How to Get Started with DongTai-agent-java

May 23, 2024 | Programming

Welcome to a step-by-step guide on using the DongTai-agent-java, a specialized tool designed for IAST data acquisition in Java applications. This article covers everything from installation to troubleshooting, making it user-friendly for developers ranging from novices to experts.

What is DongTai-agent-java?

DongTai-agent-java collects critical data from Java applications by rewriting class bytecode and sending this information to the dongtai-OpenAPI service. It then processes the data to detect any security vulnerabilities. The project comprises several essential components, including:

  • agent.jar: Manages the agent’s lifecycle (downloading, installing, starting, stopping, etc.).
  • dongtai-core.jar: Handles core functionalities such as bytecode piling, data collection, preprocessing, and reporting.
  • dongtai-inject.jar: Used for injecting the necessary components into the BootStrap ClassLoader.
  • dongtai-servlet.jar: Captures application requests and responses, crucial for data display and request replay.

Application Scenarios

DongTai-agent-java can be effectively utilized in various scenarios, including:

  • DevOps
  • Pre-launch application security testing
  • Third-party component management
  • Code auditing
  • Zero-Day vulnerability detection

Quick Start

For a smooth start, please check the Quick Start Guide.

Quick Development Workflow

Follow these steps to set up and develop with Dongtai-agent-java:

  1. Fork the DongTai-agent-java repository and clone your fork:
    2. git clone https://github.com/your-username/DongTai-agent-java
  2. Modify the code as per your requirements.
  3. Compile the project using Maven:
    4. mvn clean package -Dmaven.test.skip=true

    Note: Ensure you are using JDK version 1.8.4. After compilation, a folder named release will be generated in your project directory, containing:

    • dongtai-agent.jar
    • lib
    • dongtai-servlet.jar
    • dongtai-core.jar
    • dongtai-spy.jar
  4. Copy the necessary .jar files (dongtai-core.jar, dongtai-spy.jar, dongtai-servlet.jar) to your system’s temporary directory. To find the temporary directory, run:
    5. System.getProperty("java.io.tmpdir");
  5. Run your application, for example, with SpringBoot:
    6. java -javaagent:path/to/dongtai-agent.jar -Ddongtai.debug=true -jar app.jar
  6. If interested, contribute your code back to the DongTai IAST team. For this, please refer to the complete contribution guide.

Troubleshooting Tips

While using DongTai-agent-java, issues may arise. Here are some troubleshooting ideas:

  • Agent Not Working: Ensure the paths in your Java command are correct. Double-check that you are using the correct version of JDK.
  • Data Not Collected: Verify that the agent is enabled and configured correctly in your application’s settings.
  • Network Issues: Check your firewall and network settings to ensure data can reach the dongtai-OpenAPI service.

For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

Supported Java Versions and Middleware

DongTai-agent-java supports Java 1.8 and above, and is compatible with various middleware including:

  • Tomcat
  • Jetty
  • WebLogic
  • WebSphere
  • SpringBoot
  • Other mainstream software

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.

Stay Informed with the Newest F(x) Insights and Blogs

Tech News and Blog Highlights, Straight to Your Inbox

Let’s Build Success Together