A tool to illustrate termination of Java virtual machine if a prohibited method is invoked. Checkout the README on that branch for instructions.
The project has two concepts - generating fingerprints and watching for prohibited classes.
The fingerprints are generated using the classfile-fingerprint CLI.
It has three subcommands. All the commands take in the following parameters:
Required Parameters
| Parameter | Type | Description |
|---|---|---|
output or input |
File |
Path to index file. output will create a new file. input will merge the indices. |
-
jdk: Generate fingerprints for JDK classes. | -
supply-chain: Generate fingerprints for all the dependencies captured in the SBOM.-
Required Parameters
Parameter Type Description sbomFilePath to the sbom file. sbomcould be CycloneDX 1.4 or 1.5 JSON document.
-
-
runtime: Generate fingerprints for all the classes loaded at runtime.-
Required Parameters
Parameter Type Description projectFilePath to the project. executable-jar-moduleStringThe module
(artifactID)that generates the executable jar. -
Optional Parameters
Parameter Type Description cleanupFileDelete the temporary project after the process.
-
The watchdog-agent is a Java agent that watches for prohibited classes.
It takes in the following parameters:
Required Parameters
| Parameter | Type | Description |
|---|---|---|
sbom |
File |
Path to the index file. |
Optional Parameters
| Parameter | Type | Description |
|---|---|---|
skipShutdown |
boolean |
If true, the JVM will not shutdown if a prohibited class is loaded. Default: false. |