diff --git a/.idea/encodings.xml b/.idea/encodings.xml
index 579c8a2..97626ba 100644
--- a/.idea/encodings.xml
+++ b/.idea/encodings.xml
@@ -1,19 +1,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
\ No newline at end of file
diff --git a/agent/README.md b/agent/README.md
index 7838442..b5145c6 100644
--- a/agent/README.md
+++ b/agent/README.md
@@ -70,6 +70,37 @@ mvn clean package -pl agent -am
The shaded JAR is at `agent/target/jcapslock-agent-1.0-SNAPSHOT.jar`.
+## DEFAULT Blocking Mode
+
+Use `DEFAULT` in the blocked list to block all capabilities NOT in the snapshot for a package:
+
+```yaml
+policies:
+ - package: com.example.myapp
+ blocked:
+ - DEFAULT # blocks all capabilities not in snapshot.json
+```
+
+The agent loads `.capslock/snapshot.json` (relative to policy file) and allows only
+capabilities that exist in the snapshot for that package. Any capability usage not
+in the snapshot is blocked.
+
+## Limitations
+
+> **Proof of Concept**: The enforcement mode is experimental and can be evaded.
+> It should be used as one layer in a defense-in-depth strategy, not as a
+> complete security solution.
+
+Known evasion vectors:
+- **Async/threaded code**: Stack inspection won't show original caller after handoff to thread pool
+- **Reflection**: Dynamically invoked methods bypass static analysis
+- **Native code**: JNI and `sun.misc.Unsafe` can perform any operation
+- **External processes**: Code executed via `Runtime.exec` is not monitored
+- **Class loading tricks**: Custom classloaders can load uninstrumented code
+
+The static analysis also has inherent limitations:
+- Reflection targets cannot be determined statically and lead to overapproximations
+
## Capabilities
Capabilities are loaded from `java-interesting.cm` in the core module.
diff --git a/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java b/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java
index 50b097c..ad2d64a 100644
--- a/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java
+++ b/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java
@@ -1,12 +1,14 @@
package com.github.serj.jcapslock.agent;
import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import org.objectweb.asm.Type;
import java.io.File;
import java.lang.instrument.Instrumentation;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -73,6 +75,24 @@ public static Instrumentation getInstrumentation() {
return instrumentation;
}
+ /**
+ * All enforceable capabilities (excludes UNSPECIFIED, SAFE, UNANALYZED).
+ */
+ private static final Set ALL_CAPABILITIES = new HashSet<>(Arrays.asList(
+ "CAPABILITY_FILES",
+ "CAPABILITY_NETWORK",
+ "CAPABILITY_RUNTIME",
+ "CAPABILITY_READ_SYSTEM_STATE",
+ "CAPABILITY_MODIFY_SYSTEM_STATE",
+ "CAPABILITY_OPERATING_SYSTEM",
+ "CAPABILITY_SYSTEM_CALLS",
+ "CAPABILITY_ARBITRARY_EXECUTION",
+ "CAPABILITY_CGO",
+ "CAPABILITY_UNSAFE_POINTER",
+ "CAPABILITY_REFLECT",
+ "CAPABILITY_EXEC"
+ ));
+
private static void loadPolicy(String policyPath) {
File policyFile = new File(policyPath);
if (!policyFile.exists()) {
@@ -86,14 +106,42 @@ private static void loadPolicy(String policyPath) {
ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
PolicyFile policy = mapper.readValue(policyFile, PolicyFile.class);
+ // Check if any policy uses DEFAULT - if so, load snapshot
+ Map> snapshotCapabilities = null;
+ boolean hasDefault = policy.policies != null && policy.policies.stream()
+ .anyMatch(e -> e.blocked != null && e.blocked.contains("DEFAULT"));
+
+ if (hasDefault) {
+ snapshotCapabilities = loadSnapshotCapabilities(policyFile.getParentFile());
+ }
+
Map> capabilityToPackages = new HashMap<>();
if (policy.policies != null) {
for (PolicyEntry entry : policy.policies) {
if (entry.blocked != null) {
- for (String capability : entry.blocked) {
- capabilityToPackages
- .computeIfAbsent(capability, k -> new HashSet<>())
- .add(entry.pkg);
+ List effectiveBlocked = entry.blocked;
+
+ // Expand DEFAULT to all capabilities not in snapshot for this package
+ if (entry.blocked.contains("DEFAULT")) {
+ Set allowedFromSnapshot = snapshotCapabilities != null
+ ? snapshotCapabilities.getOrDefault(entry.pkg, Set.of())
+ : Set.of();
+
+ Set toBlock = new HashSet<>(ALL_CAPABILITIES);
+ toBlock.removeAll(allowedFromSnapshot);
+ effectiveBlocked = List.copyOf(toBlock);
+
+ Log.info("DEFAULT expansion for " + entry.pkg +
+ ": allowed from snapshot=" + allowedFromSnapshot +
+ ", blocking=" + toBlock);
+ }
+
+ for (String capability : effectiveBlocked) {
+ if (!"DEFAULT".equals(capability)) {
+ capabilityToPackages
+ .computeIfAbsent(capability, k -> new HashSet<>())
+ .add(entry.pkg);
+ }
}
}
}
@@ -110,6 +158,42 @@ private static void loadPolicy(String policyPath) {
}
}
+ /**
+ * Loads capabilities from snapshot.json in the given directory.
+ * Returns a map from package name to set of capabilities.
+ */
+ private static Map> loadSnapshotCapabilities(File directory) {
+ File snapshotFile = new File(directory, "snapshot.json");
+ if (!snapshotFile.exists()) {
+ Log.warn("Snapshot file not found: " + snapshotFile + " (DEFAULT blocking may not work correctly)");
+ return Map.of();
+ }
+
+ try {
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode root = mapper.readTree(snapshotFile);
+ JsonNode capabilityInfoList = root.get("capability_info");
+
+ Map> result = new HashMap<>();
+ if (capabilityInfoList != null && capabilityInfoList.isArray()) {
+ for (JsonNode info : capabilityInfoList) {
+ String packageName = info.has("package_name") ? info.get("package_name").asText() : null;
+ String capability = info.has("capability") ? info.get("capability").asText() : null;
+
+ if (packageName != null && capability != null) {
+ result.computeIfAbsent(packageName, k -> new HashSet<>()).add(capability);
+ }
+ }
+ }
+
+ Log.info("Loaded snapshot with " + result.size() + " packages");
+ return result;
+ } catch (Exception e) {
+ Log.error("Failed to load snapshot: " + e.getMessage());
+ return Map.of();
+ }
+ }
+
public static class PolicyFile {
public List policies;
}
diff --git a/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java b/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java
index d8c561d..c791e1a 100644
--- a/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java
+++ b/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java
@@ -13,11 +13,37 @@ public class PolicyChecker {
public static final String PROP_PREFIX = "capslock.block.";
+ /**
+ * Reentrancy guard to prevent infinite recursion when instrumented methods
+ * (like System.getProperty, Thread.getStackTrace) are called from within check().
+ * NOTE: Cannot use ThreadLocal.withInitial(() -> false) because lambda creation
+ * triggers instrumented methods before IN_CHECK is initialized.
+ */
+ private static final ThreadLocal IN_CHECK = new ThreadLocal() {
+ @Override
+ protected Boolean initialValue() {
+ return Boolean.FALSE;
+ }
+ };
+
/**
* Check if capability is allowed for the current call stack.
* Throws SecurityException if blocked.
*/
public static void check(String capability) {
+ // Reentrancy guard: if we're already in a check, skip to prevent infinite recursion
+ if (IN_CHECK.get()) {
+ return;
+ }
+ IN_CHECK.set(true);
+ try {
+ doCheck(capability);
+ } finally {
+ IN_CHECK.set(false);
+ }
+ }
+
+ private static void doCheck(String capability) {
String blocked = System.getProperty(PROP_PREFIX + capability);
String[] blockedPackages = (blocked != null) ? blocked.split(",") : null;
@@ -31,21 +57,24 @@ public static void check(String capability) {
RuntimeCallGraph.recordPath(capability, appFrames);
}
- logFrames(capability, appFrames);
-
if (blockedPackages != null) {
String violator = findViolator(appFrames, blockedPackages);
if (violator != null) {
+ logFrames(capability, appFrames);
throw new SecurityException("[CAPSLOCK] " + capability + " blocked for " + violator);
}
}
}
+ private static final String POLICY_CHECKER_CLASS = PolicyChecker.class.getName();
+
private static List collectAppFrames() {
StackTraceElement[] stack = Thread.currentThread().getStackTrace();
List appFrames = new ArrayList<>();
for (int i = 2; i < stack.length; i++) {
- if (!JavaUtils.isJdkPackage(stack[i].getClassName())) {
+ String className = stack[i].getClassName();
+ // Filter out JDK packages and PolicyChecker itself (to avoid self-reference in logs)
+ if (!JavaUtils.isJdkPackage(className) && !className.equals(POLICY_CHECKER_CLASS)) {
appFrames.add(stack[i]);
}
}
diff --git a/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java b/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java
index 293f51a..6f3aef1 100644
--- a/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java
+++ b/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java
@@ -19,14 +19,14 @@
/**
* Static utility for mapping Java methods to capabilities.
- * Loads capability mappings once at startup from the interesting.cm format.
+ * Loads capability mappings once at startup from the .cm format.
* Format: method
*
- * Also loads safe function mappings that block capability inheritance.
- * Format: SAFE
+ * CAPABILITY_SAFE is special - it marks functions and their callees as safe.
*/
public final class CapabilityMapper {
public static final String DEFAULT_RESOURCE = "interesting/java-interesting.cm";
+ public static final String OPENJDK_SEC_MANAGER_RESOURCE = "interesting/openjdk-sec-manager.cm";
public static final String SAFE_FUNCTIONS_RESOURCE = "interesting/java-safe.cm";
private static final Logger LOGGER = Logger.getLogger(CapabilityMapper.class.getName());
@@ -39,88 +39,39 @@ public final class CapabilityMapper {
SAFE_METHODS = ConcurrentHashMap.newKeySet();
SAFE_CLASSES = ConcurrentHashMap.newKeySet();
loadDefaultMappings();
- loadSafeFunctions();
}
-
+
private CapabilityMapper() {
// Prevent instantiation
}
-
+
/**
- * Load default capability mappings from the classpath resource.
+ * Load default capability mappings from classpath resources.
+ * Loads manually crafted mappings, SecurityManager mappings, and safe function mappings.
*/
private static void loadDefaultMappings() {
+ // Load manually crafted mappings (required)
try {
loadFromResource(DEFAULT_RESOURCE);
} catch (IOException e) {
LOGGER.severe("Failed to load default capability mappings: " + e.getMessage());
}
- }
- /**
- * Load safe function mappings from the classpath resource.
