【Doe_V1.2.0】 增加沙箱隔离jar包

Author: VIPJoey

README.md

@@ -74,6 +74,7 @@
 * 增加mac系统判断
 * 增加泛型接口测试
 * 修改dubbo依赖为starter方式
+* 修改类加载方式，增加沙箱隔离
 
 ##### 三. 缺陷修复
 * 无

mmc-dubbo-doe/src/main/java/com/mmc/dubbo/doe/context/DoeClassLoader.java

@@ -0,0 +1,182 @@
+/*
+ * Copyright (c) 2010-2020 Founder Ltd. All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Founder. You shall not disclose such Confidential Information
+ * and shall use it only in accordance with the terms of the agreements
+ * you entered into with Founder.
+ *
+ */
+package com.mmc.dubbo.doe.context;
+
+import com.alibaba.dubbo.common.utils.StringUtils;
+import com.mmc.dubbo.doe.exception.DoeException;
+import com.mmc.dubbo.doe.util.StringUtil;
+import lombok.extern.slf4j.Slf4j;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+
+/**
+ * 自定义类加载器，做沙箱隔离.
+ *
+ * @author Joey
+ * @date 2019/6/28 14:20
+ */
+@Slf4j
+public class DoeClassLoader extends ClassLoader {
+
+
+    private final String path;
+
+    private static Map<String, byte[]> classMap = new ConcurrentHashMap<>();
+
+
+    /**
+     * destroy the Parental Entrustment.
+     */
+    public DoeClassLoader(String path) {
+        super(null);
+        this.path = path;
+    }
+
+
+    private void scanJarFile(File file) throws Exception {
+
+        JarFile jar = new JarFile(file);
+
+        Enumeration<JarEntry> en = jar.entries();
+        while (en.hasMoreElements()) {
+            JarEntry je = en.nextElement();
+            je.getName();
+            String name = je.getName();
+            if (name.endsWith(".class")) {
+
+                String className = makeClassName(name);
+
+                try (InputStream input = jar.getInputStream(je); ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+                    int bufferSize = 1024;
+                    byte[] buffer = new byte[bufferSize];
+                    int bytesNumRead;
+                    while ((bytesNumRead = input.read(buffer)) != -1) {
+                        baos.write(buffer, 0, bytesNumRead);
+                    }
+                    addClass(className, baos.toByteArray());
+                }
+            }
+        }
+    }
+
+    private String makeClassName(String name) {
+        String ret = name.replace("\\", ".")
+                .replace("/", ".")
+                .replace(".class", "");
+        return ret;
+    }
+
+    /**
+     * load jars from the Specified path.
+     */
+    public void loadJars() throws Exception {
+
+        if (StringUtils.isEmpty(path)) {
+            throw new DoeException(StringUtil.format("can't found the path {}", path));
+        }
+
+        File libPath = new File(path);
+        if (!libPath.exists()) {
+            throw new DoeException(StringUtil.format("the path[{}] is not exists.", path));
+        }
+
+        File[] files = libPath.listFiles((dir, name) -> name.endsWith(".jar") || name.endsWith(".zip"));
+
+        if (files != null) {
+            for (File file : files) {
+                scanJarFile(file);
+            }
+        }
+    }
+
+    /**
+     * Add one class dynamically.
+     */
+    public static boolean addClass(String className, byte[] byteCode) {
+        if (!classMap.containsKey(className)) {
+            classMap.put(className, byteCode);
+            return true;
+        }
+        return false;
+    }
+
+    @Override
+    protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
+
+        name = makeClassName(name);
+
+        byte[] stream = get(name);
+
+        if (null != stream) {
+
+            return defineClass(name, stream, 0, stream.length);
+        }
+
+        return super.loadClass(name, resolve);
+
+    }
+
+    /**
+     * Get class in our classloader rather than system classloader.
+     */
+    public static Class<?> getClass(String name) throws ClassNotFoundException {
+        return new DoeClassLoader("").loadClass(name, false);
+    }
+
+    private static byte[] get(String className) {
+        return classMap.getOrDefault(className, null);
+    }
+
+    private void scanClassFile(File file) {
+        if (file.exists()) {
+            if (file.isFile() && file.getName().endsWith(".class")) {
+                try {
+                    byte[] byteCode = Files.readAllBytes(Paths.get(file.getAbsolutePath()));
+                    String className = file.getAbsolutePath().replace(this.path, "")
+                            .replace(File.separator, ".");
+
+                    className = makeClassName(className);
+
+                    addClass(className, byteCode);
+                } catch (IOException e) {
+                    e.printStackTrace();
+                }
+            } else if (file.isDirectory()) {
+                for (File f : Objects.requireNonNull(file.listFiles())) {
+                    scanClassFile(f);
+                }
+            }
+        }
+    }
+
+    /**
+     * load classes from the Specified path.
+     */
+    public void loadClassFile() {
+        File[] files = new File(path).listFiles();
+        if (files != null) {
+            for (File file : files) {
+                scanClassFile(file);
+            }
+        }
+    }
+
+}

mmc-dubbo-doe/src/main/java/com/mmc/dubbo/doe/crontroller/RegistryController.java

@@ -9,12 +9,12 @@
  */
 package com.mmc.dubbo.doe.crontroller;
 
-import com.alibaba.dubbo.common.utils.StringUtils;
 import com.alibaba.fastjson.JSON;
 import com.mmc.dubbo.doe.dto.ResultDTO;
 import com.mmc.dubbo.doe.model.RegistryModel;
 import com.mmc.dubbo.doe.service.ConfigService;
 import lombok.extern.slf4j.Slf4j;
+import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -46,7 +46,7 @@ public String doListZk() {
             List<RegistryModel> models = configService.listRegistry();
             result = JSON.toJSONString(models);
 
-        } catch(Exception e) {
+        } catch (Exception e) {
 
             result = "[]";
         }
@@ -59,6 +59,11 @@ public String doListZk() {
     public ResultDTO<Object> doListRegistry() {
 
         log.info("RegistryController.doListRegistry()");
+        MDC.put("CUSTOM_PATTERN", "presstest");
+        log.info("hhhh");
+        log.warn("hh");
+        log.error("h");
+        System.out.println(MDC.get("PtxId"));
 
         ResultDTO<Object> resultDTO = new ResultDTO<>();
 
@@ -68,7 +73,7 @@ public ResultDTO<Object> doListRegistry() {
             resultDTO.setData(models);
             resultDTO.setSuccess(true);
 
-        } catch(Exception e) {
+        } catch (Exception e) {
 
             resultDTO = ResultDTO.createExceptionResult("occur an error when list registry address : ", e, Object.class);
         }
@@ -87,7 +92,7 @@ public ResultDTO<RegistryModel> addRegistry(@NotNull RegistryModel dto) {
 
             resultDTO = configService.addRegistry(dto);
 
-        } catch(Exception e) {
+        } catch (Exception e) {
 
             resultDTO = ResultDTO.createExceptionResult(e, RegistryModel.class);
         }
@@ -106,7 +111,7 @@ public ResultDTO<RegistryModel> delRegistry(@NotNull RegistryModel dto) {
 
             resultDTO = configService.delRegistry(dto);
 
-        } catch(Exception e) {
+        } catch (Exception e) {
 
             resultDTO = ResultDTO.createExceptionResult(e, RegistryModel.class);
         }

mmc-dubbo-doe/src/main/java/com/mmc/dubbo/doe/service/impl/ClassServiceImpl.java

@@ -16,6 +16,7 @@
 import com.mmc.dubbo.doe.cache.MethodCaches;
 import com.mmc.dubbo.doe.cache.UrlCaches;
 import com.mmc.dubbo.doe.context.Const;
+import com.mmc.dubbo.doe.context.DoeClassLoader;
 import com.mmc.dubbo.doe.dto.ConnectDTO;
 import com.mmc.dubbo.doe.dto.MethodModelDTO;
 import com.mmc.dubbo.doe.dto.ResultDTO;
@@ -68,12 +69,12 @@ public List<MethodModelDTO> listMethods(ConnectDTO dto) {
         try {
 
