Merge pull request #182 from AikidoSec/fix-wrappers-and-fix-inet

willem-delbare · web-flow · commit 4373385d73fb · 2025-06-26T17:11:34.000+02:00
Fix InetAddress issue with null and add logs on error to sys wrappers
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/InetAddressWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/InetAddressWrapper.java
@@ -34,7 +34,7 @@ public static class InetAdvice {
         // To bypass this issue we load collectors from a .jar file
         @Advice.OnMethodExit
         public static void after(
-                @Advice.Enter String hostname,
+                @Advice.Argument(0) String hostname,
                 @Advice.Return InetAddress[] inetAddresses
         ) throws Throwable {
             String jarFilePath = System.getProperty("AIK_agent_api_jar");
@@ -64,15 +64,9 @@ public static void after(
                     throw invocationTargetException.getCause();
                 }
                 // Ignore non-aikido throwables.
-            } catch(Throwable e) {}
-        }
-        @Advice.OnMethodEnter
-        public static String before(
-                @Advice.This(typing = DYNAMIC, optional = true) Object target,
-                @Advice.Origin Executable method,
-                @Advice.Argument(0) Object argument
-        ) {
-            return argument.toString();
+            } catch(Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
+            }
         }
     }
 }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/PathWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/PathWrapper.java
@@ -72,6 +72,7 @@ public static void before(
                 }
                 // Ignore non-aikido throwables.
             } catch(Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
             }
             classLoader.close(); // Close the class loader
         }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/PathsWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/PathsWrapper.java
@@ -71,7 +71,9 @@ public static void before(
                     throw invocationTargetException.getCause();
                 }
                 // Ignore non-aikido throwables.
-            } catch(Throwable e) {}
+            } catch(Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
+            }
             classLoader.close(); // Close the class loader
         }
     }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/RuntimeExecWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/RuntimeExecWrapper.java
@@ -73,7 +73,9 @@ public static void before(
                     throw invocationTargetException.getCause();
                 }
                 // Ignore non-aikido throwables.
-            } catch(Throwable e) {}
+            } catch(Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
+            }
         }
     }
 }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/file/FileConstructorMultiArgumentWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/file/FileConstructorMultiArgumentWrapper.java
@@ -84,6 +84,7 @@ public static void before(
                 }
                 // Ignore non-aikido throwables.
             } catch (Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
             }
         }
     }
diff --git a/agent/src/main/java/dev/aikido/agent/wrappers/file/FileConstructorSingleArgumentWrapper.java b/agent/src/main/java/dev/aikido/agent/wrappers/file/FileConstructorSingleArgumentWrapper.java
@@ -82,6 +82,7 @@ public static void before(
                 }
                 // Ignore non-aikido throwables.
             } catch (Throwable e) {
+                System.out.println("AIKIDO: " + e.getMessage());
             }
         }
     }
diff --git a/agent_api/src/test/java/wrappers/InetAddressTest.java b/agent_api/src/test/java/wrappers/InetAddressTest.java
@@ -76,6 +76,13 @@ public void testSSRFWithoutPort() throws Exception {
         assertEquals(1, StatisticsStore.getStatsRecord().operations().get("java.net.InetAddress.getAllByName").getAttacksDetected().get("blocked"));
     }
 
+    @Test
+    public void testCanHandleNullInput() {
+        assertDoesNotThrow(() -> {
+            InetAddress.getAllByName(null);
+        });
+    }
+
     @Test
     public void testSSRFWithoutPortAndWithoutContext() {
         setContextAndLifecycle("http://localhost:80");

Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,7 @@ public static void before(`
`72`	`72`	`}`
`73`	`73`	`// Ignore non-aikido throwables.`
`74`	`74`	`} catch(Throwable e) {`
	`75`	`+ System.out.println("AIKIDO: " + e.getMessage());`
`75`	`76`	`}`
`76`	`77`	`classLoader.close(); // Close the class loader`
`77`	`78`	`}`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,9 @@ public static void before(`
`71`	`71`	`throw invocationTargetException.getCause();`
`72`	`72`	`}`
`73`	`73`	`// Ignore non-aikido throwables.`
`74`		`- } catch(Throwable e) {}`
	`74`	`+ } catch(Throwable e) {`
	`75`	`+ System.out.println("AIKIDO: " + e.getMessage());`
	`76`	`+ }`
`75`	`77`	`classLoader.close(); // Close the class loader`
`76`	`78`	`}`
`77`	`79`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,9 @@ public static void before(`
`73`	`73`	`throw invocationTargetException.getCause();`
`74`	`74`	`}`
`75`	`75`	`// Ignore non-aikido throwables.`
`76`		`- } catch(Throwable e) {}`
	`76`	`+ } catch(Throwable e) {`
	`77`	`+ System.out.println("AIKIDO: " + e.getMessage());`
	`78`	`+ }`
`77`	`79`	`}`
`78`	`80`	`}`
`79`	`81`	`}`
Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public static void before(`
`84`	`84`	`}`
`85`	`85`	`// Ignore non-aikido throwables.`
`86`	`86`	`} catch (Throwable e) {`
	`87`	`+ System.out.println("AIKIDO: " + e.getMessage());`
`87`	`88`	`}`
`88`	`89`	`}`
`89`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -82,6 +82,7 @@ public static void before(`
`82`	`82`	`}`
`83`	`83`	`// Ignore non-aikido throwables.`
`84`	`84`	`} catch (Throwable e) {`
	`85`	`+ System.out.println("AIKIDO: " + e.getMessage());`
`85`	`86`	`}`
`86`	`87`	`}`
`87`	`88`	`}`