- */
- private static void loadSafeFunctions() {
+ // Load auto-generated SecurityManager-derived mappings
try {
- loadSafeFromResource(SAFE_FUNCTIONS_RESOURCE);
+ loadFromResource(OPENJDK_SEC_MANAGER_RESOURCE);
} catch (IOException e) {
- LOGGER.warning("Failed to load safe function mappings: " + e.getMessage());
- // Not fatal - safe functions are optional
+ LOGGER.fine("OpenJDK SecurityManager mappings not found (optional): " + e.getMessage());
}
- }
- /**
- * Load safe function mappings from a classpath resource.
- */
- public static void loadSafeFromResource(String resourcePath) throws IOException {
- ClassLoader cl = CapabilityMapper.class.getClassLoader();
- InputStream is = (cl != null)
- ? cl.getResourceAsStream(resourcePath)
- : ClassLoader.getSystemResourceAsStream(resourcePath);
- if (is == null) {
- throw new IOException("Resource not found: " + resourcePath);
- }
-
- try (BufferedReader reader = new BufferedReader(new InputStreamReader(is))) {
- processSafeLines(reader.lines());
- LOGGER.info("Loaded safe function mappings from resource: " + resourcePath);
+ // Load safe function mappings
+ try {
+ loadFromResource(SAFE_FUNCTIONS_RESOURCE);
+ } catch (IOException e) {
+ LOGGER.fine("Safe function mappings not found (optional): " + e.getMessage());
}
}
- /**
- * Process lines from the safe functions file.
- */
- private static void processSafeLines(Stream lines) {
- lines.map(String::trim)
- .filter(line -> !line.isEmpty() && !line.startsWith("#"))
- .forEach(CapabilityMapper::parseSafeLine);
- }
-
- /**
- * Parse a single line from the safe functions file.
- * Format: SAFE .
- * Use * as wildcard for all methods in a class.
- */
- private static void parseSafeLine(String line) {
- String[] parts = line.split("\\s+");
- if (parts.length != 2 || !parts[0].equals("SAFE")) {
- LOGGER.warning("Invalid safe function line format: " + line);
- return;
- }
-
- String methodSignature = parts[1];
-
- // Check for wildcard (class.*)
- if (methodSignature.endsWith(".*")) {
- String className = methodSignature.substring(0, methodSignature.length() - 2);
- SAFE_CLASSES.add(className);
- LOGGER.fine("Added safe class: " + className);
- } else {
- SAFE_METHODS.add(methodSignature);
- LOGGER.fine("Added safe method: " + methodSignature);
- }
- }
-
/**
* Load additional capability mappings from a file.
* Can be called to supplement the default mappings.
@@ -168,10 +119,24 @@ private static void parseLine(String line) {
LOGGER.warning("Invalid line format: " + line);
return;
}
-
+
String methodSignature = parts[1];
String capabilityName = parts[2];
-
+
+ // Handle manually-crafted CAPABILITY_SAFE specially
+ // it goes into SAFE_METHODS/SAFE_CLASSES
+ if ("CAPABILITY_SAFE".equals(capabilityName)) {
+ if (methodSignature.endsWith(".*")) {
+ String className = methodSignature.substring(0, methodSignature.length() - 2);
+ SAFE_CLASSES.add(className);
+ LOGGER.fine("Added safe class: " + className);
+ } else {
+ SAFE_METHODS.add(methodSignature);
+ LOGGER.fine("Added safe method: " + methodSignature);
+ }
+ return;
+ }
+
try {
Capability capability = Capability.valueOf(capabilityName);
METHOD_CAPABILITIES.computeIfAbsent(methodSignature, k -> ConcurrentHashMap.newKeySet())
@@ -221,7 +186,7 @@ public static boolean hasCapability(String className, String methodName) {
/**
* Check if a method is marked as SAFE.
- * Safe methods block capability inheritance from their callees.
+ * Safe methods assumes also safe callees.
*
* @param className Fully qualified class name (e.g., "java.lang.String")
* @param methodName Method name (e.g., "length")
@@ -274,7 +239,6 @@ public static void reset() {
SAFE_METHODS.clear();
SAFE_CLASSES.clear();
loadDefaultMappings();
- loadSafeFunctions();
}
/**
diff --git a/core/src/main/resources/interesting/java-interesting.cm b/core/src/main/resources/interesting/java-interesting.cm
index 0ab1c20..aea721c 100644
--- a/core/src/main/resources/interesting/java-interesting.cm
+++ b/core/src/main/resources/interesting/java-interesting.cm
@@ -2,13 +2,6 @@
# Format: method
# Using standard Java notation with dots (.)
-# ===== java.awt =====
-method java.awt.Desktop.open CAPABILITY_EXEC
-method java.awt.Desktop.browse CAPABILITY_EXEC
-method java.awt.Desktop.mail CAPABILITY_EXEC
-method java.awt.Desktop.edit CAPABILITY_EXEC
-method java.awt.Desktop.print CAPABILITY_EXEC
-
# ===== java.io =====
method java.io.File.delete CAPABILITY_FILES
method java.io.File.length CAPABILITY_FILES
@@ -37,9 +30,11 @@ method java.lang.Class.newInstance CAPABILITY_REFLECT
method java.lang.ClassLoader.loadClass CAPABILITY_REFLECT
method java.lang.ClassLoader.defineClass CAPABILITY_REFLECT
+method java.lang.ClassLoader.defineClass CAPABILITY_ARBITRARY_EXECUTION
method java.lang.ClassLoader.findClass CAPABILITY_REFLECT
method java.lang.ProcessBuilder.start CAPABILITY_EXEC
+method java.lang.ProcessBuilder.start CAPABILITY_FILES
method java.lang.ProcessBuilder.command CAPABILITY_EXEC
method java.lang.ProcessBuilder. CAPABILITY_EXEC
method java.lang.ProcessBuilder.redirectInput CAPABILITY_EXEC
@@ -50,6 +45,7 @@ method java.lang.ProcessBuilder.redirectError CAPABILITY_EXEC
method java.lang.ProcessBuilder.redirectError CAPABILITY_FILES
method java.lang.Runtime.exec CAPABILITY_EXEC
+method java.lang.Runtime.exec CAPABILITY_FILES
method java.lang.Runtime.load CAPABILITY_CGO
method java.lang.Runtime.loadLibrary CAPABILITY_CGO
method java.lang.Runtime.getRuntime CAPABILITY_READ_SYSTEM_STATE
@@ -157,16 +153,16 @@ method java.nio.file.Files.size CAPABILITY_FILES
method java.nio.file.Files.isDirectory CAPABILITY_FILES
# ===== jdk.internal.misc =====
-method jdk.internal.misc.Unsafe.allocateMemory CAPABILITY_CGO
-method jdk.internal.misc.Unsafe.freeMemory CAPABILITY_CGO
-method jdk.internal.misc.Unsafe.setMemory CAPABILITY_CGO
-method jdk.internal.misc.Unsafe.copyMemory CAPABILITY_CGO
+method jdk.internal.misc.Unsafe.allocateMemory CAPABILITY_UNSAFE_POINTER
+method jdk.internal.misc.Unsafe.freeMemory CAPABILITY_UNSAFE_POINTER
+method jdk.internal.misc.Unsafe.setMemory CAPABILITY_UNSAFE_POINTER
+method jdk.internal.misc.Unsafe.copyMemory CAPABILITY_UNSAFE_POINTER
# ===== sun.misc =====
-method sun.misc.Unsafe.allocateMemory CAPABILITY_CGO
-method sun.misc.Unsafe.freeMemory CAPABILITY_CGO
-method sun.misc.Unsafe.putAddress CAPABILITY_CGO
-method sun.misc.Unsafe.getAddress CAPABILITY_CGO
+method sun.misc.Unsafe.allocateMemory CAPABILITY_UNSAFE_POINTER
+method sun.misc.Unsafe.freeMemory CAPABILITY_UNSAFE_POINTER
+method sun.misc.Unsafe.putAddress CAPABILITY_UNSAFE_POINTER
+method sun.misc.Unsafe.getAddress CAPABILITY_UNSAFE_POINTER
method sun.misc.Unsafe.allocateInstance CAPABILITY_UNSAFE_POINTER
method sun.misc.Unsafe.objectFieldOffset CAPABILITY_UNSAFE_POINTER
method sun.misc.Unsafe.compareAndSwapInt CAPABILITY_UNSAFE_POINTER
diff --git a/core/src/main/resources/interesting/java-safe.cm b/core/src/main/resources/interesting/java-safe.cm
index 9d952f5..5c9982e 100644
--- a/core/src/main/resources/interesting/java-safe.cm
+++ b/core/src/main/resources/interesting/java-safe.cm
@@ -1,8 +1,8 @@
# Java Safe Functions
-# Functions marked as SAFE block capability inheritance from callees.
+# Functions marked as CAPABILITY_SAFE block capability inheritance from callees.
# This is similar to Go CapsLock's CAPABILITY_SAFE marking.
#
-# Format: SAFE .
