HXSecurity · Nizernizer · May 18, 2022 · May 17, 2022 · May 18, 2022
diff --git a/...c/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/DispatchKafka.java b/...c/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/DispatchKafka.java
@@ -7,6 +7,7 @@
 public class DispatchKafka implements DispatchPlugin {
     private final String classOfKafkaProducer = " org.apache.kafka.clients.producer.KafkaProducer".substring(1);
     private final String classOfKafkaConsumer = " org.apache.kafka.clients.consumer.KafkaConsumer".substring(1);
+    private final String classOfAbstractConfig = " org.apache.kafka.common.config.AbstractConfig".substring(1);
     private final String classOfSpringKafkaMessageListenerContainer = " org.springframework.kafka.listener.KafkaMessageListenerContainer$ListenerConsumer".substring(1);
 
     @Override
@@ -17,6 +18,8 @@ public ClassVisitor dispatch(ClassVisitor classVisitor, IastContext context) {
             classVisitor = new KafkaProducerAdapter(classVisitor, context);
         } else if (classOfKafkaConsumer.equals(className)) {
             classVisitor = new KafkaConsumerAdapter(classVisitor, context);
+        } else if (classOfAbstractConfig.equals(className)) {
+            classVisitor = new KafkaAbstractConfigAdapter(classVisitor, context);
         } else if (classOfSpringKafkaMessageListenerContainer.equals(className)) {
             classVisitor = new SpringKafkaMessageListenerContainerAdapter(classVisitor, context);
         }

diff --git a/...o/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaAbstractConfigAdapter.java b/...o/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaAbstractConfigAdapter.java
@@ -0,0 +1,27 @@
+package io.dongtai.iast.core.bytecode.enhance.plugin.service.kafka;
+
+import io.dongtai.iast.core.bytecode.enhance.IastContext;
+import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractClassVisitor;
+import io.dongtai.log.DongTaiLog;
+import org.objectweb.asm.*;
+
+public class KafkaAbstractConfigAdapter extends AbstractClassVisitor {
+    private String classDesc;
+
+    public KafkaAbstractConfigAdapter(ClassVisitor classVisitor, IastContext context) {
+        super(classVisitor, context);
+    }
+
+    @Override
+    public MethodVisitor visitMethod(final int access, final String name, final String desc, final String signature, final String[] exceptions) {
+        MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
+        int argCount = Type.getArgumentTypes(desc).length;
+
+        if ("<init>".equals(name) && argCount >= 3) {
+            DongTaiLog.debug("Adding kafka tracking for type {}.{}", context.getClassName(), name);
+            mv = new KafkaAbstractConfigInitAdviceAdapter(mv, access, name, desc);
+            setTransformed();
+        }
+        return mv;
+    }
+}
diff --git a/...ice/kafka/KafkaConsumerAdviceAdapter.java → ...KafkaAbstractConfigInitAdviceAdapter.java b/...ice/kafka/KafkaConsumerAdviceAdapter.java → ...KafkaAbstractConfigInitAdviceAdapter.java
@@ -8,23 +8,22 @@
 import org.objectweb.asm.Type;
 import org.objectweb.asm.commons.AdviceAdapter;
 
-import java.util.ArrayList;
+import java.util.List;
 
-public class KafkaConsumerAdviceAdapter extends AdviceAdapter implements AsmTypes, AsmMethods {
+public class KafkaAbstractConfigInitAdviceAdapter extends AdviceAdapter implements AsmTypes, AsmMethods {
     private int localServers;
     private int localServersString;
-    protected KafkaConsumerAdviceAdapter(MethodVisitor mv, int access, String name, String desc) {
+    protected KafkaAbstractConfigInitAdviceAdapter(MethodVisitor mv, int access, String name, String desc) {
         super(AsmUtils.api, mv, access, name, desc);
     }
 
     @Override
     protected void onMethodExit(int opcode) {
         if (opcode != ATHROW) {
-            localServers = newLocal(Type.getType(ArrayList.class));
-            loadArg(0);
+            localServers = newLocal(Type.getType(List.class));
+            loadThis();
             push("bootstrap.servers");
-            mv.visitMethodInsn(INVOKEINTERFACE, "java/util/Map", "get", "(Ljava/lang/Object;)Ljava/lang/Object;", true);
-            mv.visitTypeInsn(CHECKCAST, "java/util/ArrayList");
+            mv.visitMethodInsn(INVOKEVIRTUAL, " org/apache/kafka/common/config/AbstractConfig".substring(1), "getList", "(Ljava/lang/String;)Ljava/util/List;", false);
             storeLocal(localServers);
 
             localServersString = newLocal(Type.getType(String.class));

diff --git a/...java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaConsumerAdapter.java b/...java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaConsumerAdapter.java
@@ -17,15 +17,7 @@ public MethodVisitor visitMethod(final int access, final String name, final Stri
         MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
         int argCount = Type.getArgumentTypes(desc).length;
 
