re-use vulnerability type/detector instances to avoid unnecessary mem usage

agent_api/src/main/java/dev/aikido/agent_api/collectors/CommandCollector.java

@@ -22,8 +22,7 @@ public static void report(Object command) {
             StatisticsStore.registerCall("runtime.Exec", OperationKind.EXEC_OP);
 
             // scan
-            Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.ShellInjectionVulnerability();
-            Scanner.scanForGivenVulnerability(vulnerability, "runtime.Exec", new String[]{commandStr});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SHELL_INJECTION, "runtime.Exec", new String[]{commandStr});
         }
     }
 }

agent_api/src/main/java/dev/aikido/agent_api/collectors/DNSRecordCollector.java

@@ -44,7 +44,7 @@ public static void report(String hostname, InetAddress[] inetAddresses) {
                     }
                     logger.debug("Hostname: %s, Port: %s, IPs: %s", hostnameEntry.getHostname(), hostnameEntry.getPort(), ipAddresses);
 
-                    Attack attack = new SSRFDetector().run(
+                    Attack attack = SSRFDetector.run(
                         hostname, hostnameEntry.getPort(), ipAddresses, OPERATION_NAME
                     );
                     if (attack == null) {

agent_api/src/main/java/dev/aikido/agent_api/collectors/FileCollector.java

@@ -31,18 +31,17 @@ public static void report(Object filePath, String operation, int depth) {
         logger.trace("Scan on %s for file: %s", operation, filePath);
         StatisticsStore.registerCall(operation, OperationKind.FS_OP);
 
-        Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.PathTraversalVulnerability();
         if (filePath instanceof String filePathString) {
-            Scanner.scanForGivenVulnerability(vulnerability, operation, new String[]{filePathString});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.PATH_TRAVERSAL, operation, new String[]{filePathString});
         } else if (filePath instanceof URI filePathURI) {
             // File(...) Constructor also accepts URI objects, but path remains the same
             // So we just extract the path here : (i.e. new File("file:///../test.txt") --> "/../test.txt")
             String filePathString = filePathURI.getPath();
-            Scanner.scanForGivenVulnerability(vulnerability, operation, new String[]{filePathString});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.PATH_TRAVERSAL, operation, new String[]{filePathString});
         } else if (filePath instanceof Path filePathAsPath) {
             // Some functions on Path also accept other paths
             String filePathString = filePathAsPath.toString();
-            Scanner.scanForGivenVulnerability(vulnerability, operation, new String[]{filePathString});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.PATH_TRAVERSAL, operation, new String[]{filePathString});
         } else if (filePath instanceof Object[] filePaths) {
             // In Paths.get() sometimes you can have multiple paths provided, scan them individually :
             if (depth >= MAX_RECURSION_DEPTH) {

agent_api/src/main/java/dev/aikido/agent_api/collectors/SQLCollector.java

@@ -15,7 +15,6 @@ public static void report(String sql, String dialect, String operation) {
         StatisticsStore.registerCall(operation, OperationKind.SQL_OP);
 
         // scan
-        Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.SQLInjectionVulnerability();
-        Scanner.scanForGivenVulnerability(vulnerability, operation, new String[]{sql, dialect});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, operation, new String[]{sql, dialect});
     }
 }

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/Vulnerabilities.java

@@ -3,56 +3,65 @@
 import dev.aikido.agent_api.vulnerabilities.path_traversal.PathTraversalDetector;
 import dev.aikido.agent_api.vulnerabilities.shell_injection.ShellInjectionDetector;
 import dev.aikido.agent_api.vulnerabilities.sql_injection.SqlDetector;
-import dev.aikido.agent_api.vulnerabilities.ssrf.SSRFDetector;
 
 public final class Vulnerabilities {
     private Vulnerabilities() {}
     public interface Vulnerability {
         Detector getDetector();
         String getKind();
     }
-    public static final class SQLInjectionVulnerability implements Vulnerability {
+
+    private static final class SQLInjectionVulnerability implements Vulnerability {
         @Override
         public Detector getDetector() {
-            return new SqlDetector();
+            return SqlDetector.INSTANCE;
         }
         @Override
         public String getKind() {
             return "sql_injection";
         }
     }
-    public static final class PathTraversalVulnerability implements Vulnerability {
+    public static final Vulnerability SQL_INJECTION = new SQLInjectionVulnerability();
+
+    private static final class PathTraversalVulnerability implements Vulnerability {
         @Override
         public Detector getDetector() {
-            return new PathTraversalDetector();
+            return PathTraversalDetector.INSTANCE;
         }
         @Override
         public String getKind() {
             return "path_traversal";
         }
     }
-    public static final class SSRFVulnerability implements Vulnerability {
+    public static final Vulnerability PATH_TRAVERSAL = new PathTraversalVulnerability();
+
+    private static final class SSRFVulnerability implements Vulnerability {
         @Override
         public Detector getDetector() { return null; }
         @Override
         public String getKind() {
             return "ssrf";
         }
     }
-    public static final class StoredSSRFVulnerability implements Vulnerability {
+    public static final Vulnerability SSRF = new SSRFVulnerability();
+
+    private static final class StoredSSRFVulnerability implements Vulnerability {
         @Override
         public Detector getDetector() { return null; }
         @Override
         public String getKind() {
             return "stored_ssrf";
         }
     }
-    public static final class ShellInjectionVulnerability implements Vulnerability {
+    public static final Vulnerability STORED_SSRF = new StoredSSRFVulnerability();
+
+    private static final class ShellInjectionVulnerability implements Vulnerability {
         @Override
-        public Detector getDetector() { return new ShellInjectionDetector(); }
+        public Detector getDetector() { return ShellInjectionDetector.INSTANCE; }
         @Override
         public String getKind() {
             return "shell_injection";
         }
     }
+    public static final Vulnerability SHELL_INJECTION = new ShellInjectionVulnerability();
 }

