver {
     private static final String[] USER_PACKAGE_PREFIX = new String[]{"java", "javax", " org.spring".substring(1), " org.apache".substring(1), " io.undertow".substring(1)};
@@ -50,12 +50,16 @@ public void resolve(Object returnObject, Object thisObject, Object[] parameters,
             resolveBeanHook(className, method, desc, returnObject, fromMap);
             return;
         }
-
+        int returnIdentityHashCode = System.identityHashCode(returnObject);
+        //如果已经存在同一污点,不继续加入该污染源
+        if (TAINT_GRAPH_THREAD_LOCAL.get().isTaint(returnIdentityHashCode)) {
+            return;
+        }
         TaintData taintData = new TaintData(className, method, desc, PolicyTypeEnum.SOURCE);
         searchAndFillSourceFromReturnObject(returnObject, taintData);
         taintData.setFromValue(getSourceFromName(fromMap));
         //加入原始对象的hashcode
-        taintData.setToObjectHashCode(System.identityHashCode(returnObject));
+        taintData.setToObjectHashCode(returnIdentityHashCode);
         TaintUtils.buildTaint(returnObject, taintData, true);
     }
 

engine/src/main/java/com/keven1z/core/utils/Base64Utils.java

@@ -5,7 +5,7 @@
 
 /**
  * @author keven1z
- * @date 2024/07/28
+ * @since 2024/07/28
  */
 public class Base64Utils {
     /**

engine/src/main/java/com/keven1z/core/utils/ClassUtils.java

@@ -12,7 +12,7 @@
 
 /**
  * @author keven1z
- * @date 2023/02/06
+ * @since 2023/02/06
  */
 public class ClassUtils {
     private static final String[] IGNORE_OBJECT_CLASS = new String[]{"java.lang.Object", "java.lang.Cloneable", "java.io.Serializable", "java.lang.Iterable"};

engine/src/main/java/com/keven1z/core/utils/StackUtils.java

@@ -8,7 +8,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/15
+ * @since 2023/10/15
  */
 public class StackUtils {
     /**

engine/src/main/java/com/keven1z/core/vulnerability/FlowProcessingStation.java

@@ -17,7 +17,7 @@
 
 /**
  * @author keven1z
- * @date 2023/10/29
+ * @since 2023/10/29
  * hook以及流量处理类
  */
 public class FlowProcessingStation {