增加socket hook模块 实现socket层拦截SSRF

liergou9981 · liergou9981 · commit fa48badb1edc · 2020-04-04T02:27:05.000+08:00
diff --git a/src/main/java/org/joychou/security/SSRFChecker.java b/src/main/java/org/joychou/security/SSRFChecker.java
@@ -5,6 +5,8 @@
 import java.net.URI;
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 import org.apache.commons.net.util.SubnetUtils;
 import org.joychou.config.WebConfig;
@@ -14,6 +16,7 @@
 class SSRFChecker {
 
     private static Logger logger = LoggerFactory.getLogger(SSRFChecker.class);
+    private final static Pattern IP_PATTERN = Pattern.compile("((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)");
 
     static boolean checkURLFckSSRF(String url) {
         if (null == url){
@@ -122,7 +125,7 @@ static boolean isInnerIPByUrl(String url) {
      * @param strIP ip字符串
      * @return 如果是内网ip，返回true，否则返回false。
      */
-    private static boolean isInnerIp(String strIP){
+     static boolean isInnerIp(String strIP){
 
         ArrayList<String> blackSubnets= WebConfig.getSsrfBlockIps();
 
@@ -176,4 +179,14 @@ private static String url2host(String url) {
         }
 
     }
+
+    /**
+     * 匹配ip
+     * @return
+     */
+     static String getIpFromStr(String ipStr){
+        Matcher matcher = IP_PATTERN.matcher(ipStr);
+        System.out.println(matcher.find());
+        return matcher.group();
+    }
 }
diff --git a/src/main/java/org/joychou/security/SecurityUtil.java b/src/main/java/org/joychou/security/SecurityUtil.java
@@ -4,6 +4,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.net.URLDecoder;
@@ -118,6 +119,29 @@ public static boolean checkSSRFWithoutRedirect(String url) {
         return !SSRFChecker.isInnerIPByUrl(url);
     }
 
+    /**
+     * @Author liergou
+     * @Description 基于Socket hook 进行SSRF检测拦截
+     * @Date 2:15 2020/4/4
+     * @Param []
+     * @return void
+     **/
+    public static void startSSRFHook() throws NoSuchFieldException, IOException {
+        SocketHook.startHook();
+    }
+
+    /**
+     * @Author liergou
+     * @Description 关闭Socket hook
+     * @Date 2:15 2020/4/4
+     * @Param []
+     * @return void
+     **/
+    public static void stopSSRFHook(){
+        SocketHook.stopHook();
+    }
+
+
 
     /**
      * Filter file path to prevent path traversal vulns.
diff --git a/src/main/java/org/joychou/security/SocketHook.java b/src/main/java/org/joychou/security/SocketHook.java
@@ -0,0 +1,25 @@
+package org.joychou.security;
+
+import java.io.IOException;
+import java.net.Socket;
+import java.net.SocketException;
+
+/**
+ * @Author liergou
+ * @Description Socket hook开关自如
+ * @Date 2:12 2020/4/4
+ **/
+class SocketHook {
+    static void startHook() throws NoSuchFieldException, IOException {
+        SocketHookFactory.initSocket();
+        SocketHookFactory.setHook(true);
+        try{
+            Socket.setSocketImplFactory(new SocketHookFactory());
+        }catch (SocketException ignored){
+        }
+    }
+
+    static void stopHook(){
+        SocketHookFactory.setHook(false);
+    }
+}
diff --git a/src/main/java/org/joychou/security/SocketHookFactory.java b/src/main/java/org/joychou/security/SocketHookFactory.java
@@ -0,0 +1,77 @@
+package org.joychou.security;
+
+
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.net.Socket;
+import java.net.SocketImpl;
+import java.net.SocketImplFactory;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+
+/**
+ * @Author liergou
+ * @Description socket factory impl
+ * @Date 23:41 2020/4/3
+ * @Param
+ * @return
+ **/
+public class SocketHookFactory implements SocketImplFactory
+    {
+        private static SocketImpl   clazz;
+        private static Boolean isHook = false;
+
+        /**
+         * @Author liergou
+         * @Description switch hook
+         * @Date 23:42 2020/4/2
+         * @Param [set]
+         * @return void
+         **/
+        public static void setHook(Boolean set){
+            isHook = set;
+        }
+
+        /**
+         * @Author liergou
+         * @Description 初始化
+         * @Date 23:42 2020/4/2
+         * @Param []
+         * @return void
+         **/
+        public static synchronized void initSocket() throws NoSuchFieldException {
+            if ( clazz != null ) { return; }
+
+            Socket  socket = new Socket();
+            try{
+                Field implField = Socket.class.getDeclaredField("impl");
+                implField.setAccessible( true );
+                clazz = (SocketImpl) implField.get(socket);
+            }catch (NoSuchFieldException | IllegalAccessException e){
+                throw new RuntimeException("SocketHookFactory init failed!");
+            }
+
+            try {
+                socket.close();
+            }
+            catch ( IOException ignored)
+            {
+
+            }
+        }
+
+        public SocketImpl createSocketImpl() {
+
+            if(isHook) {
+                    try {
+                        return new SocketHookImpl(clazz);
+                    } catch (Exception e) {
+                        Logger.getLogger(SocketHookFactory.class.getName()).log(Level.WARNING, "hook 失败  请检查" );
+                        return clazz;
+                    }
+            }else{
+                return clazz;
+            }
+        }
+    }
diff --git a/src/main/java/org/joychou/security/SocketHookImpl.java b/src/main/java/org/joychou/security/SocketHookImpl.java
diff --git a/src/main/java/org/joychou/security/SocketHookUtils.java b/src/main/java/org/joychou/security/SocketHookUtils.java
