From 2f2e081311697033c4aee1a0bbf29ccf1db2d53b Mon Sep 17 00:00:00 2001
From: zoujn <zoujn@tongtech.com>
Date: Tue, 8 Nov 2022 10:28:21 +0800
Subject: [PATCH] =?UTF-8?q?=E9=80=82=E9=85=8DTongWeb=E5=B5=8C=E5=85=A5?=
 =?UTF-8?q?=E5=BC=8F=E7=89=88?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../detector/ServerDetectorManager.java       |  1 +
 .../detector/TongWebEmbedDetector.java        | 35 +++++++++++++++++++
 .../TongWebEmbedApplicationFilterHook.java    | 29 +++++++++++++++
 .../TongWebEmbedCoyoteAdapterHook.java        | 25 +++++++++++++
 .../TongWebEmbedHttpInputHook.java            | 27 ++++++++++++++
 .../TongWebEmbedRequestEndHook.java           | 28 +++++++++++++++
 .../tongwebEmbed/TongWebEmbedRequestHook.java | 25 +++++++++++++
 .../TongWebEmbedResponseBodyHook.java         | 31 ++++++++++++++++
 .../TongwebEmbedOutputBufferHook.java         | 25 +++++++++++++
 9 files changed, 226 insertions(+)
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java
 create mode 100644 agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java

diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java
index 43698ebd7..24ea03dbe 100644
--- a/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java
@@ -46,6 +46,7 @@ private ServerDetectorManager() {
         detectors.add(new TongWebDetector());
         detectors.add(new TongWeb7Detector());
         detectors.add(new BESDetector());
+        detectors.add(new TongWebEmbedDetector());
 
     }
 
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java
new file mode 100644
index 000000000..448c16908
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java
@@ -0,0 +1,35 @@
+package com.baidu.openrasp.detector;
+
+import com.baidu.openrasp.tool.Reflection;
+import com.baidu.openrasp.tool.model.ApplicationModel;
+
+import java.security.ProtectionDomain;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:12
+ */
+public class TongWebEmbedDetector extends ServerDetector{
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/Server".equals(className);
+    }
+
+    @Override
+    public boolean handleServerInfo(ClassLoader classLoader, ProtectionDomain domain) {
+        String version = "";
+        try {
+            if (classLoader == null) {
+                classLoader = ClassLoader.getSystemClassLoader();
+            }
+            Class clazz = classLoader.loadClass("com.tongweb.container.util.ServerInfo");
+            version = (String) Reflection.invokeMethod(null, clazz, "getServerNumber", new Class[]{});
+            ApplicationModel.setServerInfo("tongweb", version);
+            return true;
+        } catch (Throwable t) {
+            logDetectError("handle Tongweb startup failed", t);
+        }
+        return false;
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java
new file mode 100644
index 000000000..73f5c4e3d
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java
@@ -0,0 +1,29 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerRequestHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:09
+ */
+@HookAnnotation
+public class TongWebEmbedApplicationFilterHook extends ServerRequestHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/core/ApplicationFilterChain".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String src = getInvokeStaticSrc(ServerRequestHook.class, "checkRequest", "$0,$1,$2", Object.class, Object.class,
+                Object.class);
+        insertBefore(ctClass, "doFilter", null, src);
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java
new file mode 100644
index 000000000..033399086
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerPreRequestHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:07
+ */
+@HookAnnotation
+public class TongWebEmbedCoyoteAdapterHook extends ServerPreRequestHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertBefore(ctClass, "service", null, src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/CoyoteAdapter".equals(className);
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java
new file mode 100644
index 000000000..dbd497e4e
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java
@@ -0,0 +1,27 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerInputHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:04
+ */
+@HookAnnotation
+public class TongWebEmbedHttpInputHook extends ServerInputHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return false;
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java
new file mode 100644
index 000000000..bfbdc41d8
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java
@@ -0,0 +1,28 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerRequestEndHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 15:32
+ */
+@HookAnnotation
+public class TongWebEmbedRequestEndHook extends ServerRequestEndHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/core/ApplicationFilterChain".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String requestEndSrc = getInvokeStaticSrc(ServerRequestEndHook.class, "checkRequestEnd", "");
+        insertAfter(ctClass, "doFilter", null, requestEndSrc, true);
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java
new file mode 100644
index 000000000..4e3cb32d5
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerParamHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 14:53
+ */
+@HookAnnotation
+public class TongWebEmbedRequestHook extends ServerParamHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertAfter(ctClass, "parseParameters", "()V", src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/Request".equals(className);
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java
new file mode 100644
index 000000000..9b16796de
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java
@@ -0,0 +1,31 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerParamHook;
+import com.baidu.openrasp.hook.server.ServerResponseBodyHook;
+import com.baidu.openrasp.hook.server.catalina.CatalinaResponseBodyHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 15:05
+ */
+@HookAnnotation
+public class TongWebEmbedResponseBodyHook extends ServerResponseBodyHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/connector/Response".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String src = getInvokeStaticSrc(CatalinaResponseBodyHook.class, "getBuffer", "$0,$1", Object.class, Object.class);
+        insertBefore(ctClass, "doWrite", "(Lorg/apache/tomcat/util/buf/ByteChunk;)V", src);
+        insertBefore(ctClass, "doWrite", "(Ljava/nio/ByteBuffer;)V", src);
+    }
+}
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java
new file mode 100644
index 000000000..3a62b959b
--- /dev/null
+++ b/agent/java/engine/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerOutputCloseHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:02
+ */
+@HookAnnotation
+public class TongwebEmbedOutputBufferHook extends ServerOutputCloseHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertBefore(ctClass, "close", "()V", src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/OutputBuffer".equals(className);
+    }
+}