-        if ("<init>".equals(name)) {
-            DongTaiLog.debug("Adding kafka tracking for type {}.{}", context.getClassName(), name);
-            if ("(Ljava/util/Map;Lorg/apache/kafka/common/serialization/Deserializer;Lorg/apache/kafka/common/serialization/Deserializer;)V".equals(desc)) {
-                mv = new KafkaConsumerAdviceAdapter(mv, access, name, desc);
-            } else if ("(Lorg/apache/kafka/clients/consumer/ConsumerConfig;Lorg/apache/kafka/common/serialization/Deserializer;Lorg/apache/kafka/common/serialization/Deserializer;)V".equals(desc)) {
-                mv = new KafkaConsumerInitAdviceAdapter(mv, access, name, desc);
-            }
-            setTransformed();
-        } else if ("poll".equals(name) && argCount == 2) {
+        if ("poll".equals(name) && argCount == 2) {
             DongTaiLog.debug("Adding kafka tracking for type {}.{}", context.getClassName(), name);
 
             mv = new KafkaConsumerPollAdviceAdapter(mv, access, name, desc);

diff --git a/...ngtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaConsumerInitAdviceAdapter.java b/...ngtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaConsumerInitAdviceAdapter.java
diff --git a/...java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaProducerAdapter.java b/...java/io/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaProducerAdapter.java
@@ -15,11 +15,7 @@ public MethodVisitor visitMethod(final int access, final String name, final Stri
         MethodVisitor mv = super.visitMethod(access, name, desc, signature, exceptions);
         int argCount = Type.getArgumentTypes(desc).length;
 
-        if ("<init>".equals(name) && argCount == 7) {
-            DongTaiLog.debug("Adding kafka tracking for type {}.{}", context.getClassName(), name);
-            mv = new KafkaProducerAdviceAdapter(mv, access, name, desc);
-            setTransformed();
-        } else if ("send".equals(name) && argCount == 2) {
+        if ("send".equals(name) && argCount == 2) {
             DongTaiLog.debug("Adding kafka tracking for type {}.{}", context.getClassName(), name);
             mv = new KafkaProducerSendAdviceAdapter(mv, access, name, desc);
             setTransformed();

diff --git a/...o/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaProducerAdviceAdapter.java b/...o/dongtai/iast/core/bytecode/enhance/plugin/service/kafka/KafkaProducerAdviceAdapter.java
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java
@@ -483,7 +483,7 @@ public boolean collectMethodPool(Object instance, Object[] argumentArray, Object
                             HttpImpl.solveHttp(event);
                         } else if (HookType.RPC.equals(hookType)) {
                             solveRPC(framework, event);
-                        } else if (HookType.PROPAGATOR.equals(hookType) && !EngineManager.TAINT_POOL.get().isEmpty()) {
+                        } else if (HookType.PROPAGATOR.equals(hookType) && !EngineManager.TAINT_POOL.isEmpty()) {
                             PropagatorImpl.solvePropagator(event, INVOKE_ID_SEQUENCER);
                         } else if (HookType.SOURCE.equals(hookType)) {
                             SourceImpl.solveSource(event, INVOKE_ID_SEQUENCER);

diff --git a/.../src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/.../src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java
@@ -1,19 +1,13 @@
 package io.dongtai.iast.core.handler.hookpoint.controller.impl;
 
 import io.dongtai.iast.core.EngineManager;
-import io.dongtai.iast.core.handler.hookpoint.models.IastHookRuleModel;
-import io.dongtai.iast.core.handler.hookpoint.models.IastPropagatorModel;
-import io.dongtai.iast.core.handler.hookpoint.models.MethodEvent;
+import io.dongtai.iast.core.handler.hookpoint.models.*;
 import io.dongtai.iast.core.handler.hookpoint.vulscan.dynamic.TrackUtils;
 import io.dongtai.iast.core.utils.StackUtils;
 import io.dongtai.iast.core.utils.TaintPoolUtils;
-import io.dongtai.log.DongTaiLog;
 