+# Format: method . CAPABILITY_SAFE
# Use * as wildcard for all methods in a class
#
# A SAFE function:
@@ -11,242 +11,295 @@
# - Is considered to have no security-relevant side effects
# java.lang.String - All string operations are safe
-SAFE java.lang.String.*
+method java.lang.String.* CAPABILITY_SAFE
# java.lang.Object - Basic object methods
-SAFE java.lang.Object.equals
-SAFE java.lang.Object.hashCode
-SAFE java.lang.Object.toString
-SAFE java.lang.Object.getClass
+method java.lang.Object.equals CAPABILITY_SAFE
+method java.lang.Object.hashCode CAPABILITY_SAFE
+method java.lang.Object.toString CAPABILITY_SAFE
+method java.lang.Object.getClass CAPABILITY_SAFE
# Primitive wrapper classes - value operations
-SAFE java.lang.Integer.valueOf
-SAFE java.lang.Integer.parseInt
-SAFE java.lang.Integer.intValue
-SAFE java.lang.Integer.toString
-SAFE java.lang.Integer.compareTo
-SAFE java.lang.Integer.equals
-SAFE java.lang.Integer.hashCode
-
-SAFE java.lang.Long.valueOf
-SAFE java.lang.Long.parseLong
-SAFE java.lang.Long.longValue
-SAFE java.lang.Long.toString
-SAFE java.lang.Long.compareTo
-SAFE java.lang.Long.equals
-SAFE java.lang.Long.hashCode
-
-SAFE java.lang.Double.valueOf
-SAFE java.lang.Double.parseDouble
-SAFE java.lang.Double.doubleValue
-SAFE java.lang.Double.toString
-SAFE java.lang.Double.compareTo
-SAFE java.lang.Double.equals
-SAFE java.lang.Double.hashCode
-SAFE java.lang.Double.isNaN
-SAFE java.lang.Double.isInfinite
-
-SAFE java.lang.Float.valueOf
-SAFE java.lang.Float.parseFloat
-SAFE java.lang.Float.floatValue
-SAFE java.lang.Float.toString
-SAFE java.lang.Float.compareTo
-SAFE java.lang.Float.equals
-SAFE java.lang.Float.hashCode
-SAFE java.lang.Float.isNaN
-SAFE java.lang.Float.isInfinite
-
-SAFE java.lang.Boolean.valueOf
-SAFE java.lang.Boolean.parseBoolean
-SAFE java.lang.Boolean.booleanValue
-SAFE java.lang.Boolean.toString
-SAFE java.lang.Boolean.compareTo
-SAFE java.lang.Boolean.equals
-SAFE java.lang.Boolean.hashCode
-
-SAFE java.lang.Byte.valueOf
-SAFE java.lang.Byte.parseByte
-SAFE java.lang.Byte.byteValue
-SAFE java.lang.Byte.toString
-
-SAFE java.lang.Short.valueOf
-SAFE java.lang.Short.parseShort
-SAFE java.lang.Short.shortValue
-SAFE java.lang.Short.toString
-
-SAFE java.lang.Character.valueOf
-SAFE java.lang.Character.charValue
-SAFE java.lang.Character.toString
-SAFE java.lang.Character.isDigit
-SAFE java.lang.Character.isLetter
-SAFE java.lang.Character.isWhitespace
-SAFE java.lang.Character.toLowerCase
-SAFE java.lang.Character.toUpperCase
+method java.lang.Integer.valueOf CAPABILITY_SAFE
+method java.lang.Integer.parseInt CAPABILITY_SAFE
+method java.lang.Integer.intValue CAPABILITY_SAFE
+method java.lang.Integer.toString CAPABILITY_SAFE
+method java.lang.Integer.compareTo CAPABILITY_SAFE
+method java.lang.Integer.equals CAPABILITY_SAFE
+method java.lang.Integer.hashCode CAPABILITY_SAFE
+
+method java.lang.Long.valueOf CAPABILITY_SAFE
+method java.lang.Long.parseLong CAPABILITY_SAFE
+method java.lang.Long.longValue CAPABILITY_SAFE
+method java.lang.Long.toString CAPABILITY_SAFE
+method java.lang.Long.compareTo CAPABILITY_SAFE
+method java.lang.Long.equals CAPABILITY_SAFE
+method java.lang.Long.hashCode CAPABILITY_SAFE
+
+method java.lang.Double.valueOf CAPABILITY_SAFE
+method java.lang.Double.parseDouble CAPABILITY_SAFE
+method java.lang.Double.doubleValue CAPABILITY_SAFE
+method java.lang.Double.toString CAPABILITY_SAFE
+method java.lang.Double.compareTo CAPABILITY_SAFE
+method java.lang.Double.equals CAPABILITY_SAFE
+method java.lang.Double.hashCode CAPABILITY_SAFE
+method java.lang.Double.isNaN CAPABILITY_SAFE
+method java.lang.Double.isInfinite CAPABILITY_SAFE
+
+method java.lang.Float.valueOf CAPABILITY_SAFE
+method java.lang.Float.parseFloat CAPABILITY_SAFE
+method java.lang.Float.floatValue CAPABILITY_SAFE
+method java.lang.Float.toString CAPABILITY_SAFE
+method java.lang.Float.compareTo CAPABILITY_SAFE
+method java.lang.Float.equals CAPABILITY_SAFE
+method java.lang.Float.hashCode CAPABILITY_SAFE
+method java.lang.Float.isNaN CAPABILITY_SAFE
+method java.lang.Float.isInfinite CAPABILITY_SAFE
+
+method java.lang.Boolean.valueOf CAPABILITY_SAFE
+method java.lang.Boolean.parseBoolean CAPABILITY_SAFE
+method java.lang.Boolean.booleanValue CAPABILITY_SAFE
+method java.lang.Boolean.toString CAPABILITY_SAFE
+method java.lang.Boolean.compareTo CAPABILITY_SAFE
+method java.lang.Boolean.equals CAPABILITY_SAFE
+method java.lang.Boolean.hashCode CAPABILITY_SAFE
+
+method java.lang.Byte.valueOf CAPABILITY_SAFE
+method java.lang.Byte.parseByte CAPABILITY_SAFE
+method java.lang.Byte.byteValue CAPABILITY_SAFE
+method java.lang.Byte.toString CAPABILITY_SAFE
+
+method java.lang.Short.valueOf CAPABILITY_SAFE
+method java.lang.Short.parseShort CAPABILITY_SAFE
+method java.lang.Short.shortValue CAPABILITY_SAFE
+method java.lang.Short.toString CAPABILITY_SAFE
+
+method java.lang.Character.valueOf CAPABILITY_SAFE
+method java.lang.Character.charValue CAPABILITY_SAFE
+method java.lang.Character.toString CAPABILITY_SAFE
+method java.lang.Character.isDigit CAPABILITY_SAFE
+method java.lang.Character.isLetter CAPABILITY_SAFE
+method java.lang.Character.isWhitespace CAPABILITY_SAFE
+method java.lang.Character.toLowerCase CAPABILITY_SAFE
+method java.lang.Character.toUpperCase CAPABILITY_SAFE
# java.lang.Math - All math operations are safe
-SAFE java.lang.Math.*
+method java.lang.Math.* CAPABILITY_SAFE
# java.lang.StrictMath - All strict math operations are safe
-SAFE java.lang.StrictMath.*
+method java.lang.StrictMath.* CAPABILITY_SAFE
# java.util.Objects - Utility methods
-SAFE java.util.Objects.requireNonNull
-SAFE java.util.Objects.equals
-SAFE java.util.Objects.deepEquals
-SAFE java.util.Objects.hashCode
-SAFE java.util.Objects.hash
-SAFE java.util.Objects.toString
-SAFE java.util.Objects.compare
-SAFE java.util.Objects.isNull
-SAFE java.util.Objects.nonNull
+method java.util.Objects.requireNonNull CAPABILITY_SAFE
+method java.util.Objects.equals CAPABILITY_SAFE
+method java.util.Objects.deepEquals CAPABILITY_SAFE
+method java.util.Objects.hashCode CAPABILITY_SAFE
+method java.util.Objects.hash CAPABILITY_SAFE
+method java.util.Objects.toString CAPABILITY_SAFE
+method java.util.Objects.compare CAPABILITY_SAFE
+method java.util.Objects.isNull CAPABILITY_SAFE
+method java.util.Objects.nonNull CAPABILITY_SAFE
# java.util.Optional - Safe container operations
-SAFE java.util.Optional.*
-SAFE java.util.OptionalInt.*
-SAFE java.util.OptionalLong.*
-SAFE java.util.OptionalDouble.*
+method java.util.Optional.* CAPABILITY_SAFE
+method java.util.OptionalInt.* CAPABILITY_SAFE
+method java.util.OptionalLong.* CAPABILITY_SAFE
+method java.util.OptionalDouble.* CAPABILITY_SAFE
# java.util.Arrays - Array utility methods (most are safe)
-SAFE java.util.Arrays.equals
-SAFE java.util.Arrays.deepEquals
-SAFE java.util.Arrays.hashCode
-SAFE java.util.Arrays.deepHashCode
-SAFE java.util.Arrays.toString
-SAFE java.util.Arrays.deepToString
-SAFE java.util.Arrays.binarySearch
-SAFE java.util.Arrays.copyOf
-SAFE java.util.Arrays.copyOfRange
-SAFE java.util.Arrays.fill
-SAFE java.util.Arrays.sort
-SAFE java.util.Arrays.asList
+method java.util.Arrays.equals CAPABILITY_SAFE
+method java.util.Arrays.deepEquals CAPABILITY_SAFE
+method java.util.Arrays.hashCode CAPABILITY_SAFE
+method java.util.Arrays.deepHashCode CAPABILITY_SAFE
+method java.util.Arrays.toString CAPABILITY_SAFE
+method java.util.Arrays.deepToString CAPABILITY_SAFE
+method java.util.Arrays.binarySearch CAPABILITY_SAFE
+method java.util.Arrays.copyOf CAPABILITY_SAFE
+method java.util.Arrays.copyOfRange CAPABILITY_SAFE
+method java.util.Arrays.fill CAPABILITY_SAFE
+method java.util.Arrays.sort CAPABILITY_SAFE
+method java.util.Arrays.asList CAPABILITY_SAFE
# java.util.Collections - Unmodifiable wrappers are safe
-SAFE java.util.Collections.unmodifiableCollection
-SAFE java.util.Collections.unmodifiableList
-SAFE java.util.Collections.unmodifiableSet
-SAFE java.util.Collections.unmodifiableMap
-SAFE java.util.Collections.unmodifiableSortedSet
-SAFE java.util.Collections.unmodifiableSortedMap
-SAFE java.util.Collections.emptyList
-SAFE java.util.Collections.emptySet
-SAFE java.util.Collections.emptyMap
-SAFE java.util.Collections.singleton
-SAFE java.util.Collections.singletonList
-SAFE java.util.Collections.singletonMap
-SAFE java.util.Collections.sort
-SAFE java.util.Collections.binarySearch
-SAFE java.util.Collections.reverse
-SAFE java.util.Collections.shuffle
-SAFE java.util.Collections.min
-SAFE java.util.Collections.max
+method java.util.Collections.unmodifiableCollection CAPABILITY_SAFE
+method java.util.Collections.unmodifiableList CAPABILITY_SAFE
+method java.util.Collections.unmodifiableSet CAPABILITY_SAFE
+method java.util.Collections.unmodifiableMap CAPABILITY_SAFE
+method java.util.Collections.unmodifiableSortedSet CAPABILITY_SAFE
+method java.util.Collections.unmodifiableSortedMap CAPABILITY_SAFE
+method java.util.Collections.emptyList CAPABILITY_SAFE
+method java.util.Collections.emptySet CAPABILITY_SAFE
+method java.util.Collections.emptyMap CAPABILITY_SAFE
+method java.util.Collections.singleton CAPABILITY_SAFE
+method java.util.Collections.singletonList CAPABILITY_SAFE
+method java.util.Collections.singletonMap CAPABILITY_SAFE
+method java.util.Collections.sort CAPABILITY_SAFE
+method java.util.Collections.binarySearch CAPABILITY_SAFE
+method java.util.Collections.reverse CAPABILITY_SAFE
+method java.util.Collections.shuffle CAPABILITY_SAFE
+method java.util.Collections.min CAPABILITY_SAFE
+method java.util.Collections.max CAPABILITY_SAFE
# Collection interface - Read-only operations
-SAFE java.util.Collection.size
-SAFE java.util.Collection.isEmpty
-SAFE java.util.Collection.contains
-SAFE java.util.Collection.containsAll
-SAFE java.util.Collection.iterator
-SAFE java.util.Collection.toArray
+method java.util.Collection.size CAPABILITY_SAFE
+method java.util.Collection.isEmpty CAPABILITY_SAFE
+method java.util.Collection.contains CAPABILITY_SAFE
+method java.util.Collection.containsAll CAPABILITY_SAFE
