2

我使用 maven 编辑了一个简单的 jetty Web 应用程序。我尝试将以下规则脚本注入 java.sql.Statement.executeQuery(String)。

RULE trace java.sql.Statement.executeQuery enter
INTERFACE ^java.sql.Statement
METHOD executeQuery(String)
AT ENTRY
IF debug("trace executeQuery(String)")
DO traceln("enter executeQuery...")
ENDRULE

RULE trace java.sql.Statement.executeUpdate enter
INTERFACE ^java.sql.Statement
METHOD executeUpdate(String)
AT ENTRY
IF TRUE
DO traceln("entering executeUpdate")
ENDRULE

我安装这些脚本。如下:

C:\Users\ln13277429609\Desktop\gitcode\git-study\byteman-aop-version2\security_taint_webapp>bmsubmit -l src/main/resources/traceExecuteQuery.
btm
install rule trace java.sql.Statement.executeQuery enter
install rule trace java.sql.Statement.executeUpdate enter

我使用 mvn jetty:run-forked 启动这个 Web 应用程序。它的jvmArgs如下:

<jvmArgs>-javaagent:C:\Users\ln13277429609\.m2\repository\org\jboss\byteman\byteman\4.0.16\byteman-4.0.16.jar=listener:true,boot:C:\Users\ln13277429609\.m2\repository\org\jboss\byteman\byteman\4.0.16\byteman-4.0.16.jar -Dorg.jboss.byteman.transform.all -Dorg.jboss.byteman.verbose -Dorg.jboss.byteman.debug</jvmArgs>

当我发布请求时,控制台中发生了错误。这些日志消息如下。

[STDOUT] AccessManager:init Initialising default AccessManager
[STDOUT] TransformListener() : accepting requests on localhost:9091
[STDERR] 2021-08-15 20:49:48.802:INFO::main: Logging initialized @388ms to org.eclipse.jetty.util.log.StdErrLog
[STDERR] 2021-08-15 20:49:48.990:INFO:oejmp.Starter:main: Started Jetty Server
[STDERR] 2021-08-15 20:49:48.990:INFO:oejs.Server:main: jetty-9.4.3.v20170317
[STDERR] 2021-08-15 20:49:49.554:INFO:oejs.session:main: DefaultSessionIdManager workerName=node0
[STDERR] 2021-08-15 20:49:49.554:INFO:oejs.session:main: No SessionScavenger set, using defaults
[STDERR] 2021-08-15 20:49:49.554:INFO:oejs.session:main: Scavenging every 660000ms
[STDERR] 2021-08-15 20:49:50.364:INFO:oejsh.ContextHandler:main: Started o.e.j.m.p.JettyWebAppContext@5ba23b66{/taintwebapp,[file:///C:/Users
/ln13277429609/Desktop/gitcode/git-study/byteman-aop-version2/security_taint_webapp/src/main/webapp/],AVAILABLE}
[STDERR] 2021-08-15 20:49:50.396:INFO:oejs.AbstractConnector:main: Started ServerConnector@50a638b5{HTTP/1.1,[http/1.1]}{0.0.0.0:8080}
[STDOUT] -FQOF8GQQXS5U
[STDERR] 2021-08-15 20:49:50.396:INFO:oejs.Server:main: Started @1978ms
[STDOUT] com.mysql.jdbc.JDBC4Connection@6d234c29
[STDOUT] select * from user where loginname='admin' and password='123' and pin='456'
[STDOUT] TransformListener() : handling connection on port 9091
[STDOUT] retransforming com.mysql.jdbc.PreparedStatement
[STDOUT] retransforming com.mysql.jdbc.StatementImpl
[STDOUT] org.jboss.byteman.agent.Transformer : possible trigger for rule trace java.sql.Statement.executeUpdate enter in class com.mysql.jdbc
.StatementImpl
[STDOUT] RuleTriggerMethodAdapter.injectTriggerPoint : inserting trigger into com.mysql.jdbc.StatementImpl.executeUpdate(java.lang.String) in
t for rule trace java.sql.Statement.executeUpdate enter
[STDOUT] org.jboss.byteman.agent.Transformer : inserted trigger for trace java.sql.Statement.executeUpdate enter in class com.mysql.jdbc.Stat
ementImpl
[STDOUT] org.jboss.byteman.agent.Transformer : possible trigger for rule trace java.sql.Statement.executeQuery enter in class com.mysql.jdbc.
StatementImpl
[STDOUT] RuleTriggerMethodAdapter.injectTriggerPoint : inserting trigger into com.mysql.jdbc.StatementImpl.executeQuery(java.lang.String) jav
a.sql.ResultSet for rule trace java.sql.Statement.executeQuery enter
[STDOUT] exits unaccounted for in block B30
[STDOUT] org.jboss.byteman.agent.Transformer : unexpected error injecting trigger for rule trace java.sql.Statement.executeQuery enter into c
lass com.mysql.jdbc.StatementImpl
[STDOUT] java.lang.NullPointerException
[STDOUT] java.lang.NullPointerException
[STDOUT]        at org.jboss.byteman.agent.adapter.cfg.CFG.computeContainment(CFG.java:1206)
[STDOUT]        at org.jboss.byteman.agent.adapter.cfg.CFG.carryForward(CFG.java:1042)
[STDOUT]        at org.jboss.byteman.agent.adapter.cfg.CFG.split(CFG.java:1320)
[STDOUT]        at org.jboss.byteman.agent.adapter.RuleTriggerMethodAdapter.visitInsn(RuleTriggerMethodAdapter.java:688)
[STDOUT]        at org.jboss.byteman.agent.adapter.EntryTriggerAdapter$EntryTriggerMethodAdapter.visitInsn(EntryTriggerAdapter.java:133)
[STDOUT]        at org.jboss.byteman.objectweb.asm.tree.InsnNode.accept(InsnNode.java:65)
[STDOUT]        at org.jboss.byteman.objectweb.asm.tree.InsnList.accept(InsnList.java:144)
[STDOUT]        at org.jboss.byteman.objectweb.asm.tree.MethodNode.accept(MethodNode.java:751)
[STDOUT]        at org.jboss.byteman.objectweb.asm.commons.JSRInlinerAdapter.visitEnd(JSRInlinerAdapter.java:158)
[STDOUT]        at org.jboss.byteman.objectweb.asm.ClassReader.readMethod(ClassReader.java:1495)
[STDOUT]        at org.jboss.byteman.objectweb.asm.ClassReader.accept(ClassReader.java:721)
[STDOUT]        at org.jboss.byteman.objectweb.asm.ClassReader.accept(ClassReader.java:401)
[STDOUT]        at org.jboss.byteman.agent.TransformContext.transform(TransformContext.java:152)
[STDOUT]        at org.jboss.byteman.agent.Transformer.transform(Transformer.java:757)
[STDOUT]        at org.jboss.byteman.agent.Transformer.tryTransform(Transformer.java:824)
[STDOUT]        at org.jboss.byteman.agent.Transformer.tryTransform(Transformer.java:796)
[STDOUT]        at org.jboss.byteman.agent.Transformer.transform(Transformer.java:302)
[STDOUT]        at sun.instrument.TransformerManager.transform(TransformerManager.java:188)
[STDOUT]        at sun.instrument.InstrumentationImpl.transform(InstrumentationImpl.java:428)
[STDOUT]        at sun.instrument.InstrumentationImpl.retransformClasses0(Native Method)
[STDOUT]        at sun.instrument.InstrumentationImpl.retransformClasses(InstrumentationImpl.java:144)
[STDOUT]        at org.jboss.byteman.agent.Retransformer.installScript(Retransformer.java:151)
[STDOUT]        at org.jboss.byteman.agent.TransformListener.handleScripts(TransformListener.java:351)
[STDOUT]        at org.jboss.byteman.agent.TransformListener.loadScripts(TransformListener.java:274)
[STDOUT]        at org.jboss.byteman.agent.TransformListener.handleConnection(TransformListener.java:226)
[STDOUT]        at org.jboss.byteman.agent.TransformListener.run(TransformListener.java:156)
[STDOUT] com.mysql.jdbc.JDBC4Connection@51fd5918
[STDOUT] select * from user where loginname='admin' and password='123' and pin='456'

