From e7bc25928efc086f772042e5df23704b899687b4 Mon Sep 17 00:00:00 2001 From: "novice.li" Date: Wed, 1 May 2024 08:23:01 +0800 Subject: [PATCH 1/4] remove github release script --- .github/workflows/release.yml | 55 ----------------------------------- 1 file changed, 55 deletions(-) delete mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index ed3f9c4..0000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: Maven Build and Release - -on: - workflow_dispatch: - -jobs: - release: - runs-on: ubuntu-latest - permissions: - contents: write - steps: - - name: Checkout Repository - uses: actions/checkout@v2 - - - name: Set up JDK - uses: actions/setup-java@v2 - with: - distribution: 'adopt' - java-version: '8' - - - name: Build with Maven - run: mvn clean package - - - name: Check Latest Release - id: check_latest_release - run: | - LATEST_RELEASE=$(curl -s "https://api.github.com/repos/${{ github.repository }}/releases/latest" | jq -r .id) - echo "::set-output name=latest_release::$LATEST_RELEASE" - - - name: Delete Previous Release - if: steps.check_latest_release.outputs.latest_release != 'null' - run: | - # Get the latest release ID - RELEASE_ID=$(curl -s "https://api.github.com/repos/${{ github.repository }}/releases/latest" | jq -r .id) - - # Delete the release - curl -X DELETE -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/releases/${RELEASE_ID}" - - - name: Set up Git - run: | - git config user.email "novice88@users.noreply.github.com" - git config user.name "novitechie" - - - name: Create Tag - run: git tag -a v${{ github.run_number }} -m "release" - - - name: Push Tag - run: git push origin v${{ github.run_number }} - - - name: Create Release - id: create_release - uses: ncipollo/release-action@v1 - with: - artifacts: "target/privacy.jar" - tag: release \ No newline at end of file From f10a54011f7640e369f2e9246c5aa34f88ceebf5 Mon Sep 17 00:00:00 2001 From: "novice.li" Date: Thu, 2 May 2024 07:47:47 +0800 Subject: [PATCH 2/4] newest --- .../java/com/novitechie/ClassTransformer.java | 37 ------------------- .../java/com/novitechie/LoadClassRule.java | 20 +++++++--- .../java/com/novitechie/PrivacyPlugin.java | 3 +- .../java/com/novitechie/SafeClassWriter.java | 14 +++---- .../java/com/novitechie/StackTraceRule.java | 2 +- .../com/novitechie/VMOptionsTransformer.java | 4 +- 6 files changed, 25 insertions(+), 55 deletions(-) delete mode 100644 src/main/java/com/novitechie/ClassTransformer.java diff --git a/src/main/java/com/novitechie/ClassTransformer.java b/src/main/java/com/novitechie/ClassTransformer.java deleted file mode 100644 index d0e566e..0000000 --- a/src/main/java/com/novitechie/ClassTransformer.java +++ /dev/null @@ -1,37 +0,0 @@ -package com.novitechie; - -import com.janetfilter.core.plugin.MyTransformer; -import jdk.internal.org.objectweb.asm.ClassReader; -import jdk.internal.org.objectweb.asm.ClassWriter; -import jdk.internal.org.objectweb.asm.tree.*; - -import static jdk.internal.org.objectweb.asm.Opcodes.*; - -/** - * @author YeloChick - */ -public class ClassTransformer implements MyTransformer { - - @Override - public String getHookClassName() { - return "java.lang.Class"; - } - - @Override - public byte[] transform(String className, byte[] classBytes, int order) throws Exception { - ClassReader reader = new ClassReader(classBytes); - ClassNode node = new ClassNode(ASM5); - reader.accept(node, 0); - for (MethodNode m : node.methods) { - if ("forName".equals(m.name)) { - InsnList list = new InsnList(); - list.add(new VarInsnNode(ALOAD, 0)); - list.add(new MethodInsnNode(INVOKESTATIC, "com/novitechie/LoadClassRule", "check", "(Ljava/lang/String;)V", false)); - m.instructions.insert(list); - } - } - ClassWriter writer = new SafeClassWriter(null, null, ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS); - node.accept(writer); - return writer.toByteArray(); - } -} diff --git a/src/main/java/com/novitechie/LoadClassRule.java b/src/main/java/com/novitechie/LoadClassRule.java index 4cbbd62..d17391a 100644 --- a/src/main/java/com/novitechie/LoadClassRule.java +++ b/src/main/java/com/novitechie/LoadClassRule.java @@ -1,14 +1,22 @@ package com.novitechie; +import java.util.ArrayList; +import java.util.List; + public class LoadClassRule { + + private static final List PREVENT_LOAD_PACKAGES = new ArrayList() { + { + add("com.novitechie"); + add("com.janetfilter"); + add("jdk.internal.org.objectweb.asm"); + } + }; + public static void check(String name) throws Exception { - if (name.startsWith("com.janetfilter")) { + if (PREVENT_LOAD_PACKAGES.stream().anyMatch(name::startsWith)) { throw new ClassNotFoundException(name); } - if (name.contains("jdk.internal.org.objectweb.asm.Type")) { - if (StackTraceRule.check()) { - throw new ClassNotFoundException(name); - } - } } + } diff --git a/src/main/java/com/novitechie/PrivacyPlugin.java b/src/main/java/com/novitechie/PrivacyPlugin.java index f3bac5d..72ac845 