diff --git a/JavaProbe/JavaProbe.iml b/JavaProbe/JavaProbe.iml
index 40f28ff..2eef7d6 100644
--- a/JavaProbe/JavaProbe.iml
+++ b/JavaProbe/JavaProbe.iml
@@ -11,6 +11,10 @@
+
+
+
+
\ No newline at end of file
diff --git a/JavaProbe/out/artifacts/JavaProbe_jar/JavaProbe.jar b/JavaProbe/out/artifacts/JavaProbe_jar/JavaProbe.jar
deleted file mode 100644
index d6839f1..0000000
Binary files a/JavaProbe/out/artifacts/JavaProbe_jar/JavaProbe.jar and /dev/null differ
diff --git a/JavaProbe/pom.xml b/JavaProbe/pom.xml
index a5200d2..c7351e1 100644
--- a/JavaProbe/pom.xml
+++ b/JavaProbe/pom.xml
@@ -3,7 +3,6 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
-
groupId
JavaProb
1.0-SNAPSHOT
@@ -15,17 +14,17 @@
4.12
test
-
- commons-io
- commons-io
- 2.6
-
org.springframework.boot
spring-boot-loader
2.1.3.RELEASE
- provided
+
+
+ commons-io
+ commons-io
+ 2.6
+
-
+
\ No newline at end of file
diff --git a/JavaProbe/src/entity/DependencyInfo.java b/JavaProbe/src/entity/DependencyInfo.java
new file mode 100644
index 0000000..f9bceea
--- /dev/null
+++ b/JavaProbe/src/entity/DependencyInfo.java
@@ -0,0 +1,39 @@
+package entity;
+
+/**
+ * @author fate
+ * @date 2019-11-12 下午6:30
+ * 依赖信息实体
+ */
+public class DependencyInfo {
+
+ private String version;
+
+ private String groupId;
+
+ private String artifactId;
+
+ public String getVersion() {
+ return version;
+ }
+
+ public void setVersion(String version) {
+ this.version = version;
+ }
+
+ public String getGroupId() {
+ return groupId;
+ }
+
+ public void setGroupId(String groupId) {
+ this.groupId = groupId;
+ }
+
+ public String getArtifactId() {
+ return artifactId;
+ }
+
+ public void setArtifactId(String artifactId) {
+ this.artifactId = artifactId;
+ }
+}
diff --git a/JavaProbe/src/entity/JvmInfo.java b/JavaProbe/src/entity/JvmInfo.java
index 131c9fe..23ff939 100644
--- a/JavaProbe/src/entity/JvmInfo.java
+++ b/JavaProbe/src/entity/JvmInfo.java
@@ -1,5 +1,6 @@
package entity;
+import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -35,6 +36,16 @@ public class JvmInfo {
private Map jarPathMap = new HashMap(); // 存放可能存在jar的路径呀
+ private List dependencyInfoList = new ArrayList(); // 存放jar包依赖,用于生成依赖文件,方便对整个应用进行漏洞跟踪
+
+ public List getDependencyInfoList() {
+ return dependencyInfoList;
+ }
+
+ public void setDependencyInfoList(List dependencyInfoList) {
+ this.dependencyInfoList = dependencyInfoList;
+ }
+
public String getExceTime() {
return exceTime;
}
diff --git a/JavaProbe/src/maven/EasyJarHandle.java b/JavaProbe/src/maven/EasyJarHandle.java
new file mode 100644
index 0000000..f4a427e
--- /dev/null
+++ b/JavaProbe/src/maven/EasyJarHandle.java
@@ -0,0 +1,67 @@
+package maven;
+
+import common.CommonUtil;
+import entity.DependencyInfo;
+
+import java.io.File;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+/**
+ * @author fate
+ * @date 2019-11-22 下午12:05
+ */
+public class EasyJarHandle {
+
+ /**
+ * 获取依赖信息
+ * @param jarpath jar文件路径
+ * @param dependencyInfoList 存放依赖包数据的list
+ * @return
+ */
+ public static List getDependencyInfo(String jarpath, List dependencyInfoList) {