+method java.util.Collection.iterator CAPABILITY_SAFE
+method java.util.Collection.toArray CAPABILITY_SAFE
# List interface - Read-only operations
-SAFE java.util.List.get
-SAFE java.util.List.indexOf
-SAFE java.util.List.lastIndexOf
-SAFE java.util.List.subList
+method java.util.List.get CAPABILITY_SAFE
+method java.util.List.indexOf CAPABILITY_SAFE
+method java.util.List.lastIndexOf CAPABILITY_SAFE
+method java.util.List.subList CAPABILITY_SAFE
# Map interface - Read-only operations
-SAFE java.util.Map.size
-SAFE java.util.Map.isEmpty
-SAFE java.util.Map.containsKey
-SAFE java.util.Map.containsValue
-SAFE java.util.Map.get
-SAFE java.util.Map.getOrDefault
-SAFE java.util.Map.keySet
-SAFE java.util.Map.values
-SAFE java.util.Map.entrySet
+method java.util.Map.size CAPABILITY_SAFE
+method java.util.Map.isEmpty CAPABILITY_SAFE
+method java.util.Map.containsKey CAPABILITY_SAFE
+method java.util.Map.containsValue CAPABILITY_SAFE
+method java.util.Map.get CAPABILITY_SAFE
+method java.util.Map.getOrDefault CAPABILITY_SAFE
+method java.util.Map.keySet CAPABILITY_SAFE
+method java.util.Map.values CAPABILITY_SAFE
+method java.util.Map.entrySet CAPABILITY_SAFE
# Set interface - Read-only operations
-SAFE java.util.Set.size
-SAFE java.util.Set.isEmpty
-SAFE java.util.Set.contains
-SAFE java.util.Set.containsAll
-SAFE java.util.Set.iterator
-SAFE java.util.Set.toArray
+method java.util.Set.size CAPABILITY_SAFE
+method java.util.Set.isEmpty CAPABILITY_SAFE
+method java.util.Set.contains CAPABILITY_SAFE
+method java.util.Set.containsAll CAPABILITY_SAFE
+method java.util.Set.iterator CAPABILITY_SAFE
+method java.util.Set.toArray CAPABILITY_SAFE
# StringBuilder/StringBuffer - String building is safe
-SAFE java.lang.StringBuilder.*
-SAFE java.lang.StringBuffer.*
+method java.lang.StringBuilder.* CAPABILITY_SAFE
+method java.lang.StringBuffer.* CAPABILITY_SAFE
# java.util.regex - Pattern matching (read-only)
-SAFE java.util.regex.Pattern.compile
-SAFE java.util.regex.Pattern.matcher
-SAFE java.util.regex.Pattern.matches
-SAFE java.util.regex.Pattern.pattern
-SAFE java.util.regex.Pattern.flags
-SAFE java.util.regex.Matcher.matches
-SAFE java.util.regex.Matcher.find
-SAFE java.util.regex.Matcher.group
-SAFE java.util.regex.Matcher.start
-SAFE java.util.regex.Matcher.end
-SAFE java.util.regex.Matcher.reset
-SAFE java.util.regex.Matcher.replaceAll
-SAFE java.util.regex.Matcher.replaceFirst
+method java.util.regex.Pattern.compile CAPABILITY_SAFE
+method java.util.regex.Pattern.matcher CAPABILITY_SAFE
+method java.util.regex.Pattern.matches CAPABILITY_SAFE
+method java.util.regex.Pattern.pattern CAPABILITY_SAFE
+method java.util.regex.Pattern.flags CAPABILITY_SAFE
+method java.util.regex.Matcher.matches CAPABILITY_SAFE
+method java.util.regex.Matcher.find CAPABILITY_SAFE
+method java.util.regex.Matcher.group CAPABILITY_SAFE
+method java.util.regex.Matcher.start CAPABILITY_SAFE
+method java.util.regex.Matcher.end CAPABILITY_SAFE
+method java.util.regex.Matcher.reset CAPABILITY_SAFE
+method java.util.regex.Matcher.replaceAll CAPABILITY_SAFE
+method java.util.regex.Matcher.replaceFirst CAPABILITY_SAFE
# java.time - Immutable time classes are safe
-SAFE java.time.Instant.*
-SAFE java.time.LocalDate.*
-SAFE java.time.LocalTime.*
-SAFE java.time.LocalDateTime.*
-SAFE java.time.ZonedDateTime.*
-SAFE java.time.Duration.*
-SAFE java.time.Period.*
-SAFE java.time.ZoneId.*
-SAFE java.time.ZoneOffset.*
+method java.time.Instant.* CAPABILITY_SAFE
+method java.time.LocalDate.* CAPABILITY_SAFE
+method java.time.LocalTime.* CAPABILITY_SAFE
+method java.time.LocalDateTime.* CAPABILITY_SAFE
+method java.time.ZonedDateTime.* CAPABILITY_SAFE
+method java.time.Duration.* CAPABILITY_SAFE
+method java.time.Period.* CAPABILITY_SAFE
+method java.time.ZoneId.* CAPABILITY_SAFE
+method java.time.ZoneOffset.* CAPABILITY_SAFE
# java.math - BigInteger and BigDecimal are safe
-SAFE java.math.BigInteger.*
-SAFE java.math.BigDecimal.*
-SAFE java.math.MathContext.*
+method java.math.BigInteger.* CAPABILITY_SAFE
+method java.math.BigDecimal.* CAPABILITY_SAFE
+method java.math.MathContext.* CAPABILITY_SAFE
# java.util.UUID - UUID generation and parsing
-SAFE java.util.UUID.randomUUID
-SAFE java.util.UUID.fromString
-SAFE java.util.UUID.toString
-SAFE java.util.UUID.equals
-SAFE java.util.UUID.hashCode
-SAFE java.util.UUID.compareTo
+method java.util.UUID.randomUUID CAPABILITY_SAFE
+method java.util.UUID.fromString CAPABILITY_SAFE
+method java.util.UUID.toString CAPABILITY_SAFE
+method java.util.UUID.equals CAPABILITY_SAFE
+method java.util.UUID.hashCode CAPABILITY_SAFE
+method java.util.UUID.compareTo CAPABILITY_SAFE
# java.nio - Buffer read operations
-SAFE java.nio.Buffer.position
-SAFE java.nio.Buffer.limit
-SAFE java.nio.Buffer.capacity
-SAFE java.nio.Buffer.remaining
-SAFE java.nio.Buffer.hasRemaining
-SAFE java.nio.ByteBuffer.get
-SAFE java.nio.ByteBuffer.getInt
-SAFE java.nio.ByteBuffer.getLong
-SAFE java.nio.ByteBuffer.getDouble
-SAFE java.nio.ByteBuffer.wrap
-SAFE java.nio.ByteBuffer.allocate
+method java.nio.Buffer.position CAPABILITY_SAFE
+method java.nio.Buffer.limit CAPABILITY_SAFE
+method java.nio.Buffer.capacity CAPABILITY_SAFE
+method java.nio.Buffer.remaining CAPABILITY_SAFE
+method java.nio.Buffer.hasRemaining CAPABILITY_SAFE
+method java.nio.ByteBuffer.get CAPABILITY_SAFE
+method java.nio.ByteBuffer.getInt CAPABILITY_SAFE
+method java.nio.ByteBuffer.getLong CAPABILITY_SAFE
+method java.nio.ByteBuffer.getDouble CAPABILITY_SAFE
+method java.nio.ByteBuffer.wrap CAPABILITY_SAFE
+method java.nio.ByteBuffer.allocate CAPABILITY_SAFE
# Logging frameworks - Logging is generally safe
-SAFE java.util.logging.Logger.info
-SAFE java.util.logging.Logger.warning
-SAFE java.util.logging.Logger.severe
-SAFE java.util.logging.Logger.fine
-SAFE java.util.logging.Logger.finer
-SAFE java.util.logging.Logger.finest
-SAFE java.util.logging.Logger.log
-SAFE java.util.logging.Logger.isLoggable
+method java.util.logging.Logger.info CAPABILITY_SAFE
+method java.util.logging.Logger.warning CAPABILITY_SAFE
+method java.util.logging.Logger.severe CAPABILITY_SAFE
+method java.util.logging.Logger.fine CAPABILITY_SAFE
+method java.util.logging.Logger.finer CAPABILITY_SAFE
+method java.util.logging.Logger.finest CAPABILITY_SAFE
+method java.util.logging.Logger.log CAPABILITY_SAFE
+method java.util.logging.Logger.isLoggable CAPABILITY_SAFE
# Common third-party logging (if used)
-SAFE org.slf4j.Logger.info
-SAFE org.slf4j.Logger.warn
-SAFE org.slf4j.Logger.error
-SAFE org.slf4j.Logger.debug
-SAFE org.slf4j.Logger.trace
-SAFE org.slf4j.Logger.isInfoEnabled
-SAFE org.slf4j.Logger.isDebugEnabled
-SAFE org.slf4j.Logger.isWarnEnabled
-SAFE org.slf4j.Logger.isErrorEnabled
-SAFE org.slf4j.Logger.isTraceEnabled
+method org.slf4j.Logger.info CAPABILITY_SAFE
+method org.slf4j.Logger.warn CAPABILITY_SAFE
+method org.slf4j.Logger.error CAPABILITY_SAFE
+method org.slf4j.Logger.debug CAPABILITY_SAFE
+method org.slf4j.Logger.trace CAPABILITY_SAFE
+method org.slf4j.Logger.isInfoEnabled CAPABILITY_SAFE
+method org.slf4j.Logger.isDebugEnabled CAPABILITY_SAFE
+method org.slf4j.Logger.isWarnEnabled CAPABILITY_SAFE
+method org.slf4j.Logger.isErrorEnabled CAPABILITY_SAFE
+method org.slf4j.Logger.isTraceEnabled CAPABILITY_SAFE
+
+# java.util.Iterator - Read-only iteration
+method java.util.Iterator.hasNext CAPABILITY_SAFE
+method java.util.Iterator.next CAPABILITY_SAFE
+
+# java.lang.Enum - Enum utilities (pure)
+method java.lang.Enum.name CAPABILITY_SAFE
+method java.lang.Enum.ordinal CAPABILITY_SAFE
+method java.lang.Enum.valueOf CAPABILITY_SAFE
+method java.lang.Enum.toString CAPABILITY_SAFE
+method java.lang.Enum.equals CAPABILITY_SAFE
+method java.lang.Enum.hashCode CAPABILITY_SAFE
+method java.lang.Enum.compareTo CAPABILITY_SAFE
+
+# java.util.Locale - Locale metadata
+method java.util.Locale.* CAPABILITY_SAFE
+
+# java.nio.charset.Charset - Charset metadata
+method java.nio.charset.Charset.forName CAPABILITY_SAFE
+method java.nio.charset.Charset.defaultCharset CAPABILITY_SAFE
+method java.nio.charset.Charset.availableCharsets CAPABILITY_SAFE
+method java.nio.charset.Charset.isSupported CAPABILITY_SAFE
+method java.nio.charset.Charset.name CAPABILITY_SAFE
+method java.nio.charset.Charset.aliases CAPABILITY_SAFE
+method java.nio.charset.Charset.displayName CAPABILITY_SAFE
+method java.nio.charset.Charset.contains CAPABILITY_SAFE
+method java.nio.charset.Charset.newEncoder CAPABILITY_SAFE
+method java.nio.charset.Charset.newDecoder CAPABILITY_SAFE
+method java.nio.charset.Charset.encode CAPABILITY_SAFE
+method java.nio.charset.Charset.decode CAPABILITY_SAFE
+
+# java.util.Base64 - Pure encoding/decoding
+method java.util.Base64.getEncoder CAPABILITY_SAFE
+method java.util.Base64.getDecoder CAPABILITY_SAFE
+method java.util.Base64.getMimeEncoder CAPABILITY_SAFE
+method java.util.Base64.getMimeDecoder CAPABILITY_SAFE
+method java.util.Base64.getUrlEncoder CAPABILITY_SAFE
+method java.util.Base64.getUrlDecoder CAPABILITY_SAFE
+method java.util.Base64$Encoder.encode CAPABILITY_SAFE
+method java.util.Base64$Encoder.encodeToString CAPABILITY_SAFE
+method java.util.Base64$Decoder.decode CAPABILITY_SAFE
+
+# java.net.URI - URI parsing (no network, unlike URL)
+method java.net.URI.* CAPABILITY_SAFE
+
+# java.util.StringJoiner - Pure string building
+method java.util.StringJoiner.* CAPABILITY_SAFE
+
+# java.text.MessageFormat - Pure string formatting
+method java.text.MessageFormat.format CAPABILITY_SAFE
+method java.text.MessageFormat.parse CAPABILITY_SAFE
+method java.text.MessageFormat.toPattern CAPABILITY_SAFE
+method java.text.MessageFormat.applyPattern CAPABILITY_SAFE
\ No newline at end of file
diff --git a/core/src/main/resources/interesting/openjdk-sec-manager.cm b/core/src/main/resources/interesting/openjdk-sec-manager.cm
new file mode 100644
index 0000000..a2844e4
--- /dev/null
+++ b/core/src/main/resources/interesting/openjdk-sec-manager.cm
@@ -0,0 +1,450 @@
+# OpenJDK SecurityManager-Derived Capability Mappings
+#
+# Generated from SecurityManager.check* call site analysis in OpenJDK 11 and 17 source.
