New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] hook校验结果不正确，可能导致错误的结果被缓存进LRU缓存中 #322

Open

xinglongZeng opened this issue Jan 17, 2022 · 0 comments

Contributor

xinglongZeng commented Jan 17, 2022

 rasp-1.3.8版本之下都存在此问题；     
 hook校验核心逻辑是:  java代码 --> c++语言 --> JS插件执行校验  ， 这样的3种语言混合的，并且，在c++代码中内置了一个线程池用来执行JS。
当线程池内满了就放入队列里等待执行，但是如果从队列取出的任务超过了超时时间timeout,则不会继续执行，因此可能导致有安全隐患的请求没有进行过校验后就直接退出了，而 "没有进行过校验的请求" 与 "校验通过的请求" 的返回值一样都是Null ,  而外层的java代码就将其 “误认为校验通过", 然后将该请求放入LRU缓存。只要LRU缓存中存在错误的结果，则后续相同的请求都不会进行校验。

此处给出一个临时解决方案：通过清空 threadHook的标志，触发重新生成requestId，降低LRU缓存的命中率。

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment