baidu · ZouJiaNan · Nov 8, 2022
diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/ServerDetectorManager.java
@@ -46,6 +46,7 @@ private ServerDetectorManager() {
         detectors.add(new TongWebDetector());
         detectors.add(new TongWeb7Detector());
         detectors.add(new BESDetector());
+        detectors.add(new TongWebEmbedDetector());
 
     }
 

diff --git a/agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java b/agent/java/engine/src/main/java/com/baidu/openrasp/detector/TongWebEmbedDetector.java
@@ -0,0 +1,35 @@
+package com.baidu.openrasp.detector;
+
+import com.baidu.openrasp.tool.Reflection;
+import com.baidu.openrasp.tool.model.ApplicationModel;
+
+import java.security.ProtectionDomain;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:12
+ */
+public class TongWebEmbedDetector extends ServerDetector{
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/Server".equals(className);
+    }
+
+    @Override
+    public boolean handleServerInfo(ClassLoader classLoader, ProtectionDomain domain) {
+        String version = "";
+        try {
+            if (classLoader == null) {
+                classLoader = ClassLoader.getSystemClassLoader();
+            }
+            Class clazz = classLoader.loadClass("com.tongweb.container.util.ServerInfo");
+            version = (String) Reflection.invokeMethod(null, clazz, "getServerNumber", new Class[]{});
+            ApplicationModel.setServerInfo("tongweb", version);
+            return true;
+        } catch (Throwable t) {
+            logDetectError("handle Tongweb startup failed", t);
+        }
+        return false;
+    }
+}
diff --git a/...n/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java b/...n/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedApplicationFilterHook.java
@@ -0,0 +1,29 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerRequestHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:09
+ */
+@HookAnnotation
+public class TongWebEmbedApplicationFilterHook extends ServerRequestHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/core/ApplicationFilterChain".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String src = getInvokeStaticSrc(ServerRequestHook.class, "checkRequest", "$0,$1,$2", Object.class, Object.class,
+                Object.class);
+        insertBefore(ctClass, "doFilter", null, src);
+    }
+}
diff --git a/.../main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java b/.../main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedCoyoteAdapterHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerPreRequestHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:07
+ */
+@HookAnnotation
+public class TongWebEmbedCoyoteAdapterHook extends ServerPreRequestHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertBefore(ctClass, "service", null, src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/CoyoteAdapter".equals(className);
+    }
+}
diff --git a/.../src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java b/.../src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedHttpInputHook.java
@@ -0,0 +1,27 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerInputHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:04
+ */
+@HookAnnotation
+public class TongWebEmbedHttpInputHook extends ServerInputHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return false;
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+
+    }
+}
diff --git a/...src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java b/...src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestEndHook.java
@@ -0,0 +1,28 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerRequestEndHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 15:32
+ */
+@HookAnnotation
+public class TongWebEmbedRequestEndHook extends ServerRequestEndHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/core/ApplicationFilterChain".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String requestEndSrc = getInvokeStaticSrc(ServerRequestEndHook.class, "checkRequestEnd", "");
+        insertAfter(ctClass, "doFilter", null, requestEndSrc, true);
+    }
+}
diff --git a/...ne/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java b/...ne/src/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedRequestHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerParamHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 14:53
+ */
+@HookAnnotation
+public class TongWebEmbedRequestHook extends ServerParamHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertAfter(ctClass, "parseParameters", "()V", src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/Request".equals(className);
+    }
+}
diff --git a/...c/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java b/...c/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongWebEmbedResponseBodyHook.java
@@ -0,0 +1,31 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerParamHook;
+import com.baidu.openrasp.hook.server.ServerResponseBodyHook;
+import com.baidu.openrasp.hook.server.catalina.CatalinaResponseBodyHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+import java.io.IOException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 15:05
+ */
+@HookAnnotation
+public class TongWebEmbedResponseBodyHook extends ServerResponseBodyHook {
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/connector/Response".equals(className);
+    }
+
+    @Override
+    protected void hookMethod(CtClass ctClass) throws IOException, CannotCompileException, NotFoundException {
+        String src = getInvokeStaticSrc(CatalinaResponseBodyHook.class, "getBuffer", "$0,$1", Object.class, Object.class);
+        insertBefore(ctClass, "doWrite", "(Lorg/apache/tomcat/util/buf/ByteChunk;)V", src);
+        insertBefore(ctClass, "doWrite", "(Ljava/nio/ByteBuffer;)V", src);
+    }
+}
diff --git a/...c/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java b/...c/main/java/com/baidu/openrasp/hook/server/tongwebEmbed/TongwebEmbedOutputBufferHook.java
@@ -0,0 +1,25 @@
+package com.baidu.openrasp.hook.server.tongwebEmbed;
+
+import com.baidu.openrasp.hook.server.ServerOutputCloseHook;
+import com.baidu.openrasp.tool.annotation.HookAnnotation;
+import javassist.CannotCompileException;
+import javassist.CtClass;
+import javassist.NotFoundException;
+
+/**
+ * @description:
+ * @author: ZouJiaNan
+ * @date: 2022/11/2 16:02
+ */
+@HookAnnotation
+public class TongwebEmbedOutputBufferHook extends ServerOutputCloseHook {
+    @Override
+    protected void hookMethod(CtClass ctClass, String src) throws NotFoundException, CannotCompileException {
+        insertBefore(ctClass, "close", "()V", src);
+    }
+
+    @Override
+    public boolean isClassMatched(String className) {
+        return "com/tongweb/container/connector/OutputBuffer".equals(className);
+    }
+}