 import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
+import java.util.*;
 import java.util.concurrent.atomic.AtomicInteger;
 
 import static io.dongtai.iast.core.utils.HashCode.isNotEmpty;
@@ -35,7 +29,7 @@ public class PropagatorImpl {
     private static final String SPRING_OBJECT = " org.springframework.".substring(1);
 
     public static void solvePropagator(MethodEvent event, AtomicInteger invokeIdSequencer) {
-        if (!EngineManager.TAINT_POOL.get().isEmpty()) {
+        if (!EngineManager.TAINT_POOL.isEmpty()) {
             IastPropagatorModel propagator = IastHookRuleModel.getPropagatorByMethodSignature(event.signature);
             if (propagator != null) {
                 auxiliaryPropagator(propagator, invokeIdSequencer, event);

diff --git a/...re/src/main/java/io/dongtai/iast/core/handler/hookpoint/framework/dubbo/DubboHandler.java b/...re/src/main/java/io/dongtai/iast/core/handler/hookpoint/framework/dubbo/DubboHandler.java
@@ -192,7 +192,7 @@ private static boolean isNotEmpty(Object obj) {
     }
 
     public static void solveClientExit(Object invocation, Object rpcResult) {
-        if (EngineManager.TAINT_POOL.get().isEmpty()) {
+        if (EngineManager.TAINT_POOL.isEmpty()) {
             return;
         }
 
@@ -259,36 +259,38 @@ public static void solveClientExit(Object invocation, Object rpcResult) {
 
     public static void solveServiceExit(Object invocation, Object rpcResult) {
         try {
-            if (null != EngineManager.TAINT_POOL.get() && !EngineManager.TAINT_POOL.get().isEmpty()) {
-                MethodEvent event = new MethodEvent(
-                        0,
-                        0,
-                        "*.dubbo.monitor.support.MonitorFilter",
-                        "*.dubbo.monitor.support.MonitorFilter",
-                        "invoke",
-                        "com.alibaba.dubbo.monitor.support.MonitorFilter#invoke",
-                        "com.alibaba.dubbo.monitor.support.MonitorFilter#invoke",
-                        null,
-                        new Object[]{rpcResult},
-                        null,
-                        "DUBBO",
-                        false,
-                        null
-                );
-                Set<Object> modelItems = SourceImpl.parseCustomModel(rpcResult);
-                boolean isHitTaints = false;
-                for (Object item : modelItems) {
-                    isHitTaints = isHitTaints || TaintPoolUtils.poolContains(item, event, false);
-                }
-                if (isHitTaints) {
-                    int invokeId = SpyDispatcherImpl.INVOKE_ID_SEQUENCER.getAndIncrement();
-                    event.setInvokeId(invokeId);
-                    event.setPlugin("DUBBO");
-                    event.setServiceName("");
-                    event.setProjectPropagatorClose(true);
-                    event.setCallStack(StackUtils.getLatestStack(5));
-                    EngineManager.TRACK_MAP.addTrackMethod(invokeId, event);
-                }
+            if (EngineManager.TAINT_POOL.isEmpty()) {
+                return;
+            }
+
+            MethodEvent event = new MethodEvent(
+                    0,
+                    0,
+                    "*.dubbo.monitor.support.MonitorFilter",
+                    "*.dubbo.monitor.support.MonitorFilter",
+                    "invoke",
+                    "com.alibaba.dubbo.monitor.support.MonitorFilter#invoke",
+                    "com.alibaba.dubbo.monitor.support.MonitorFilter#invoke",
+                    null,
+                    new Object[]{rpcResult},
+                    null,
+                    "DUBBO",
+                    false,
+                    null
+            );
+            Set<Object> modelItems = SourceImpl.parseCustomModel(rpcResult);
+            boolean isHitTaints = false;
+            for (Object item : modelItems) {
+                isHitTaints = isHitTaints || TaintPoolUtils.poolContains(item, event, false);
+            }
+            if (isHitTaints) {
+                int invokeId = SpyDispatcherImpl.INVOKE_ID_SEQUENCER.getAndIncrement();
+                event.setInvokeId(invokeId);
+                event.setPlugin("DUBBO");
+                event.setServiceName("");
+                event.setProjectPropagatorClose(true);
+                event.setCallStack(StackUtils.getLatestStack(5));
+                EngineManager.TRACK_MAP.addTrackMethod(invokeId, event);
             }
         }catch (Exception e){
             DongTaiLog.debug(e);