我发现一些脚本成功注入 java.sql.Statement.executeUpdate,但不适用于 executeQuery。那么,我该如何解决这个问题呢?

4

1 回答 1

0

mysql-connector-java-8.0.26.jar,Tomcat 7.0.99,jdk1.8.0_241,byteman 4.0.13 这是我的测试环境。我编辑了一个简单的 java web。我很高兴解决问题。我只将 mysql-connector-java-5.0.38.jar 转换为 mysql-connector-java-8.0.26.jar 来解决这个bug。我提交以下规则脚本:

RULE trace java.sql.Statement.executeQuery enter
INTERFACE ^java.sql.Statement
METHOD executeQuery(String)
AT ENTRY
IF debug("trace executeQuery(String)")
DO traceln("enter executeQuery..."+$1)
ENDRULE

以下日志表明向 executeQuery 方法注入了副作用。

TransformListener() : handling connection on port 9091
org.jboss.byteman.agent.Transformer : possible trigger for rule trace java.sql.Statement.executeQuery enter in class com.mysql.cj.jdbc.StatementImpl
RuleTriggerMethodAdapter.injectTriggerPoint : inserting trigger into com.mysql.cj.jdbc.StatementImpl.executeQuery(java.lang.String) java.sql.ResultSet for rule trace java.sql.Statement.executeQuery enter
org.jboss.byteman.agent.Transformer : inserted trigger for trace java.sql.Statement.executeQuery enter in class com.mysql.cj.jdbc.StatementImpl
com.mysql.cj.jdbc.ConnectionImpl@7e00f47b
select * from user where loginname='admin' and password='123' and pin='456'
Rule.execute called for trace java.sql.Statement.executeQuery enter_0:0
HelperManager.install for helper class org.jboss.byteman.rule.helper.Helper
calling activated() for helper class org.jboss.byteman.rule.helper.Helper
Default helper activated
calling installed(trace java.sql.Statement.executeQuery enter) for helper classorg.jboss.byteman.rule.helper.Helper
Installed rule using default helper : trace java.sql.Statement.executeQuery enter
trace java.sql.Statement.executeQuery enter execute
rule.debug{trace java.sql.Statement.executeQuery enter_0:0} : trace executeQuery(String)
enter executeQuery...select * from user where loginname='admin' and password='123' and pin='456'

虽然bug解决了,但是我觉得环境设置比较难。当然,我不知道那里发生错误的原因

于 2021-09-20T02:46:58.993 回答