Skip to content

Commit

Permalink
Merge pull request #665 from bytedance/feat-version-check
Browse files Browse the repository at this point in the history 
feat process version check
  • Loading branch information
@yoloyyh
yoloyyh authored Jul 25, 2024
2 parents bac50ac + 43180d5 commit 60da438
Show file tree
Hide file tree
Showing 5 changed files with 82 additions and 31 deletions.
19 changes: 19 additions & 0 deletions rasp/librasp/src/jvm.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,25 @@ pub fn vm_version(pid: i32) -> Result<i32> {
};
}

pub fn check_java_version(ver: &String, pid:i32) -> Result<()> {
let ver:u32 = match ver.parse::<u32>() {
Ok(v) => {v}
Err(_) => {0}
};
if ver < 8 {
warn!("process {} Java version lower than 8: {}, so not inject", pid, ver);
let msg = format!("Java version lower than 8: {}, so not inject", ver);
return Err(anyhow!(msg));
} else if ver == 13 || ver == 14 {
// jdk bug https://bugs.openjdk.org/browse/JDK-8222005
warn!("process {} Java version {} has attach bug, so not inject", pid, ver);
let msg = format!("process {} Java version {} has attach bug, so not inject", pid, ver);
return Err(anyhow!(msg));
} else {
return Ok(());
}
}

pub fn prop(pid: i32) -> Result<ProbeState> {
return match jcmd(pid, " VM.system_properties") {
Ok(stdout) => {
Expand Down
30 changes: 28 additions & 2 deletions rasp/librasp/src/manager.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ use log::*;

use crate::cpython::{python_attach, CPythonProbe, CPythonProbeState};
use crate::golang::{golang_attach, GolangProbe, GolangProbeState};
use crate::jvm::{java_attach, java_detach, JVMProbe, JVMProbeState};
use crate::nodejs::{nodejs_attach, NodeJSProbe};
use crate::jvm::{check_java_version, java_attach, java_detach, JVMProbe, JVMProbeState};
use crate::nodejs::{check_nodejs_version, nodejs_attach, NodeJSProbe};
use crate::php::{php_attach, PHPProbeState};
use crate::{
comm::{Control, EbpfMode, ProcessMode, RASPComm, ThreadMode, check_need_mount},
Expand Down Expand Up @@ -334,6 +334,14 @@ impl RASPManager {
Ok(true)
}
ProbeState::NotAttach => {
if !runtime_info.version.is_empty() {
match check_java_version(&runtime_info.version, pid) {
Ok(_) => {}
Err(e) => {
return Err(anyhow!(e));
}
}
}
if self.can_copy(mnt_namespace) {
for from in JVMProbe::names().0.iter() {
self.copy_file_from_to_dest(from.clone(), root_dir.clone())?;
Expand All @@ -342,9 +350,19 @@ impl RASPManager {
self.copy_dir_from_to_dest(from.clone(), root_dir.clone())?;
}
}

java_attach(process_info.pid)

}
ProbeState::AttachedVersionNotMatch => {
if !runtime_info.version.is_empty() {
match check_java_version(&runtime_info.version, pid) {
Ok(_) => {}
Err(e) => {
return Err(anyhow!(e));
}
}
}
let mut diff_ns:bool = false;
match check_need_mount(mnt_namespace) {
Ok(value) => {
Expand Down Expand Up @@ -473,6 +491,14 @@ impl RASPManager {
}
},
"NodeJS" => {
if !runtime_info.version.is_empty() {
match check_nodejs_version(&runtime_info.version) {
Ok(_) => {}
Err(e) => {
return Err(anyhow!(e));
}
}
}
if self.can_copy(mnt_namespace) {
for from in NodeJSProbe::names().0.iter() {
self.copy_file_from_to_dest(from.clone(), root_dir.clone())?;
Expand Down
33 changes: 33 additions & 0 deletions rasp/librasp/src/nodejs.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,3 +150,36 @@ pub fn nodejs_version(pid: i32, nodejs_bin_path: &String) -> Result<(u32, u32, S
};
Ok((major_number, minor_number, String::from(version)))
}

pub fn check_nodejs_version(ver: &String) -> Result<()> {
let major_minor: Option<(u32, u32)> = match ver.split('.').next() {
Some(major_str) => {
if let Ok(major) = major_str.parse::<u32>() {
if let Some(minor_str) = ver.split('.').nth(1) {
if let Ok(minor) = minor_str.parse::<u32>() {
Some((major, minor))
} else {
None
}
} else {
Some((major, 0))
}
} else {
None
}
}
None => None,
};

if let Some((major, minor)) = major_minor {
if major > 8 || (major == 8 && minor >= 6) {
return Ok(());
} else {
let msg = format!("nodejs version lower than 8.6: {}", ver);
return Err(anyhow!(msg));
}
} else {
let msg = format!("nodejs version cannot parse: {}", ver);
return Err(anyhow!(msg));
}
}
29 changes: 1 addition & 28 deletions rasp/librasp/src/runtime.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,28 +112,11 @@ pub trait RuntimeInspect {
Err(e) => info!("Failed to check '+DisableAttachMechanism': {}", e),
}

// https://bugs.openjdk.org/browse/JDK-8292695
// let uptime = count_uptime(process_info.start_time.unwrap()).unwrap_or(0);
// if uptime > 0 && uptime < 5 {
// let interval = 5 - uptime;
// info!("JVM process {} just start, so sleep {} sec", process_info.pid, interval);
// std::thread::sleep(Duration::from_secs(interval));
// }
match Self::check_signal_dispatch(process_info.pid) {
Ok(v) => {
if v == true {
let version = match vm_version(process_info.pid) {
Ok(ver) => {
if ver < 8 {
warn!("process {} Java version lower than 8: {}, so not inject", process_info.pid, ver);
let msg = format!("Java version lower than 8: {}, so not inject", ver);
return Err(anyhow!(msg));
} else if ver == 13 || ver == 14 {
// jdk bug https://bugs.openjdk.org/browse/JDK-8222005
warn!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver);
let msg = format!("process {} Java version {} has attach bug, so not inject", process_info.pid, ver);
return Err(anyhow!(msg));
}
ver.to_string()
}
Err(e) => {
Expand Down Expand Up @@ -193,17 +176,7 @@ pub trait RuntimeInspect {
};
if nodejs_process_filter_check_reuslt {
let version = match nodejs_version(process_info.pid, &process_exe_file) {
Ok((major, minor, v)) => {
if major < 8 {
let msg = format!("nodejs version lower than 8.6: {}", v);
return Err(anyhow!(msg));
}
if major == 8 {
if minor < 6 {
let msg = format!("nodejs version lower than 8.6: {}", v);
return Err(anyhow!(msg));
}
}
Ok((_, _, v)) => {
v
}
Err(e) => {
Expand Down
2 changes: 1 addition & 1 deletion rasp/rasp_server/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ crossbeam = "0.8"
log = "0.4.11"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
tokio = { version = "1.16", features = ["full"] }
tokio = { version = "~1.34", features = ["full"] }
lazy_static = "1.4"
tokio-util = { version = "0.7.0", features = ["full"] }
futures = "0.3"
Expand Down

0 comments on commit 60da438

Please sign in to comment.