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/path_traversal/PathTraversalDetector.java

@@ -8,6 +8,8 @@
 import static dev.aikido.agent_api.vulnerabilities.path_traversal.UnsafePathPartsChecker.containsUnsafePathParts;
 
 public class PathTraversalDetector implements Detector {
+    public static final PathTraversalDetector INSTANCE = new PathTraversalDetector();
+
     /**
      * @param userInput, this is the user input which we will evaluate
      * @param arguments, Includes one element : filename

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/shell_injection/ShellInjectionDetector.java

@@ -9,6 +9,8 @@
 import static dev.aikido.agent_api.vulnerabilities.shell_injection.ShellSyntaxChecker.containsShellSyntax;
 
 public class ShellInjectionDetector implements Detector {
+    public static final ShellInjectionDetector INSTANCE = new ShellInjectionDetector();
+
     @Override
     public DetectorResult run(String userInput, String[] arguments) {
         if (userInput.isEmpty() || arguments == null || arguments.length == 0 || arguments[0] == null) {

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/sql_injection/SqlDetector.java

@@ -8,7 +8,9 @@
 import java.util.regex.Pattern;
 
 public class SqlDetector implements Detector {
+    public static final SqlDetector INSTANCE = new SqlDetector();
     private static final Logger logger = LogManager.getLogger(SqlDetector.class);
+
     /**
      * @param userInput contains the user input which we want to scan
      * @param arguments contains: [query, dialect]

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/SSRFDetector.java

@@ -3,22 +3,18 @@
 import dev.aikido.agent_api.context.Context;
 import dev.aikido.agent_api.context.ContextObject;
 import dev.aikido.agent_api.vulnerabilities.Attack;
-import dev.aikido.agent_api.vulnerabilities.Detector;
 import dev.aikido.agent_api.vulnerabilities.Vulnerabilities;
 
-import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 
-import static dev.aikido.agent_api.helpers.ShouldBlockHelper.shouldBlock;
 import static dev.aikido.agent_api.helpers.StackTrace.getCurrentStackTrace;
 import static dev.aikido.agent_api.vulnerabilities.ssrf.FindHostnameInContext.findHostnameInContext;
 import static dev.aikido.agent_api.vulnerabilities.ssrf.IsPrivateIP.containsPrivateIP;
 import static dev.aikido.agent_api.vulnerabilities.ssrf.PrivateIPRedirectFinder.isRedirectToPrivateIP;
-import static dev.aikido.agent_api.vulnerabilities.ssrf.imds.Resolver.resolvesToImdsIp;
 
-public class SSRFDetector {
-    public Attack run(String hostname, int port, List<String> ipAddresses, String operation) {
+public final class SSRFDetector {
+    public static Attack run(String hostname, int port, List<String> ipAddresses, String operation) {
         if(hostname == null || hostname.isEmpty()) {
             return null;
         }
@@ -39,7 +35,7 @@ public Attack run(String hostname, int port, List<String> ipAddresses, String op
         if(attackFindings != null) {
             return new Attack(
                     operation,
-                    new Vulnerabilities.SSRFVulnerability(),
+                    Vulnerabilities.SSRF,
                     attackFindings.source(),
                     attackFindings.pathToPayload(),
                     /*metadata*/ Map.of(

agent_api/src/main/java/dev/aikido/agent_api/vulnerabilities/ssrf/StoredSSRFDetector.java

@@ -23,7 +23,7 @@ public Attack run(String hostname, List<String> ipAddresses, String operation) {
 
         return new Attack(
             operation,
-            new Vulnerabilities.StoredSSRFVulnerability(),
+            Vulnerabilities.STORED_SSRF,
             null, // source is null for stored attacks
             "", // path is empty
             Map.of(

agent_api/src/test/java/vulnerabilities/AttackTest.java

@@ -16,7 +16,6 @@ public class AttackTest {
     public void testAttackConstructor() {
         // Arrange
         String operation = "SQL Injection";
-        Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.SQLInjectionVulnerability();
         String source = "User Input";
         String pathToPayload = "/api/vulnerable";
         Map<String, String> metadata = new HashMap<>();
@@ -26,11 +25,11 @@ public void testAttackConstructor() {
         User user = new User("id", "name", "1.1.1.1", 0);
 
