search

jvm-rasp / jrasp-agent

专注于JVM的运行时防御系统RASP
https://www.jrasp.com
Other
276 stars 63 forks source link

[bug] java/io/File 缺少 hook 点 createNewFile 方法 #39

Closed yupd closed 12 months ago

xl1605368195 commented 12 months ago

https://github.com/jvm-rasp/jrasp-agent/commit/aa3b06a57f3f8294934de03053246b88a7cb90b6

jvm-rasp commented 12 months ago 
{
    "context":{
        "method":"GET",
        "protocol":"HTTP/1.1",
        "localAddr":"[0:0:0:0:0:0:0:1]",
        "remoteHost":"[0:0:0:0:0:0:0:1]",
        "requestURL":"http://localhost:8080/test2",
        "requestURI":"/test2",
        "contentType":"null",
        "contentLength":-1,
        "characterEncoding":"null",
        "parameters":"",
        "header":"cookie:context-profile-id=08cc00cb-b84a-4736-86eb-ac7e6e0e4511\npostman-token:46b7ac45-7f89-4c05-8920-ddafd0b01915\nhost:localhost:8080\nconnection:keep-alive\ncache-control:no-cache\naccept-encoding:gzip, deflate, br\naccept:*/*\nuser-agent:PostmanRuntime/7.28.4",
        "queryString":"",
        "marks":"",
        "body":""
    },
    "appName":"null",
    "metaInfo":"file-algorithm-1.1.3-2023-10-08T06:15:00Z",
    "stackTrace":"java.io.File.createNewFile(File.java),com.example.jettytest.TestController.test2(TestController.java:39),sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method),sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62),sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43),java.lang.reflect.Method.invoke(Method.java:498),org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205),org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150),org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117),org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895),org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808),org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87),org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072),org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965),org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006),org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898),javax.servlet.http.HttpServlet.service(HttpServlet.java:497),org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883),javax.servlet.http.HttpServlet.service(HttpServlet.java:584),org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:799),org.eclipse.jetty.servlet.ServletHandler$ChainEnd.doFilter(ServletHandler.java:1656),org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:292),org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193),org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626),org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100),org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117),org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193),org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626),org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93),org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117),org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193),org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626),org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201),org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117),org.eclipse.jetty.servlet.FilterHolder.doFilter(FilterHolder.java:193),org.eclipse.jetty.servlet.ServletHandler$Chain.doFilter(ServletHandler.java:1626),org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:552),org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143),org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:600),org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127),org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235),org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1624),org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233),org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1440),org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188),org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:505),org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1594),org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186),org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1355),org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141),org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127),org.eclipse.jetty.server.Server.handle(Server.java:516),org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:487),org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:732),org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:479),org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:277),org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311),org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105),org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104),org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:338),org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:315),org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:173),org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:137),org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:883),org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:1034),java.lang.Thread.run(Thread.java:748)",
    "payload":"../../../1.txt",
    "isBlocked":false,
    "attackType":"\u8def\u5f84\u7a7f\u8d8a",
    "algorithm":"\u8def\u5f84\u7a7f\u8d8a\u68c0\u6d4b\u7b97\u6cd5",
    "extend":"pathname: ../../../1.txt",
    "attackTime":1696746444045,
    "level":80
}