HXSecurity · lostsnow · Nov 8, 2022 · Nov 7, 2022
diff --git a/...ore/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/AbstractAdviceAdapter.java b/...ore/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/AbstractAdviceAdapter.java
@@ -136,7 +136,7 @@ public void trackMethod(
         loadThisOrPushNullIfIsStatic();
         loadArgArray();
         loadLocal(this.nextLocal - 1);
-        push(policyNode.getMethodMatcher().toString());
+        push(policyNode.toString());
         push(this.context.getClassName());
         push(this.context.getMatchedClassName());
         push(this.name);

diff --git a/.../src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java b/.../src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/core/DispatchClassPlugin.java
@@ -5,7 +5,8 @@
 import io.dongtai.iast.core.bytecode.enhance.plugin.AbstractClassVisitor;
 import io.dongtai.iast.core.bytecode.enhance.plugin.DispatchPlugin;
 import io.dongtai.iast.core.bytecode.enhance.plugin.core.adapter.*;
-import io.dongtai.iast.core.handler.hookpoint.models.policy.*;
+import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy;
+import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyNode;
 import io.dongtai.iast.core.utils.AsmUtils;
 import io.dongtai.log.DongTaiLog;
 import org.objectweb.asm.ClassVisitor;
@@ -97,29 +98,11 @@ private MethodVisitor lazyAop(MethodVisitor mv, int access, String name, String
                                       MethodContext methodContext) {
             Set<PolicyNode> matchedNodes = new HashSet<PolicyNode>();
 
-            List<SourceNode> sourceNodes = this.policy.getSources();
-            if (sourceNodes != null && sourceNodes.size() != 0) {
-                for (SourceNode sourceNode : sourceNodes) {
-                    if (sourceNode.getMethodMatcher().match(methodContext)) {
-                        matchedNodes.add(sourceNode);
-                    }
-                }
-            }
-
-            List<PropagatorNode> propagatorNodes = this.policy.getPropagators();
-            if (sourceNodes != null && sourceNodes.size() != 0) {
-                for (PropagatorNode propagatorNode : propagatorNodes) {
-                    if (propagatorNode.getMethodMatcher().match(methodContext)) {
-                        matchedNodes.add(propagatorNode);
-                    }
-                }
-            }
-
-            List<SinkNode> sinkNodes = this.policy.getSinks();
-            if (sourceNodes != null && sourceNodes.size() != 0) {
-                for (SinkNode sinkNode : sinkNodes) {
-                    if (sinkNode.getMethodMatcher().match(methodContext)) {
-                        matchedNodes.add(sinkNode);
+            Map<String, PolicyNode> policyNodesMap = this.policy.getPolicyNodesMap();
+            if (policyNodesMap != null && policyNodesMap.size() != 0) {
+                for (Map.Entry<String, PolicyNode> entry : policyNodesMap.entrySet()) {
+                    if (entry.getValue().getMethodMatcher().match(methodContext)) {
+                        matchedNodes.add(entry.getValue());
                     }
                 }
             }

diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/SpyDispatcherImpl.java
@@ -429,12 +429,12 @@ private void solveRPC(String framework, MethodEvent event) {
     }
 
     @Override
-    public boolean collectMethod(Object instance, Object[] parameters, Object retObject, String methodMatcher,
+    public boolean collectMethod(Object instance, Object[] parameters, Object retObject, String policyKey,
                                  String className, String matchedClassName, String methodName, String signature,
                                  boolean isStatic) {
         try {
             ScopeManager.SCOPE_TRACKER.getPolicyScope().enterAgent();
-            PolicyNode policyNode = getPolicyNode(methodMatcher);
+            PolicyNode policyNode = getPolicyNode(policyKey);
             if (policyNode == null) {
                 return false;
             }
@@ -488,7 +488,7 @@ private boolean isCollectAllowed(String className, String methodName, String sig
         return true;
     }
 
-    private PolicyNode getPolicyNode(String methodMatcher) {
+    private PolicyNode getPolicyNode(String policyKey) {
         AgentEngine agentEngine = AgentEngine.getInstance();
         PolicyManager policyManager = agentEngine.getPolicyManager();
         if (policyManager == null) {
@@ -499,6 +499,6 @@ private PolicyNode getPolicyNode(String methodMatcher) {
             return null;
         }
 