+# These mappings represent methods that historically required security permissions in the security manager
+#
+# Sources:
+# - https://github.com/openjdk/jdk8u (JDK 8)
+# - https://github.com/openjdk/jdk11u (JDK 11)
+# - https://github.com/openjdk/jdk17u (JDK 17)
+# - https://github.com/openjdk/jdk (JDK 22/24) --> only for unsafe.
+#
+# Methodology: Analyzed SecurityManager.check* calls to map to capabilities
+#
+# Note on JDK 22+: SecurityManager was deprecated for removal in JDK 17 and
+# removed in JDK 24. @Restricted (an internal marker used by the JDK) is used to
+# label restricted methods: Java SE methods whose misuse can violate JVM
+# integrity (crashes, memory corruption) or otherwise cross the Java runtime
+# boundary in a way the runtime can’t validate --> NATIVE
+#
+# SecurityManager Method -> Capability Mapping:
+# checkRead -> CAPABILITY_FILES
+# checkWrite -> CAPABILITY_FILES
+# checkDelete -> CAPABILITY_FILES
+# checkConnect -> CAPABILITY_NETWORK
+# checkListen -> CAPABILITY_NETWORK
+# checkAccept -> CAPABILITY_NETWORK
+# checkExec -> CAPABILITY_EXEC
+# checkLink -> CAPABILITY_CGO
+# checkPropertyAccess -> CAPABILITY_READ_SYSTEM_STATE
+# checkPropertiesAccess -> CAPABILITY_READ_SYSTEM_STATE
+# checkPermission(getenv) -> CAPABILITY_READ_SYSTEM_STATE
+# checkSetFactory -> CAPABILITY_MODIFY_SYSTEM_STATE
+# checkCreateClassLoader -> CAPABILITY_ARBITRARY_EXECUTION
+# checkAccess(Thread) -> CAPABILITY_RUNTIME
+# checkAccess(ThreadGroup) -> CAPABILITY_RUNTIME
+# checkExit -> CAPABILITY_OPERATING_SYSTEM
+# checkMemberAccess -> CAPABILITY_REFLECT
+# checkPermission(ReflectPermission) -> CAPABILITY_REFLECT
+
+# ===== CAPABILITY_FILES =====
+# From: java.io.File (checkRead/checkWrite/checkDelete)
+method java.io.File.canRead CAPABILITY_FILES
+method java.io.File.canWrite CAPABILITY_FILES
+method java.io.File.exists CAPABILITY_FILES
+method java.io.File.isDirectory CAPABILITY_FILES
+method java.io.File.isFile CAPABILITY_FILES
+method java.io.File.isHidden CAPABILITY_FILES
+method java.io.File.lastModified CAPABILITY_FILES
+method java.io.File.length CAPABILITY_FILES
+method java.io.File.createNewFile CAPABILITY_FILES
+method java.io.File.delete CAPABILITY_FILES
+method java.io.File.deleteOnExit CAPABILITY_FILES
+method java.io.File.list CAPABILITY_FILES
+method java.io.File.listFiles CAPABILITY_FILES
+method java.io.File.renameTo CAPABILITY_FILES
+method java.io.File.setLastModified CAPABILITY_FILES
+method java.io.File.setReadOnly CAPABILITY_FILES
+method java.io.File.setWritable CAPABILITY_FILES
+method java.io.File.setReadable CAPABILITY_FILES
+method java.io.File.setExecutable CAPABILITY_FILES
+method java.io.File.canExecute CAPABILITY_FILES
+method java.io.File.getTotalSpace CAPABILITY_FILES
+method java.io.File.getFreeSpace CAPABILITY_FILES
+method java.io.File.getUsableSpace CAPABILITY_FILES
+method java.io.File.createTempFile CAPABILITY_FILES
+method java.io.File.mkdir CAPABILITY_FILES
+method java.io.File.mkdirs CAPABILITY_FILES
+
+# From: java.io.FileInputStream (checkRead)
+method java.io.FileInputStream. CAPABILITY_FILES
+
+# From: java.io.FileOutputStream (checkWrite)
+method java.io.FileOutputStream. CAPABILITY_FILES
+
+# From: java.io.RandomAccessFile (checkRead/checkWrite)
+method java.io.RandomAccessFile. CAPABILITY_FILES
+
+# From: java.nio.file.Files (checkRead/checkWrite/checkDelete)
+method java.nio.file.Files.newInputStream CAPABILITY_FILES
+method java.nio.file.Files.newOutputStream CAPABILITY_FILES
+method java.nio.file.Files.newByteChannel CAPABILITY_FILES
+method java.nio.file.Files.newDirectoryStream CAPABILITY_FILES
+method java.nio.file.Files.createFile CAPABILITY_FILES
+method java.nio.file.Files.createDirectory CAPABILITY_FILES
+method java.nio.file.Files.createDirectories CAPABILITY_FILES
+method java.nio.file.Files.createTempFile CAPABILITY_FILES
+method java.nio.file.Files.createTempDirectory CAPABILITY_FILES
+method java.nio.file.Files.createSymbolicLink CAPABILITY_FILES
+method java.nio.file.Files.createLink CAPABILITY_FILES
+method java.nio.file.Files.delete CAPABILITY_FILES
+method java.nio.file.Files.deleteIfExists CAPABILITY_FILES
+method java.nio.file.Files.copy CAPABILITY_FILES
+method java.nio.file.Files.move CAPABILITY_FILES
+method java.nio.file.Files.getFileStore CAPABILITY_FILES
+method java.nio.file.Files.isSameFile CAPABILITY_FILES
+method java.nio.file.Files.isHidden CAPABILITY_FILES
+method java.nio.file.Files.getFileAttributeView CAPABILITY_FILES
+method java.nio.file.Files.readAttributes CAPABILITY_FILES
+method java.nio.file.Files.setAttribute CAPABILITY_FILES
+method java.nio.file.Files.getAttribute CAPABILITY_FILES
+method java.nio.file.Files.getPosixFilePermissions CAPABILITY_FILES
+method java.nio.file.Files.setPosixFilePermissions CAPABILITY_FILES
+method java.nio.file.Files.getOwner CAPABILITY_FILES
+method java.nio.file.Files.setOwner CAPABILITY_FILES
+method java.nio.file.Files.exists CAPABILITY_FILES
+method java.nio.file.Files.notExists CAPABILITY_FILES
+method java.nio.file.Files.isReadable CAPABILITY_FILES
+method java.nio.file.Files.isWritable CAPABILITY_FILES
+method java.nio.file.Files.isExecutable CAPABILITY_FILES
+method java.nio.file.Files.readAllBytes CAPABILITY_FILES
+method java.nio.file.Files.readString CAPABILITY_FILES
+method java.nio.file.Files.readAllLines CAPABILITY_FILES
+method java.nio.file.Files.write CAPABILITY_FILES
+method java.nio.file.Files.lines CAPABILITY_FILES
+method java.nio.file.Files.list CAPABILITY_FILES
+method java.nio.file.Files.walk CAPABILITY_FILES
+method java.nio.file.Files.find CAPABILITY_FILES
+method java.nio.file.Files.size CAPABILITY_FILES
+method java.nio.file.Files.isRegularFile CAPABILITY_FILES
+method java.nio.file.Files.isSymbolicLink CAPABILITY_FILES
+method java.nio.file.Files.getLastModifiedTime CAPABILITY_FILES
+method java.nio.file.Files.setLastModifiedTime CAPABILITY_FILES
+method java.nio.file.Files.probeContentType CAPABILITY_FILES
+method java.nio.file.Files.readSymbolicLink CAPABILITY_FILES
+method java.nio.file.Files.newBufferedReader CAPABILITY_FILES
+method java.nio.file.Files.newBufferedWriter CAPABILITY_FILES
+method java.nio.file.Files.writeString CAPABILITY_FILES
+method java.nio.file.Files.mismatch CAPABILITY_FILES
+
+# ===== CAPABILITY_NETWORK =====
+# From: java.net.Socket (checkConnect/checkListen)
+method java.net.Socket. CAPABILITY_NETWORK
+method java.net.Socket.connect CAPABILITY_NETWORK
+method java.net.Socket.bind CAPABILITY_NETWORK
+method java.net.Socket.getLocalAddress CAPABILITY_NETWORK
+method java.net.Socket.setSocketImplFactory CAPABILITY_NETWORK
+
+# From: java.net.ServerSocket (checkListen/checkAccept/checkConnect)
+method java.net.ServerSocket. CAPABILITY_NETWORK
+method java.net.ServerSocket.bind CAPABILITY_NETWORK
+method java.net.ServerSocket.accept CAPABILITY_NETWORK
+method java.net.ServerSocket.getInetAddress CAPABILITY_NETWORK
+method java.net.ServerSocket.setSocketFactory CAPABILITY_NETWORK
+
+# From: java.net.DatagramSocket (checkListen/checkConnect/checkAccept/checkMulticast)
+method java.net.DatagramSocket. CAPABILITY_NETWORK
+method java.net.DatagramSocket.bind CAPABILITY_NETWORK
+method java.net.DatagramSocket.connect CAPABILITY_NETWORK
+method java.net.DatagramSocket.send CAPABILITY_NETWORK
+method java.net.DatagramSocket.receive CAPABILITY_NETWORK
+method java.net.DatagramSocket.getLocalAddress CAPABILITY_NETWORK
+method java.net.DatagramSocket.setDatagramSocketImplFactory CAPABILITY_NETWORK
+
+# From: java.net.MulticastSocket
+method java.net.MulticastSocket. CAPABILITY_NETWORK
+method java.net.MulticastSocket.joinGroup CAPABILITY_NETWORK
+method java.net.MulticastSocket.leaveGroup CAPABILITY_NETWORK
+method java.net.MulticastSocket.setInterface CAPABILITY_NETWORK
+method java.net.MulticastSocket.setNetworkInterface CAPABILITY_NETWORK
+
+# From: java.net.InetAddress (checkConnect)
+method java.net.InetAddress.getHostName CAPABILITY_NETWORK
+method java.net.InetAddress.getCanonicalHostName CAPABILITY_NETWORK
+method java.net.InetAddress.getByName CAPABILITY_NETWORK
+method java.net.InetAddress.getAllByName CAPABILITY_NETWORK
+method java.net.InetAddress.getLocalHost CAPABILITY_NETWORK
+
+# From: java.net.URL (checkConnect/checkSetFactory)
+method java.net.URL.openConnection CAPABILITY_NETWORK
+method java.net.URL.openStream CAPABILITY_NETWORK
+method java.net.URL.setURLStreamHandlerFactory CAPABILITY_NETWORK
+
+# From: java.net.URLConnection (checkSetFactory)
+method java.net.URLConnection.setFileNameMap CAPABILITY_NETWORK
+method java.net.URLConnection.setContentHandlerFactory CAPABILITY_NETWORK
+
+# From: java.net.http.HttpClient (JDK 11+, URLPermission)
