Troubleshoot Tomcat 8.5.35.0

[NV]

Hi Team,

I am using OpenRASP for Tomcat 8.5.35.0 spring boot mvc application.

It loads with below warning message and after does not able to hook any request event.

I tried to debug on HookHandler -> CheckRequest but I dont get any breakpoint and error as well, It seems that application bypassed OpenRASP request hook when I raised request from browser.

rasp.log

2019-06-19 21:56:55,928 INFO  [Start Level: Equinox Container: f9043f25-2d93-422c-a518-d4a609f3f381][com.baidu.openrasp.HookHandler] detect server: tomcat/8.5.35.0

2019-06-19 21:56:55,929 INFO  [Start Level: Equinox Container: f9043f25-2d93-422c-a518-d4a609f3f381][com.baidu.openrasp.HookHandler] detect server class: org/apache/catalina/Server

2019-06-19 21:56:55,943 WARN  [Thread-14][com.baidu.openrasp.HookHandler] [E20005] tomcat_security_check_error: can not load file conf/tomcat-users.xml: no such file or file is not readable:

Any thought on this ?

With Regards,

NV

[NV]

You may know,

Tomcat uses three different types of implementations of SSL

• JSSE implementation provided as part of the Java runtime
• JSSE implementation that uses OpenSSL
• APR implementation, which uses the OpenSSL engine by default

Reference : https://tomcat.apache.org/tomcat-8.5-doc/ssl-howto.html

I have confirmed, application has the implementation on https-jsse based and it logs doFilter as below

2019-06-19 23:04:20,622 INFO [https-jsse-nio-443-exec-14][com.baidu.openrasp.hook.AbstractClassHook] insert before method org.apache.catalina.core.ApplicationFilterChain.doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse)

Has anyone tested this type of application implementations\configurations with openrasp ?

[c0debreak]

Those warnings above can be safely ignored. Please attach the source code of a minimal testcase, so that we can take a look at it.

[NV]

Hi,

I have figured out hooking other api and resolve this issue.

Thanks for your support.

With Regards,

NV