100644 --- a/src/main/java/com/novitechie/PrivacyPlugin.java +++ b/src/main/java/com/novitechie/PrivacyPlugin.java @@ -23,7 +23,6 @@ public class PrivacyPlugin implements PluginEntry { new VMOptionsTransformer(), new PluginClassLoaderTransformer(), new LicensingFacadeTransformer(), - new PluginManagerCoreTransformer(), - new ClassTransformer()); + new PluginManagerCoreTransformer()); } } diff --git a/src/main/java/com/novitechie/SafeClassWriter.java b/src/main/java/com/novitechie/SafeClassWriter.java index 875d1a4..4e6e89d 100644 --- a/src/main/java/com/novitechie/SafeClassWriter.java +++ b/src/main/java/com/novitechie/SafeClassWriter.java @@ -29,13 +29,13 @@ package com.novitechie; -import java.io.IOException; -import java.io.InputStream; - import jdk.internal.org.objectweb.asm.ClassReader; import jdk.internal.org.objectweb.asm.ClassWriter; import jdk.internal.org.objectweb.asm.Opcodes; +import java.io.IOException; +import java.io.InputStream; + /** @@ -146,13 +146,13 @@ public class SafeClassWriter extends ClassWriter { throws IOException { while (!"java/lang/Object".equals(type)) { String[] itfs = info.getInterfaces(); - for (int i = 0; i < itfs.length; ++i) { - if (itfs[i].equals(itf)) { + for (String s : itfs) { + if (s.equals(itf)) { return true; } } - for (int i = 0; i < itfs.length; ++i) { - if (typeImplements(itfs[i], typeInfo(itfs[i]), itf)) { + for (String s : itfs) { + if (typeImplements(s, typeInfo(s), itf)) { return true; } } diff --git a/src/main/java/com/novitechie/StackTraceRule.java b/src/main/java/com/novitechie/StackTraceRule.java index 6ddeb8c..240be65 100644 --- a/src/main/java/com/novitechie/StackTraceRule.java +++ b/src/main/java/com/novitechie/StackTraceRule.java @@ -23,7 +23,7 @@ public class StackTraceRule { for (StackTraceElement stackTraceElement : stackTrace) { if (!PACKAGE_NAME_PATTERN.matcher(stackTraceElement.getMethodName()).matches()) { Calendar calendar = Calendar.getInstance(); - calendar.add(Calendar.DAY_OF_MONTH, 180); + calendar.add(Calendar.DAY_OF_MONTH, 30); return calendar.getTime(); } } diff --git a/src/main/java/com/novitechie/VMOptionsTransformer.java b/src/main/java/com/novitechie/VMOptionsTransformer.java index 6532dfe..f213362 100644 --- a/src/main/java/com/novitechie/VMOptionsTransformer.java +++ b/src/main/java/com/novitechie/VMOptionsTransformer.java @@ -1,8 +1,8 @@ package com.novitechie; import com.janetfilter.core.plugin.MyTransformer; -import jdk.internal.org.objectweb.asm.*; -import jdk.internal.org.objectweb.asm.commons.AdviceAdapter; +import jdk.internal.org.objectweb.asm.ClassReader; +import jdk.internal.org.objectweb.asm.ClassWriter; import jdk.internal.org.objectweb.asm.tree.*; import static jdk.internal.org.objectweb.asm.Opcodes.*; From fac5feab85a8a14a5433b644b9fda69535516b2b Mon Sep 17 00:00:00 2001 From: novice Date: Thu, 6 Jun 2024 12:31:15 +0800 Subject: [PATCH 3/4] readme --- readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/readme.md b/readme.md index c64f89c..39e770c 100644 --- a/readme.md +++ b/readme.md @@ -1,5 +1,4 @@ plugin-privacy A plugin for the ja-netfilter,it protects our VM options file from being read by malicious plugins - Use the `mvn clean package` command to compile and use privacy.jar file! From 9823d58d008ea590cceefdae8c245f91817e57ce Mon Sep 17 00:00:00 2001 From: "novice.li" Date: Tue, 25 Jun 2024 21:25:46 +0800 Subject: [PATCH 4/4] feat: hook readOption for fast api --- .../java/com/novitechie/VMOptionsTransformer.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/novitechie/VMOptionsTransformer.java b/src/main/java/com/novitechie/VMOptionsTransformer.java index f213362..4391cb8 100644 --- a/src/main/java/com/novitechie/VMOptionsTransformer.java +++ b/src/main/java/com/novitechie/VMOptionsTransformer.java @@ -23,11 +23,22 @@ public class VMOptionsTransformer implements MyTransformer { InsnList list = new InsnList(); list.add(new MethodInsnNode(INVOKESTATIC, "com/novitechie/StackTraceRule", "check", "()Z", false)); LabelNode labelNode = new LabelNode(); - list.add(new JumpInsnNode(IFEQ,labelNode)); + list.add(new JumpInsnNode(IFEQ, labelNode)); list.add(new InsnNode(ACONST_NULL)); list.add(new InsnNode(ARETURN)); list.add(labelNode); m.instructions.insert(list); + } else if ("readOption".equals(m.name) && "(Ljava/lang/String;Z)Ljava/lang/String;".equals(m.desc)) { + InsnList list = new InsnList(); + LabelNode continueLabel = new LabelNode(); + list.add(new VarInsnNode(ALOAD, 0)); + list.add(new LdcInsnNode("javaagent")); + list.add(new MethodInsnNode(INVOKEVIRTUAL, "java/lang/String", "contains", "(Ljava/lang/CharSequence;)Z", false)); + list.add(new JumpInsnNode(IFEQ, continueLabel)); + list.add(new InsnNode(ACONST_NULL)); + list.add(new InsnNode(ARETURN)); + list.add(continueLabel); + m.instructions.insert(list); } } ClassWriter writer = new ClassWriter(ClassWriter.COMPUTE_FRAMES | ClassWriter.COMPUTE_MAXS);