+
+ try {
+
+ File jarDict = new File(jarpath.replace("file:","").replace("WEB-INF/classes/", "WEB-INF/lib/"));
+
+ for (File file : jarDict.listFiles()) {
+
+ if (file.isFile() && file.getName().endsWith(".jar")) {
+
+ JarFile jarFile = new JarFile(file);
+
+ Enumeration jarEntryEnumeration = jarFile.entries();
+
+ while (jarEntryEnumeration.hasMoreElements()) {
+
+ JarEntry jarEntry= jarEntryEnumeration.nextElement();
+
+ if (jarEntry.getName().endsWith("/pom.properties")) {
+
+ Properties prop = new Properties();
+ prop.load(jarFile.getInputStream(jarEntry));
+
+ DependencyInfo dependencyInfo = new DependencyInfo(); // 存放依赖信息
+ dependencyInfo.setArtifactId(prop.getProperty("artifactId"));
+ dependencyInfo.setGroupId(prop.getProperty("groupId"));
+ dependencyInfo.setVersion(prop.getProperty("version"));
+
+ dependencyInfoList.add(dependencyInfo);
+ }
+ }
+ }
+ }
+ }
+ catch (Exception e) {
+
+ CommonUtil.writeStr("/tmp/jvm_error.txt","getDependencyInfo_byeasy:\t" + e.getMessage());
+ }
+
+ return dependencyInfoList;
+ }
+
+}
diff --git a/JavaProbe/src/maven/FatJarHandle.java b/JavaProbe/src/maven/FatJarHandle.java
new file mode 100644
index 0000000..d31f905
--- /dev/null
+++ b/JavaProbe/src/maven/FatJarHandle.java
@@ -0,0 +1,106 @@
+package maven;
+import common.CommonUtil;
+import entity.DependencyInfo;
+import org.springframework.boot.loader.jar.JarFile; // 偷懒 直接使用springboot的
+import java.io.File;
+import java.util.Enumeration;
+import java.util.List;
+import java.util.Properties;
+import java.util.jar.JarEntry;
+
+/**
+ * @author fate
+ * @date 2019-11-22 上午11:38
+ * 用于处理fat jar资源的获取
+ */
+public class FatJarHandle {
+
+ /**
+ * fat jar 依赖文件的获取,多用于处理springboot打包的jar 传入的path是这样的 jar:file:/home/q/system/java/live/build/libs/live-33541.a12ed7cc.jar!/BOOT-INF/classes!/
+ * @param jarpath
+ * @param dependencyInfoList
+ * @return
+ */
+ public static List getDependencyInfo(String jarpath, List dependencyInfoList) {
+
+ try {
+
+ JarFile jarFile = new JarFile(new File(getROOTJar(jarpath)));
+
+ Enumeration jarEntryEnumeration = jarFile.entries();
+
+ while (jarEntryEnumeration.hasMoreElements()) {
+
+ JarEntry jarEntry = jarEntryEnumeration.nextElement();
+
+ if (jarEntry.getName().endsWith(".jar")) { // 这里就暂时不匹配BOOT-INF/lib,考虑通用性
+
+ JarFile inJarFile = jarFile.getNestedJarFile(jarEntry);
+ DependencyInfo dependencyInfo = getJarInJardependcyInfo(inJarFile); // 获取资源
+
+ if (dependencyInfo != null) dependencyInfoList.add(dependencyInfo);
+
+ }
+ }
+
+ }
+ catch (Exception e) {
+
+ CommonUtil.writeStr("/tmp/jvm_error.txt","getDependencyInfo:\t" + e.getMessage());
+ }
+
+ return dependencyInfoList;
+ }
+
+ /**
+ * 获取Jarinjar中的资源
+ * @param jarFile
+ * @return
+ */
+ public static DependencyInfo getJarInJardependcyInfo(JarFile jarFile) {
+
+ try {
+
+ Enumeration jarEntryEnumeration = jarFile.entries();
+
+ while (jarEntryEnumeration.hasMoreElements()) {
+
+ JarEntry jarEntry= jarEntryEnumeration.nextElement();
+
+ if (jarEntry.getName().endsWith("/pom.properties")) {
+
+ Properties prop = new Properties();