         // Act
-        Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack, user);
+        Attack attack = new Attack(operation, Vulnerabilities.SQL_INJECTION, source, pathToPayload, metadata, payload, stack, user);
 
         // Assert
         assertEquals(operation, attack.operation);
-        assertEquals(vulnerability.getKind(), attack.kind);
+        assertEquals("sql_injection", attack.kind);
         assertEquals(source, attack.source);
         assertEquals(pathToPayload, attack.pathToPayload);
         assertEquals(metadata, attack.metadata);
@@ -47,7 +46,6 @@ public void testAttackConstructor() {
     public void testAttackWithEmptyMetadata() {
         // Arrange
         String operation = "XSS Attack";
-        Vulnerabilities.Vulnerability vulnerability = new Vulnerabilities.SQLInjectionVulnerability();
         String source = "User Input";
         String pathToPayload = "/api/vulnerable";
         Map<String, String> metadata = new HashMap<>(); // Empty metadata
@@ -56,11 +54,11 @@ public void testAttackWithEmptyMetadata() {
         User user = new User("123", "name", "1.1.1.1", 0);
 
         // Act
-        Attack attack = new Attack(operation, vulnerability, source, pathToPayload, metadata, payload, stack, user);
+        Attack attack = new Attack(operation, Vulnerabilities.SQL_INJECTION, source, pathToPayload, metadata, payload, stack, user);
 
         // Assert
         assertEquals(operation, attack.operation);
-        assertEquals(vulnerability.getKind(), attack.kind);
+        assertEquals("sql_injection", attack.kind);
         assertEquals(source, attack.source);
         assertEquals(pathToPayload, attack.pathToPayload);
         assertEquals(metadata, attack.metadata);

agent_api/src/test/java/vulnerabilities/ScannerTest.java

@@ -78,15 +78,15 @@ void testScanForGivenVulnerability_ContextIsNull() {
     void testScanSafeSQLCode() throws InterruptedException {
         ServiceConfigStore.updateBlocking(true);
         // Safe :
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT", "postgresql"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT", "postgresql"});
         // Argument-mismatch, safe :
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM"});
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
 
         // Unsafe :
         AttackQueue.clear();
         assertThrows(SQLInjectionException.class, () -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
         DetectedAttack.DetectedAttackEvent attackEvent = (DetectedAttack.DetectedAttackEvent) AttackQueue.get();
         assertEquals("SELECT * FRO", attackEvent.attack().payload());
@@ -98,14 +98,14 @@ void testScanSafeSQLCode() throws InterruptedException {
     void testScanSafeSQLCodeButBlockingFalse() {
         ServiceConfigStore.updateBlocking(false);
         // Safe :
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT", "postgresql"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT", "postgresql"});
         // Argument-mismatch, safe :
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM"});
-        Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM"});
+        Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "1", "2", "3"});
 
         // Unsafe :
         assertDoesNotThrow(() -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
     }
 
@@ -114,22 +114,22 @@ void testForceProtectionOff() {
         ServiceConfigStore.updateBlocking(true);
         // Thread cache does not force any protection off :
         assertThrows(SQLInjectionException.class, () -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
         // Set to protection forced off route :
         Context.set(new SampleContextObject3("/api2/test/2/4"));
         assertDoesNotThrow(() -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
         Context.set(new SampleContextObject3("/api2/"));
         assertDoesNotThrow(() -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
 
         // Set to IP where route exists but protection is not forced off :
         Context.set(new SampleContextObject3("/api3/test"));
         assertThrows(SQLInjectionException.class, () -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
     }
 
@@ -138,7 +138,7 @@ void testDoesNotRunWithContextNull() {
         ServiceConfigStore.updateBlocking(true);
         Context.set(null);
         assertDoesNotThrow(() -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
     }
 
@@ -148,15 +148,15 @@ void TestStillThrowsWithConfigStoreEmptyButBlockingEnabled() {
         ServiceConfigStore.updateFromAPIResponse(emptyAPIResponse);
         ServiceConfigStore.updateBlocking(true);
         assertThrows(SQLInjectionException.class, () -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
     }
 
     @Test
     void TestDoesNotThrowWithEmptyAPIResponse() {
         ServiceConfigStore.updateFromAPIResponse(emptyAPIResponse);
         assertDoesNotThrow(() -> {
-            Scanner.scanForGivenVulnerability(new Vulnerabilities.SQLInjectionVulnerability(), "operation", new String[]{"SELECT * FROM", "postgresql"});
+            Scanner.scanForGivenVulnerability(Vulnerabilities.SQL_INJECTION, "operation", new String[]{"SELECT * FROM", "postgresql"});
         });
     }
 }