Dongtai IAST is an open-source Interactive Application Security Testing (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation. It is particularly suitable for use in the testing phase of the development pipeline.
Preflight Checklist
Version
1.0.0
Installation Type
Official Docker Compose
Service Name
DongTai-Core
Describe the details of the bug and the steps to reproduce it
自动安装agent时报如下错误,配置如下: [root@localhost:NO LICENSE:Standalone] ~ # /usr/lib/jvm/jre/bin/java -version openjdk version "1.8.0_212" OpenJDK Runtime Environment (build 1.8.0_212-b04) OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode) [root@localhost:NO LICENSE:Standalone] ~ # ps aux |grep 10645 root 7582 0.0 0.0 114736 964 pts/0 S+ 02:52 0:00 grep 10645 tomcat 10645 2.4 6.4 2577384 261376 ? Ssl Sep07 22:14 /usr/lib/jvm/jre/bin/java -Dhttps.protocols=TLSv1.1,TLSv1.2 -Dpython.cachedir=/var/tmp -Djava.library.path=/usr/lib -Dfile.encoding=UTF-8 -client -Xmx110m -XX:MaxPermSize=80m -XX:-UseLargePages -XX:OnOutOfMemoryError=/usr/bin/restart_tomcat -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/cache/tomcat/temp -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -XX:+StartAttachListener org.apache.catalina.startup.Bootstrap run start [root@localhost:NO LICENSE:Standalone] ~ # tomcat Usage: /sbin/tomcat {run|start|start-security|stop|version} [root@localhost:NO LICENSE:Standalone] ~ # tomcat version Server version: Apache Tomcat/7.0.90 Server built: Jun 23 2021 05:51:56 UTC Server number: 7.0.90.0 OS Name: Linux OS Version: 3.10.0-862.14.4.el7.ve.x86_64 Architecture: amd64 JVM Version: 1.8.0_212-b04 JVM Vendor: Oracle Corporation [root@localhost:NO LICENSE:Standalone] ~ # /usr/lib/jvm/jre/bin/java -jar agent.jar -m install -p 10645 [cn.huoxian.dongtai.iast] trying attach dongtai to process 10645, agent address is /root/agent.jar [cn.huoxian.dongtai.iast] attach failed java.io.IOException: Connection reset by peer at sun.tools.attach.LinuxVirtualMachine.read(Native Method) at sun.tools.attach.LinuxVirtualMachine$SocketInputStream.read(LinuxVirtualMachine.java:265) at sun.tools.attach.HotSpotVirtualMachine.readInt(HotSpotVirtualMachine.java:280) at sun.tools.attach.LinuxVirtualMachine.execute(LinuxVirtualMachine.java:199) at sun.tools.attach.HotSpotVirtualMachine.loadAgentLibrary(HotSpotVirtualMachine.java:58) at sun.tools.attach.HotSpotVirtualMachine.loadAgentLibrary(HotSpotVirtualMachine.java:79) at sun.tools.attach.HotSpotVirtualMachine.loadAgent(HotSpotVirtualMachine.java:103) at com.secnium.iast.agent.AttachLauncher.attach(AttachLauncher.java:21) at com.secnium.iast.agent.Agent.main(Agent.java:41) engine install success for pid: 10645
Additional Information
No response
Logs
No response