-        return policy.getPolicyNode(methodMatcher);
+        return policy.getPolicyNode(policyKey);
     }
 }
diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/policy/Policy.java
@@ -16,7 +16,7 @@ public List<SourceNode> getSources() {
 
     public void addSource(SourceNode source) {
         this.sources.add(source);
-        addHooks(source);
+        addPolicyNode(source);
     }
 
     public List<PropagatorNode> getPropagators() {
@@ -25,7 +25,7 @@ public List<PropagatorNode> getPropagators() {
 
     public void addPropagator(PropagatorNode propagator) {
         this.propagators.add(propagator);
-        addHooks(propagator);
+        addPolicyNode(propagator);
     }
 
     public List<SinkNode> getSinks() {
@@ -34,22 +34,22 @@ public List<SinkNode> getSinks() {
 
     public void addSink(SinkNode sink) {
         this.sinks.add(sink);
-        addHooks(sink);
+        addPolicyNode(sink);
     }
 
-    public PolicyNode getPolicyNode(String methodMatcher) {
-        return this.policyNodesMap.get(methodMatcher);
+    public PolicyNode getPolicyNode(String policyKey) {
+        return this.policyNodesMap.get(policyKey);
     }
 
     public Map<String, PolicyNode> getPolicyNodesMap() {
         return this.policyNodesMap;
     }
 
-    public void addHooks(PolicyNode node) {
+    public void addPolicyNode(PolicyNode node) {
         SignatureMethodMatcher methodMatcher;
         if (node.getMethodMatcher() instanceof SignatureMethodMatcher) {
             methodMatcher = (SignatureMethodMatcher) node.getMethodMatcher();
-            this.policyNodesMap.put(methodMatcher.toString(), node);
+            this.policyNodesMap.put(node.toString(), node);
             addHooks(methodMatcher.getSignature().getClassName(), node.getInheritable());
         }
     }
@@ -78,4 +78,12 @@ public String getMatchedClass(String className, Set<String> ancestors) {
     public boolean isMatchClass(String className) {
         return this.classHooks.contains(className) || this.ancestorClassHooks.contains(className);
     }
+
+    public Set<String> getClassHooks() {
+        return this.classHooks;
+    }
+
+    public Set<String> getAncestorClassHooks() {
+        return this.ancestorClassHooks;
+    }
 }
diff --git a/...policy-node-count-src0-p2-sink2-cls2.json → ...ode-count-src0-p2-sink2-policy4-cls2.json b/...policy-node-count-src0-p2-sink2-cls2.json → ...ode-count-src0-p2-sink2-policy4-cls2.json
diff --git a/...policy-node-count-src1-p3-sink1-cls5.json → ...ode-count-src1-p3-sink1-policy5-cls4.json b/...policy-node-count-src1-p3-sink1-cls5.json → ...ode-count-src1-p3-sink1-policy5-cls4.json
diff --git a/...src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilderTest.java b/...src/test/java/io/dongtai/iast/core/handler/hookpoint/models/policy/PolicyBuilderTest.java
@@ -63,8 +63,8 @@ public void run() throws PolicyException {
     @Test
     public void testBuild() throws PolicyException {
         Map<String, List<Integer>> tests = new HashMap<String, List<Integer>>() {{
-            put("policy-node-count-src1-p3-sink1-cls5.json", Arrays.asList(1, 3, 1, 5));
-            put("policy-node-count-src0-p2-sink2-cls2.json", Arrays.asList(0, 2, 2, 2));
+            put("policy-node-count-src0-p2-sink2-policy4-cls2.json", Arrays.asList(0, 2, 2, 4, 2));
+            put("policy-node-count-src1-p3-sink1-policy5-cls4.json", Arrays.asList(1, 3, 1, 5, 4));
         }};
         for (Map.Entry<String, List<Integer>> entry : tests.entrySet()) {
             JSONArray policyConfig = PolicyBuilder.fetchFromFile(POLICY_DIR + entry.getKey());
@@ -75,8 +75,12 @@ public void testBuild() throws PolicyException {
                     policy.getPropagators().size());
             Assert.assertEquals("build sink count " + entry.getKey(), entry.getValue().get(2).intValue(),
                     policy.getSinks().size());
-            Assert.assertEquals("build hook class count" + entry.getKey(), entry.getValue().get(3).intValue(),
+            Assert.assertEquals("build hook policy count" + entry.getKey(), entry.getValue().get(3).intValue(),
                     policy.getPolicyNodesMap().size());
+            Set<String> classes = policy.getClassHooks();
+            classes.addAll(policy.getAncestorClassHooks());
+            Assert.assertEquals("build hook class count" + entry.getKey(), entry.getValue().get(4).intValue(),
+                    classes.size());
         }
 
         PolicyException exception;