             // show only public method
-            Class<?> clazz = Class.forName(interfaceName);
+            // Class<?> clazz = Class.forName(interfaceName);
+            // load classes without affect system class since v1.2.0
+            Class<?> clazz = DoeClassLoader.getClass(interfaceName);
             Method[] methods = clazz.getMethods();
             // convert and cache method object associate witch the unique key
-            List<MethodModelDTO> models = MethodCaches.cache(interfaceName, methods);
-
-            return models;
+            return MethodCaches.cache(interfaceName, methods);
 
         } catch (ClassNotFoundException e) {
             throw new DoeException("can't found the interface from classpath, please add the dependency first.");

mmc-dubbo-doe/src/main/java/com/mmc/dubbo/doe/service/impl/PomServiceImpl.java

@@ -14,6 +14,7 @@
 import com.mmc.dubbo.doe.cache.RedisResolver;
 import com.mmc.dubbo.doe.client.ProcessClient;
 import com.mmc.dubbo.doe.context.Const;
+import com.mmc.dubbo.doe.context.DoeClassLoader;
 import com.mmc.dubbo.doe.context.TaskContainer;
 import com.mmc.dubbo.doe.dto.PomDTO;
 import com.mmc.dubbo.doe.dto.ResultDTO;
@@ -292,7 +293,21 @@ public ResultDTO<String> getRealTimeMsg(@NotNull String requestId) {
     }
 
     @Override
-    public ResultDTO<String> loadJars(String path) throws NoSuchMethodException, MalformedURLException {
+    public ResultDTO<String> loadJars(String path) {
+
+        String realPath = (StringUtils.isEmpty(path)) ? this.libPath : path;
+        DoeClassLoader classLoader = new DoeClassLoader(realPath);
+        try {
+            classLoader.loadJars();
+            return ResultDTO.createSuccessResult("load jars completely and successfully", String.class);
+        } catch (Exception e) {
+            return ResultDTO.handleException("occur an error when load jars", null, e);
+        }
+
+    }
+
+    @Deprecated // since v1.1.0
+    public ResultDTO<String> loadJars$$(String path) throws NoSuchMethodException, MalformedURLException {
 
         String fullLibPath = StringUtils.isEmpty(path) ? this.libPath : path;
 

mmc-dubbo-doe/src/test/java/com/mmc/dubbo/doe/test/TestDoeClassLoader.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2010-2020 Founder Ltd. All Rights Reserved.
+ *
+ * This software is the confidential and proprietary information of
+ * Founder. You shall not disclose such Confidential Information
+ * and shall use it only in accordance with the terms of the agreements
+ * you entered into with Founder.
+ *
+ */
+package com.mmc.dubbo.doe.test;
+
+import com.mmc.dubbo.doe.context.DoeClassLoader;
+import org.junit.Test;
+
+/**
+ * @author Joey
+ * @date 2019/6/28 14:54
+ */
+public class TestDoeClassLoader {
+
+    @Test
+    public void testLoad() throws Exception {
+
+        String path = "F:\\app\\doe\\lib";
+
+        DoeClassLoader doeClassLoader = new DoeClassLoader(path);
+
+        doeClassLoader.loadJars();
+        doeClassLoader.loadClassFile();
+        Class<?> clazz = doeClassLoader.loadClass("com.fcbox.edms.terminal.api.CabinetServiceFacade");
+
+
+        System.out.println(clazz.getClassLoader());
+
+    }
+
+}