+method java.net.http.HttpClient.send CAPABILITY_NETWORK
+method java.net.http.HttpClient.sendAsync CAPABILITY_NETWORK
+method java.net.http.HttpClient.newHttpClient CAPABILITY_NETWORK
+method java.net.http.HttpClient.newBuilder CAPABILITY_NETWORK
+
+# ===== CAPABILITY_RUNTIME =====
+# From: java.lang.Thread (checkAccess)
+method java.lang.Thread.stop CAPABILITY_RUNTIME
+method java.lang.Thread.destroy CAPABILITY_RUNTIME
+method java.lang.Thread.interrupt CAPABILITY_RUNTIME
+method java.lang.Thread.suspend CAPABILITY_RUNTIME
+method java.lang.Thread.resume CAPABILITY_RUNTIME
+method java.lang.Thread.setPriority CAPABILITY_RUNTIME
+method java.lang.Thread.setName CAPABILITY_RUNTIME
+method java.lang.Thread.setDaemon CAPABILITY_RUNTIME
+method java.lang.Thread.checkAccess CAPABILITY_RUNTIME
+method java.lang.Thread.getContextClassLoader CAPABILITY_RUNTIME
+method java.lang.Thread.setContextClassLoader CAPABILITY_RUNTIME
+method java.lang.Thread.getStackTrace CAPABILITY_RUNTIME
+method java.lang.Thread.getAllStackTraces CAPABILITY_RUNTIME
+method java.lang.Thread.setDefaultUncaughtExceptionHandler CAPABILITY_RUNTIME
+method java.lang.Thread.setUncaughtExceptionHandler CAPABILITY_RUNTIME
+
+# From: java.lang.ThreadGroup (checkAccess)
+method java.lang.ThreadGroup.getParent CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.checkAccess CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.enumerate CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.setDaemon CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.setMaxPriority CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.stop CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.suspend CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.interrupt CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.resume CAPABILITY_RUNTIME
+method java.lang.ThreadGroup.destroy CAPABILITY_RUNTIME
+
+# From: java.lang.Runtime (memory/gc related)
+method java.lang.Runtime.gc CAPABILITY_RUNTIME
+method java.lang.Runtime.freeMemory CAPABILITY_RUNTIME
+method java.lang.Runtime.totalMemory CAPABILITY_RUNTIME
+method java.lang.Runtime.maxMemory CAPABILITY_RUNTIME
+method java.lang.Runtime.addShutdownHook CAPABILITY_RUNTIME
+method java.lang.Runtime.removeShutdownHook CAPABILITY_RUNTIME
+
+# From: java.lang.System
+method java.lang.System.gc CAPABILITY_RUNTIME
+method java.lang.System.runFinalization CAPABILITY_RUNTIME
+method java.lang.System.runFinalizersOnExit CAPABILITY_RUNTIME
+
+# From: java.lang.Runtime (deprecated JDK 8)
+method java.lang.Runtime.runFinalizersOnExit CAPABILITY_RUNTIME
+
+# ===== CAPABILITY_READ_SYSTEM_STATE =====
+# From: java.lang.System (checkPropertyAccess/checkPropertiesAccess/getenv)
+method java.lang.System.getProperties CAPABILITY_READ_SYSTEM_STATE
+method java.lang.System.getProperty CAPABILITY_READ_SYSTEM_STATE
+method java.lang.System.getenv CAPABILITY_READ_SYSTEM_STATE
+method java.lang.System.lineSeparator CAPABILITY_READ_SYSTEM_STATE
+method java.lang.System.console CAPABILITY_READ_SYSTEM_STATE
+
+# From: java.lang.Runtime
+method java.lang.Runtime.availableProcessors CAPABILITY_READ_SYSTEM_STATE
+method java.lang.Runtime.getRuntime CAPABILITY_READ_SYSTEM_STATE
+method java.lang.Runtime.version CAPABILITY_READ_SYSTEM_STATE
+
+# From: java.lang.ProcessBuilder (getenv)
+method java.lang.ProcessBuilder.environment CAPABILITY_READ_SYSTEM_STATE
+
+# From: java.lang.ProcessHandle
+method java.lang.ProcessHandle.current CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.of CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.allProcesses CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.info CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.pid CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.parent CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.children CAPABILITY_READ_SYSTEM_STATE
+method java.lang.ProcessHandle.descendants CAPABILITY_READ_SYSTEM_STATE
+
+# From: java.net.NetworkInterface (getNetworkInformation permission)
+method java.net.NetworkInterface.getInetAddresses CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.inetAddresses CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getInterfaceAddresses CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getHardwareAddress CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getNetworkInterfaces CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getByName CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getByIndex CAPABILITY_READ_SYSTEM_STATE
+method java.net.NetworkInterface.getByInetAddress CAPABILITY_READ_SYSTEM_STATE
+
+# ===== CAPABILITY_MODIFY_SYSTEM_STATE =====
+# From: java.lang.System (checkPropertiesAccess/setIO)
+method java.lang.System.setProperties CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.setProperty CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.clearProperty CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.setIn CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.setOut CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.setErr CAPABILITY_MODIFY_SYSTEM_STATE
+method java.lang.System.setSecurityManager CAPABILITY_MODIFY_SYSTEM_STATE
+
+# From: various setFactory methods (checkSetFactory)
+method java.net.Socket.setSocketImplFactory CAPABILITY_MODIFY_SYSTEM_STATE
+method java.net.ServerSocket.setSocketFactory CAPABILITY_MODIFY_SYSTEM_STATE
+method java.net.DatagramSocket.setDatagramSocketImplFactory CAPABILITY_MODIFY_SYSTEM_STATE
+method java.net.URL.setURLStreamHandlerFactory CAPABILITY_MODIFY_SYSTEM_STATE
+method java.net.URLConnection.setFileNameMap CAPABILITY_MODIFY_SYSTEM_STATE
+method java.net.URLConnection.setContentHandlerFactory CAPABILITY_MODIFY_SYSTEM_STATE
+
+# ===== CAPABILITY_OPERATING_SYSTEM =====
+# From: java.lang.Runtime (checkExit)
+method java.lang.Runtime.exit CAPABILITY_OPERATING_SYSTEM
+method java.lang.Runtime.halt CAPABILITY_OPERATING_SYSTEM
+
+# From: java.lang.System
+method java.lang.System.exit CAPABILITY_OPERATING_SYSTEM
+
+# From: java.awt.Desktop (checkExit for quit handlers)
+method java.awt.Desktop.setQuitHandler CAPABILITY_OPERATING_SYSTEM
+method java.awt.Desktop.setQuitStrategy CAPABILITY_OPERATING_SYSTEM
+method java.awt.Desktop.enableSuddenTermination CAPABILITY_OPERATING_SYSTEM
+method java.awt.Desktop.disableSuddenTermination CAPABILITY_OPERATING_SYSTEM
+method java.awt.Desktop.moveToTrash CAPABILITY_OPERATING_SYSTEM
+method java.awt.Desktop.open CAPABILITY_EXEC
+method java.awt.Desktop.browse CAPABILITY_EXEC
+method java.awt.Desktop.mail CAPABILITY_EXEC
+method java.awt.Desktop.edit CAPABILITY_EXEC
+method java.awt.Desktop.print CAPABILITY_EXEC
+
+# ===== CAPABILITY_ARBITRARY_EXECUTION =====
+# From: java.lang.ClassLoader (checkCreateClassLoader)
+method java.lang.ClassLoader. CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.ClassLoader.defineClass CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.ClassLoader.getParent CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.ClassLoader.getPlatformClassLoader CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.ClassLoader.getSystemClassLoader CAPABILITY_ARBITRARY_EXECUTION
+
+# From: java.net.URLClassLoader
+method java.net.URLClassLoader. CAPABILITY_ARBITRARY_EXECUTION
+method java.net.URLClassLoader.newInstance CAPABILITY_ARBITRARY_EXECUTION
+method java.net.URLClassLoader.addURL CAPABILITY_ARBITRARY_EXECUTION
+
+# From: java.lang.Class.forName (with custom classloader)
+method java.lang.Class.forName CAPABILITY_ARBITRARY_EXECUTION
+
+# From: java.lang.invoke.MethodHandles.Lookup (RuntimePermission defineClass)
+method java.lang.invoke.MethodHandles$Lookup.defineClass CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.invoke.MethodHandles$Lookup.defineHiddenClass CAPABILITY_ARBITRARY_EXECUTION
+method java.lang.invoke.MethodHandles$Lookup.defineHiddenClassWithClassData CAPABILITY_ARBITRARY_EXECUTION
+
+# ===== CAPABILITY_CGO =====
+# From: java.lang.Runtime (checkLink)
+method java.lang.Runtime.load CAPABILITY_CGO
+method java.lang.Runtime.loadLibrary CAPABILITY_CGO
+
+# From: java.lang.System (checkLink)
+method java.lang.System.load CAPABILITY_CGO
+method java.lang.System.loadLibrary CAPABILITY_CGO
+method java.lang.System.mapLibraryName CAPABILITY_CGO
+
+# From: java.lang.foreign (JDK 21+?, @Restricted - requires native access)
+method java.lang.foreign.Linker.nativeLinker CAPABILITY_CGO
+method java.lang.foreign.Linker.downcallHandle CAPABILITY_CGO
+method java.lang.foreign.Linker.upcallStub CAPABILITY_CGO
+method java.lang.foreign.SymbolLookup.libraryLookup CAPABILITY_CGO
+# These allocate / access memory, for passing but don't call anything.