+ prop.load(jarFile.getInputStream(jarEntry));
+
+ DependencyInfo dependencyInfo = new DependencyInfo(); // 存放依赖信息
+ dependencyInfo.setArtifactId(prop.getProperty("artifactId"));
+ dependencyInfo.setGroupId(prop.getProperty("groupId"));
+ dependencyInfo.setVersion(prop.getProperty("version"));
+
+ return dependencyInfo;
+ }
+ }
+
+ }
+ catch (Exception e) {
+
+ CommonUtil.writeStr("/tmp/jvm_error.txt","getJarInJardependcyInfo:\t" + e.getMessage());
+ }
+
+ return null;
+
+ }
+
+ /**
+ * 获取rootjar资源路径
+ * @param jarPath
+ * @return
+ */
+ public static String getROOTJar(String jarPath) {
+
+ jarPath = jarPath.split(".jar!/")[0].replace("jar:file:","");
+
+ return jarPath + ".jar";
+ }
+
+}
\ No newline at end of file
diff --git a/JavaProbe/src/maven/MavenHandle.java b/JavaProbe/src/maven/MavenHandle.java
new file mode 100644
index 0000000..e285757
--- /dev/null
+++ b/JavaProbe/src/maven/MavenHandle.java
@@ -0,0 +1,54 @@
+package maven;
+
+import common.CommonUtil;
+import entity.DependencyInfo;
+import entity.JvmInfo;
+import org.springframework.boot.loader.jar.Handler;
+
+import java.util.*;
+
+/**
+ * @author fate
+ * @date 2019-11-08 上午12:31
+ * 从jvm实例中构建pom.xml
+ */
+public class MavenHandle extends Handler {
+
+ /**
+ * 获取jar读取到的依赖 用于针对于应用的漏洞(风险)管理
+ * @param jvmInfo
+ * @return
+ */
+ public JvmInfo getMavenResult(JvmInfo jvmInfo) {
+
+ try {
+
+ List dependencyInfos = new ArrayList();
+
+ for(Map.Entry entry : jvmInfo.getJarPathMap().entrySet()){
+
+ String targetJar = entry.getKey().trim();
+
+ if (targetJar.endsWith("!/")) {
+
+ FatJarHandle.getDependencyInfo(targetJar,dependencyInfos);
+ //System.out.println("胖头鱼走起");
+ }
+ else {
+
+ EasyJarHandle.getDependencyInfo(targetJar,dependencyInfos);
+ //System.out.println("easyjar 走起");
+ }
+ }
+
+ jvmInfo.setDependencyInfoList(dependencyInfos);
+ }
+ catch (Exception e) {
+
+ CommonUtil.writeStr("/tmp/jvm_error.txt","getMavenResult:\t" + e.getMessage());
+ }
+
+ return jvmInfo;
+ }
+}
+
diff --git a/JavaProbe/src/newagent/NewAgentMain.java b/JavaProbe/src/newagent/NewAgentMain.java
index d9ef139..7c2fe66 100644
--- a/JavaProbe/src/newagent/NewAgentMain.java
+++ b/JavaProbe/src/newagent/NewAgentMain.java
@@ -7,6 +7,7 @@
import com.sun.tools.attach.VirtualMachine;
import com.sun.tools.attach.VirtualMachineDescriptor;
import entity.ResultInfo;
+import maven.MavenHandle;
import org.apache.commons.io.FileUtils;
import runuser.RunHandle;
@@ -36,7 +37,7 @@ public static void main(String[] args) throws InterruptedException {
if (!"root".equals(runUser.toLowerCase().trim())) {
- System.out.println("在没有指定运行用户的模式下,必须使用root用户运行!");
+ System.out.println("在没有指定运行用户的模式下,必须使用root用户运行!"); // 样子货
System.exit(0);
}
@@ -74,6 +75,7 @@ public static void main(String[] args) throws InterruptedException {
public static String getResultFile() {
String resultStr = null;
+ MavenHandle mavenHandle = new MavenHandle(); // 处理依赖
ResultInfo resultInfo = new ResultInfo();
resultInfo.setHostname(getHostName());
@@ -100,12 +102,19 @@ public static String getResultFile() {
// 处理springboot的方法
