Skip to content
/ sbom.exe Public

calls the police if a prohibited class is loaded by the JVM

arxiv.org/abs/2407.00246

License

MIT license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chains-project/sbom.exe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

582 Commits
.github/workflows
.github/workflows
 
 
classfile-fingerprint
classfile-fingerprint
 
 
experiments @ 3e91a76
experiments @ 3e91a76
 
 
runtime-class-interceptor
runtime-class-interceptor
 
 
terminator-commons
terminator-commons
 
 
watchdog-agent
watchdog-agent
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
CHANGELOG.md
CHANGELOG.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
diagram.svg
diagram.svg
 
 
jreleaser.json
jreleaser.json
 
 
pom.xml
pom.xml
 
 
renovate.json
renovate.json
 
 

Repository files navigation

sbom.exe

tests

A tool to illustrate termination of Java virtual machine if a prohibited method is invoked. Checkout the README on that branch for instructions.

Visualization by GitHub Next

Visualization of the codebase

Project structure

The project has two concepts - generating fingerprints and watching for prohibited classes.

Generation of fingerprints

The fingerprints are generated using the classfile-fingerprint CLI.

It has three subcommands. All the commands take in the following parameters:

Required Parameters

Parameter Type Description
output or input File Path to index file. output will create a
new file. input will merge the indices.

  1. jdk: Generate fingerprints for JDK classes. |

  2. supply-chain: Generate fingerprints for all the dependencies captured in the SBOM.

    • Required Parameters

      Parameter Type Description
      sbom File Path to the sbom file.

      sbom could be CycloneDX 1.4 or 1.5 JSON document.

  3. runtime: Generate fingerprints for all the classes loaded at runtime.

    • Required Parameters

      Parameter Type Description
      project File Path to the project.
      executable-jar-module String The module
      (artifactID)that generates the executable jar.

    • Optional Parameters

      Parameter Type Description
      cleanup File Delete the temporary project after the process.

Watching for prohibited classes

The watchdog-agent is a Java agent that watches for prohibited classes.

It takes in the following parameters:

Required Parameters

Parameter Type Description
sbom File Path to the index file.

Optional Parameters

Parameter Type Description
skipShutdown boolean If true, the JVM will not shutdown if a prohibited class is loaded. Default: false.

About

calls the police if a prohibited class is loaded by the JVM

arxiv.org/abs/2407.00246

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases 14

v0.13.0 Latest
Apr 12, 2024
+ 13 releases

Packages

No packages published

Contributors 6

Languages