Dongtai-agent-java is DongTai Iast's data acquisition tool for Java applications. In a Java application with the iast agent added, the required data is collected by rewriting class bytecode, and then the data is sent to dongtai-OpenAPI service, and then the cloud engine processes the data to determine whether there are security holes.
Dongtai-agent-java consists of agent.jar
, dongtai-core-jar
, dongtai-spy. Jar
and dongtai-servlet.jar
:
agent.jar
It is used to manage agent life cycle and configuration. The life cycle of the Agent includes downloading, installing, starting, stopping, restarting, and uninstalling the agent. Agent configuration includes application startup mode, vulnerability verification mode, whether to enable agent, etc.dongtai-core.jar
The main functions of dongtai-core.jar are: bytecode piling, data collection, data preprocessing, data reporting, third-party component management, etc.dongtai-inject.jar
It is used to inject into the BootStrap ClassLoader. The data collection method in 'iast-core.jar' is then invoked in the target application.dongtai-servlet.jar
It is used to obtain the requests sent by the application and the responses received. It is used for data display and request replay.Please refer to the Quick Start.
Fork the DongTai-agent-java , clone your fork:
git clone https://github.com/<your-username>/DongTai-agent-java
Write code to your needs.
Compile Dongtai-agent-Java using Maven:
mvn clean package -Dmaven.test.skip=true
folder ./release
is generated in the project root directory after compilation:
release
├── dongtai-agent.jar
└── lib
├── dongtai-servlet.jar
├── dongtai-core.jar
└── dongtai-spy.jar
Copy dongtai-core.jar
、dongtai-spy.jar
、dongtai-servlet.jar
to the system temporary directory. Get the system temporary directory to run the following Java code:
System.getProperty("java.io.tmpdir.dongtai");
Run the application and test the code (for example, SpringBoot) : java -javaagent:/path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar
Contribute code. If you want to contribute code to the DongTai IAST team, please read the full contribution guide.