springBootHandle(jvmInfot);
- jvmInfot.getErrorList().clear(); // 把异常都抛掉
+ // 清理掉所有的class数据,如果还需要收集的话可以注释下面的代码,这个一般是为了在没有jar的情况下去确定组件、应急排查rce加载的恶意class,判断高风险class
+ //jvmInfot.getClassFileList().clear();
+ // 把异常都抛掉
+ jvmInfot.getErrorList().clear();
+ // 获取依赖内容
+ mavenHandle.getMavenResult(jvmInfot);
+ // 添加到结果
resultInfo.getJvmInfoList().add(jvmInfot);
+
+ Runtime.getRuntime().exec("")
}
}
}
-
}
}
@@ -234,14 +243,12 @@ public static void springBootHandle(JvmInfo jvmInfo) {
springBootLibget(jvmInfo, jarPath.substring(0,jarPath.indexOf("jar!")+3));
}
}
-
}
catch (Exception e) {
CommonUtil.writeStr("/tmp/jvm_error.txt","jqjq\t" + e.getMessage());
System.out.println(e.getMessage());
}
-
}
/**
diff --git a/JavaProbe/target/classes/META-INF/JavaProbe.kotlin_module b/JavaProbe/target/classes/META-INF/JavaProbe.kotlin_module
deleted file mode 100644
index 2983af7..0000000
Binary files a/JavaProbe/target/classes/META-INF/JavaProbe.kotlin_module and /dev/null differ
diff --git a/JavaProbe/target/classes/META-INF/MANIFEST.MF b/JavaProbe/target/classes/META-INF/MANIFEST.MF
deleted file mode 100644
index a97696b..0000000
--- a/JavaProbe/target/classes/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,4 +0,0 @@
-Manifest-Version: 1.0
-Main-Class: newagent.NewAgentMain
-Agent-Class: newagent.HookMain
-Can-Redefine-Classes: true
diff --git a/JavaProbe/target/classes/common/CommonUtil.class b/JavaProbe/target/classes/common/CommonUtil.class
deleted file mode 100644
index 03c16b0..0000000
Binary files a/JavaProbe/target/classes/common/CommonUtil.class and /dev/null differ
diff --git a/JavaProbe/target/classes/entity/JvmInfo.class b/JavaProbe/target/classes/entity/JvmInfo.class
deleted file mode 100644
index 8b25f73..0000000
Binary files a/JavaProbe/target/classes/entity/JvmInfo.class and /dev/null differ
diff --git a/JavaProbe/target/classes/entity/ResultInfo.class b/JavaProbe/target/classes/entity/ResultInfo.class
deleted file mode 100644
index 02d3678..0000000
Binary files a/JavaProbe/target/classes/entity/ResultInfo.class and /dev/null differ
diff --git a/JavaProbe/target/classes/entity/RunUserInfo.class b/JavaProbe/target/classes/entity/RunUserInfo.class
deleted file mode 100644
index bd8f336..0000000
Binary files a/JavaProbe/target/classes/entity/RunUserInfo.class and /dev/null differ
diff --git a/JavaProbe/target/classes/newagent/HookMain.class b/JavaProbe/target/classes/newagent/HookMain.class
deleted file mode 100644
index 449de8d..0000000
Binary files a/JavaProbe/target/classes/newagent/HookMain.class and /dev/null differ
diff --git a/JavaProbe/target/classes/newagent/NewAgentMain.class b/JavaProbe/target/classes/newagent/NewAgentMain.class
deleted file mode 100644
index 24450d1..0000000
Binary files a/JavaProbe/target/classes/newagent/NewAgentMain.class and /dev/null differ
diff --git a/JavaProbe/target/classes/runuser/RunHandle.class b/JavaProbe/target/classes/runuser/RunHandle.class
deleted file mode 100644
index 6a521e8..0000000
Binary files a/JavaProbe/target/classes/runuser/RunHandle.class and /dev/null differ