+method java.lang.foreign.MemorySegment.reinterpret CAPABILITY_UNSAFE_POINTER
+method java.lang.foreign.Arena.ofAuto CAPABILITY_UNSAFE_POINTER
+method java.lang.foreign.Arena.ofConfined CAPABILITY_UNSAFE_POINTER
+method java.lang.foreign.Arena.ofShared CAPABILITY_UNSAFE_POINTER
+method java.lang.foreign.Arena.global CAPABILITY_UNSAFE_POINTER
+
+# ===== CAPABILITY_EXEC =====
+# From: java.lang.Runtime (checkExec)
+# NOTE: exec() also requires RUNTIME because JDK internally creates daemon threads
+method java.lang.Runtime.exec CAPABILITY_EXEC
+method java.lang.Runtime.exec CAPABILITY_RUNTIME
+
+# From: java.lang.ProcessBuilder (checkExec)
+# NOTE: start() also requires RUNTIME because JDK internally creates daemon threads
+method java.lang.ProcessBuilder. CAPABILITY_EXEC
+method java.lang.ProcessBuilder.start CAPABILITY_EXEC
+method java.lang.ProcessBuilder.start CAPABILITY_RUNTIME
+method java.lang.ProcessBuilder.command CAPABILITY_EXEC
+method java.lang.ProcessBuilder.startPipeline CAPABILITY_EXEC
+method java.lang.ProcessBuilder.startPipeline CAPABILITY_RUNTIME
+
+# From: java.io.File (canExecute uses checkExec)
+method java.io.File.canExecute CAPABILITY_EXEC
+
+# From: java.nio.file.Files (isExecutable)
+method java.nio.file.Files.isExecutable CAPABILITY_EXEC
+
+# From: java.awt.Desktop
+method java.awt.Desktop.open CAPABILITY_EXEC
+method java.awt.Desktop.edit CAPABILITY_EXEC
+method java.awt.Desktop.print CAPABILITY_EXEC
+method java.awt.Desktop.browse CAPABILITY_EXEC
+method java.awt.Desktop.mail CAPABILITY_EXEC
+method java.awt.Desktop.browseFileDirectory CAPABILITY_EXEC
+
+# ===== CAPABILITY_REFLECT =====
+# From: java.lang.Class (checkMemberAccess)
+method java.lang.Class.getField CAPABILITY_REFLECT
+method java.lang.Class.getFields CAPABILITY_REFLECT
+method java.lang.Class.getMethods CAPABILITY_REFLECT
+method java.lang.Class.getMethod CAPABILITY_REFLECT
+method java.lang.Class.getConstructors CAPABILITY_REFLECT
+method java.lang.Class.getConstructor CAPABILITY_REFLECT
+method java.lang.Class.getClasses CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredClasses CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredFields CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredField CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredMethods CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredMethod CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredConstructors CAPABILITY_REFLECT
+method java.lang.Class.getDeclaredConstructor CAPABILITY_REFLECT
+method java.lang.Class.getEnclosingMethod CAPABILITY_REFLECT
+method java.lang.Class.getEnclosingConstructor CAPABILITY_REFLECT
+method java.lang.Class.getDeclaringClass CAPABILITY_REFLECT
+method java.lang.Class.getEnclosingClass CAPABILITY_REFLECT
+method java.lang.Class.getProtectionDomain CAPABILITY_REFLECT
+method java.lang.Class.getNestHost CAPABILITY_REFLECT
+method java.lang.Class.getNestMembers CAPABILITY_REFLECT
+method java.lang.Class.newInstance CAPABILITY_REFLECT
+method java.lang.Class.getClassLoader CAPABILITY_REFLECT
+method java.lang.Class.forName CAPABILITY_REFLECT
+
+# From: java.lang.reflect.AccessibleObject (checkPermission ReflectPermission)
+method java.lang.reflect.AccessibleObject.setAccessible CAPABILITY_REFLECT
+method java.lang.reflect.AccessibleObject.trySetAccessible CAPABILITY_REFLECT
+
+# From: java.lang.reflect.Field
+method java.lang.reflect.Field.setAccessible CAPABILITY_REFLECT
+method java.lang.reflect.Field.get CAPABILITY_REFLECT
+method java.lang.reflect.Field.set CAPABILITY_REFLECT
+
+# From: java.lang.reflect.Method
+method java.lang.reflect.Method.setAccessible CAPABILITY_REFLECT
+method java.lang.reflect.Method.invoke CAPABILITY_REFLECT
+
+# From: java.lang.reflect.Constructor
+method java.lang.reflect.Constructor.setAccessible CAPABILITY_REFLECT
+method java.lang.reflect.Constructor.newInstance CAPABILITY_REFLECT
+
+# From: java.lang.reflect.Proxy
+method java.lang.reflect.Proxy.newProxyInstance CAPABILITY_REFLECT
+method java.lang.reflect.Proxy.getProxyClass CAPABILITY_REFLECT
+
+# From: java.lang.invoke.MethodHandles.Lookup (checkSecurityManager)
+method java.lang.invoke.MethodHandles.lookup CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles.publicLookup CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles.privateLookupIn CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findStatic CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findVirtual CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findConstructor CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findClass CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.accessClass CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findSpecial CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findGetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findSetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findVarHandle CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findStaticGetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findStaticSetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.findStaticVarHandle CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.bind CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.unreflect CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.unreflectSpecial CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.unreflectConstructor CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.unreflectGetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.unreflectSetter CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandles$Lookup.revealDirect CAPABILITY_REFLECT
+
+# From: java.lang.invoke.MethodHandle
+method java.lang.invoke.MethodHandle.invoke CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandle.invokeExact CAPABILITY_REFLECT
+method java.lang.invoke.MethodHandle.invokeWithArguments CAPABILITY_REFLECT
\ No newline at end of file
diff --git a/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java b/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java
index b3d7bc0..e44e585 100644
--- a/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java
+++ b/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java
@@ -4,64 +4,105 @@
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.BeforeAll;
import static org.junit.jupiter.api.Assertions.*;
-import java.io.IOException;
import java.util.Set;
/**
* Tests for the CapabilityMapper static utility.
*/
public class CapabilityMapperTest {
-
+
@BeforeAll
- static void setUp() throws IOException {
- // CapabilityMapper loads mappings automatically in static initializer
- // Force initialization by calling any static method
+ static void setUp() {
+ // Force initialization
CapabilityMapper.getAllMappings();
}
-
+
+ // ===== Parser and file loading tests =====
+
+ @Test
+ void testManualMappingsLoaded() {
+ // From java-interesting.cm - manually crafted
+ Set caps = CapabilityMapper.getCapabilities("java.lang.Runtime", "loadLibrary");
+ assertTrue(caps.contains(Capability.CAPABILITY_CGO), "Manual mappings should be loaded");
+ }
+
+ @Test
+ void testSecManagerMappingsLoaded() {
+ // From openjdk-sec-manager.cm - auto-generated
+ Set caps = CapabilityMapper.getCapabilities("java.lang.Thread", "interrupt");
+ assertTrue(caps.contains(Capability.CAPABILITY_RUNTIME), "SecurityManager-derived mappings should be loaded");
+ }
+
@Test
- void testFileInputStreamConstructorMapping() {
- // Test that FileInputStream constructor is properly mapped
- Set caps = CapabilityMapper.getCapabilities("java.io.FileInputStream", "");
- assertFalse(caps.isEmpty(), "FileInputStream. should be mapped");
- assertTrue(caps.contains(Capability.CAPABILITY_FILES));
-
+ void testSafeMappingsLoaded() {
+ // From java-safe.cm
+ assertTrue(CapabilityMapper.isSafe("java.lang.Math", "abs"), "Safe mappings should be loaded");
}
-
+
+ // ===== Wildcard matching =====
+
@Test
- void testOtherCapabilityMappings() {
- // Test that other mappings work correctly
- Set execCaps = CapabilityMapper.getCapabilities("java.lang.Runtime", "exec");
- assertTrue(execCaps.contains(Capability.CAPABILITY_EXEC));
-
- Set reflectCaps = CapabilityMapper.getCapabilities("java.lang.Class", "forName");
- assertTrue(reflectCaps.contains(Capability.CAPABILITY_REFLECT));
-
- Set cgoCaps = CapabilityMapper.getCapabilities("java.lang.System", "load");
- assertTrue(cgoCaps.contains(Capability.CAPABILITY_CGO));
-
- Set unsafeCaps = CapabilityMapper.getCapabilities("sun.misc.Unsafe", "allocateMemory");
- assertTrue(unsafeCaps.contains(Capability.CAPABILITY_CGO));
+ void testWildcardClassSafe() {
+ // java.lang.String.* is marked CAPABILITY_SAFE
+ assertTrue(CapabilityMapper.isSafe("java.lang.String", "length"));
+ assertTrue(CapabilityMapper.isSafe("java.lang.String", "substring"));
+ assertTrue(CapabilityMapper.isSafe("java.lang.String", "anyMethodName"));
}
-
+
@Test
- void testInternalNotation() {
- // Test internal JVM notation conversion
- Set caps = CapabilityMapper.getCapabilitiesInternal("java/io/FileInputStream", "");
- assertFalse(caps.isEmpty());
- assertTrue(caps.contains(Capability.CAPABILITY_FILES));
+ void testNonWildcardSafeMethod() {
+ // Individual method marked safe
+ assertTrue(CapabilityMapper.isSafe("java.lang.Object", "equals"));
+ // But other methods on same class not safe
+ assertFalse(CapabilityMapper.isSafe("java.lang.Object", "wait"));
}
-
+
+ // ===== Internal name conversion =====
+
+ @Test
+ void testInternalNameConversion() {
+ // Internal JVM notation: java/lang/Runtime
+ Set caps = CapabilityMapper.getCapabilitiesInternal("java/lang/Runtime", "loadLibrary");
+ assertTrue(caps.contains(Capability.CAPABILITY_CGO));
+ }
+
+ @Test
+ void testInternalNameSafeConversion() {
+ // Internal JVM notation for safe check
+ assertTrue(CapabilityMapper.isSafeInternal("java/lang/String", "length"));
+ assertFalse(CapabilityMapper.isSafeInternal("java/lang/Runtime", "exec"));
+ }
+
+ // ===== Edge cases =====
+
+ @Test
+ void testUnknownMethodReturnsEmpty() {
+ Set caps = CapabilityMapper.getCapabilities("com.fake.NonExistent", "fakeMethod");
+ assertTrue(caps.isEmpty(), "Unknown method should return empty set");
+ }
+
+ @Test
+ void testUnknownMethodNotSafe() {
+ assertFalse(CapabilityMapper.isSafe("com.fake.NonExistent", "fakeMethod"),
+ "Unknown method should not be considered safe");
+ }
+
@Test
void testHasCapability() {
assertTrue(CapabilityMapper.hasCapability("java.lang.Runtime", "exec"));
- assertFalse(CapabilityMapper.hasCapability("java.lang.String", "valueOf"));
+ assertFalse(CapabilityMapper.hasCapability("com.fake.NonExistent", "fakeMethod"));
}
-
+
+ @Test
+ void testEmptyMethodName() {
+ Set caps = CapabilityMapper.getCapabilities("java.lang.Runtime", "");
+ assertTrue(caps.isEmpty());
+ }
+
@Test
- void testOptionalCapabilities() {
- // Test using getCapabilities with empty check instead of findCapabilities
- assertFalse(CapabilityMapper.getCapabilities("java.lang.Runtime", "exec").isEmpty());
- assertTrue(CapabilityMapper.getCapabilities("java.lang.String", "valueOf").isEmpty());
+ void testNullSafety() {
+ // These should not throw, just return empty/false
+ assertTrue(CapabilityMapper.getCapabilities("java.lang.String", "nonexistent").isEmpty());
+ assertFalse(CapabilityMapper.hasCapability("java.lang.String", "nonexistent"));
}
}
\ No newline at end of file
diff --git a/examples/compress-test/.capslock/snapshot.json b/examples/compress-test/.capslock/snapshot.json
index cb1b81a..75f41bb 100644
--- a/examples/compress-test/.capslock/snapshot.json
+++ b/examples/compress-test/.capslock/snapshot.json
@@ -2,9 +2,9 @@
"capability_info": [{
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.io.File.delete",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.TeeInputStream.read org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.write org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.openNewSplitSegment java.nio.file.Files.move",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.checkAvailableFormats",
"package": "com.example"
@@ -12,7 +12,7 @@
"name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e",
+ "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
"name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
@@ -24,101 +24,98 @@
"name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
"package": "org.apache.commons.compress.utils"
}, {
- "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte",
- "package": "org.apache.commons.io.input"
- }, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
}, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.io.input.TeeInputStream.read",
+ "package": "org.apache.commons.io.input"
}, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.write",
+ "package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "com.github.luben.zstd.util.Native.load",
- "package": "com.github.luben.zstd.util"
+ "name": "org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.openNewSplitSegment",
+ "package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "java.io.File.delete",
- "package": "java.io"
+ "name": "java.nio.file.Files.move",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.compressFileGzip java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.compressFileGzip java.nio.file.Files.newInputStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.compressFileGzip",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.newInputStream",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.compressFileZstd java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.compressFileZstd java.nio.file.Files.newInputStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.compressFileZstd",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.newInputStream",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.createTarArchive java.io.FileOutputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.createTarArchive java.nio.file.Files.newOutputStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.createTarArchive",
"package": "com.example"
}, {
- "name": "java.io.FileOutputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.newOutputStream",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.createZipArchive java.io.FileOutputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.createZipArchive java.nio.file.Files.newOutputStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.createZipArchive",
"package": "com.example"
}, {
- "name": "java.io.FileOutputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.newOutputStream",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.decompressFileGzip java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.extractArchive java.nio.file.Files.createDirectories",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
- "name": "com.example.CompressExample.decompressFileGzip",
+ "name": "com.example.CompressExample.extractArchive",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.createDirectories",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.extractArchive java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$0 java.nio.file.Files.isRegularFile",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
- "name": "com.example.CompressExample.extractArchive",
+ "name": "com.example.CompressExample.lambda$createTarArchive$0",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.isRegularFile",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
@@ -133,6 +130,19 @@
"name": "java.nio.file.Files.copy",
"package": "java.nio.file"
}]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.example.CompressExample.lambda$createZipArchive$0 java.nio.file.Files.isRegularFile",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createZipArchive$0",
+ "package": "com.example"
+ }, {
+ "name": "java.nio.file.Files.isRegularFile",
+ "package": "java.nio.file"
+ }]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
@@ -149,73 +159,64 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.listArchiveContents java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.CompressExample.listArchiveContents java.nio.file.Files.newInputStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.listArchiveContents",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.nio.file.Files.newInputStream",
+ "package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.CompressExample.main java.nio.file.Files.write",
+ "dep_path": "com.example.CompressExample.main java.nio.file.Files.createDirectories",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.CompressExample.main",
"package": "com.example"
}, {
- "name": "java.nio.file.Files.write",
+ "name": "java.nio.file.Files.createDirectories",
"package": "java.nio.file"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.compressFileZstd java.io.FileInputStream.\u003cinit\u003e",
+ "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.exec",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.ProcessRunner.compressAndExecute",
"package": "com.example"
}, {
- "name": "com.example.CompressExample.compressFileZstd",
+ "name": "com.example.ProcessRunner.executeCommand",
"package": "com.example"
}, {
- "name": "java.io.FileInputStream.\u003cinit\u003e",
- "package": "java.io"
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get java.nio.file.Files.newByteChannel",
+ "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.exec",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.ProcessRunner.executeCommand",
"package": "com.example"
}, {
- "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine",
- "package": "org.apache.commons.io.input"
- }, {
- "name": "org.apache.commons.io.function.Uncheck.get",
- "package": "org.apache.commons.io.function"
- }, {
- "name": "org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get",
- "package": "org.apache.commons.compress.archivers.sevenz"
- }, {
- "name": "java.nio.file.Files.newByteChannel",
- "package": "java.nio.file"
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_FILES",
- "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get java.nio.file.Files.newByteChannel",
+ "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.exec",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
"path": [{
"name": "com.example.ProcessRunner.main",
"package": "com.example"
@@ -223,22 +224,13 @@
"name": "com.example.ProcessRunner.executeCommand",
"package": "com.example"
}, {
- "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine",
- "package": "org.apache.commons.io.input"
- }, {
- "name": "org.apache.commons.io.function.Uncheck.get",
- "package": "org.apache.commons.io.function"
- }, {
- "name": "org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get",
- "package": "org.apache.commons.compress.archivers.sevenz"
- }, {
- "name": "java.nio.file.Files.newByteChannel",
- "package": "java.nio.file"
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
@@ -248,7 +240,7 @@
"name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e",
+ "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
"name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
@@ -260,8 +252,8 @@
"name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
"package": "org.apache.commons.compress.utils"
}, {
- "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte",
- "package": "org.apache.commons.io.input"
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
}, {
"name": "org.apache.commons.io.input.QueueInputStream.read",
"package": "org.apache.commons.io.input"
@@ -287,21 +279,15 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.compressFileGzip",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray",
- "package": "org.apache.commons.compress.compressors.gzip"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
"name": "org.apache.commons.io.function.UncheckedIOIterator.next",
"package": "org.apache.commons.io.function"
@@ -324,27 +310,15 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.write org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.flushBuffer org.apache.commons.compress.utils.FixedLengthBlockOutputStream.close org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.compressFileZstd",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write",
- "package": "org.apache.commons.compress.compressors.zstandard"
- }, {
- "name": "org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.write",
- "package": "org.apache.commons.compress.compressors.snappy"
- }, {
- "name": "org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.flushBuffer",
- "package": "org.apache.commons.compress.compressors.snappy"
- }, {
- "name": "org.apache.commons.compress.utils.FixedLengthBlockOutputStream.close",
- "package": "org.apache.commons.compress.utils"
- }, {
- "name": "org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close",
- "package": "org.apache.commons.compress.utils"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
"name": "org.apache.commons.io.function.UncheckedIOIterator.next",
"package": "org.apache.commons.io.function"
@@ -367,7 +341,7 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.\u003cclinit\u003e com.github.luben.zstd.util.Native.load org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -383,7 +357,7 @@
"name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
"package": "com.github.luben.zstd"
}, {
- "name": "com.github.luben.zstd.Zstd.\u003cclinit\u003e",
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
"package": "com.github.luben.zstd"
}, {
"name": "com.github.luben.zstd.util.Native.load",
@@ -447,28 +421,6 @@
"name": "java.net.URL.openStream",
"package": "java.net"
}]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
- "path": [{
- "name": "com.example.CompressExample.decompressFileGzip",
- "package": "com.example"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.\u003cinit\u003e",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.io.build.AbstractStreamBuilder.getInputStream",
- "package": "org.apache.commons.io.build"
- }, {
- "name": "org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream",
- "package": "org.apache.commons.io.build"
- }, {
- "name": "java.net.URL.openStream",
- "package": "java.net"
- }]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
@@ -500,7 +452,7 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.closeArchiveEntry org.apache.commons.compress.utils.FixedLengthBlockOutputStream.flushBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream.writeBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream$BufferAtATimeOutputChannel.write org.apache.commons.io.IOUtils.closeQuietly org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.closeArchiveEntry org.apache.commons.compress.utils.FixedLengthBlockOutputStream.flushBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream.writeBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream$BufferAtATimeOutputChannel.write org.apache.commons.io.IOUtils.closeQuietly org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
@@ -522,8 +474,8 @@
"name": "org.apache.commons.io.IOUtils.closeQuietly",
"package": "org.apache.commons.io"
}, {
- "name": "org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close",
- "package": "org.apache.commons.compress.utils"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
"name": "org.apache.commons.io.function.UncheckedIOIterator.next",
"package": "org.apache.commons.io.function"
@@ -546,20 +498,20 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveEntry.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipArchiveEntry.parseExtraFields org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.jar.JarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.JarMarker.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.lambda$createZipArchive$1",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.archivers.zip.ZipArchiveEntry.\u003cinit\u003e",
- "package": "org.apache.commons.compress.archivers.zip"
+ "name": "org.apache.commons.compress.archivers.jar.JarArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.jar"
}, {
- "name": "org.apache.commons.compress.archivers.zip.ZipArchiveEntry.parseExtraFields",
+ "name": "org.apache.commons.compress.archivers.zip.JarMarker.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse",
+ "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
"name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue",
@@ -568,8 +520,8 @@
"name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
"package": "org.apache.commons.compress.utils"
}, {
- "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte",
- "package": "org.apache.commons.io.input"
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
}, {
"name": "org.apache.commons.io.input.QueueInputStream.read",
"package": "org.apache.commons.io.input"
@@ -623,14 +575,14 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_NETWORK",
- "dep_path": "com.example.CompressExample.main com.example.CompressExample.extractArchive org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.input.ChecksumInputStream$Builder.get org.apache.commons.io.input.ChecksumInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
+ "dep_path": "com.example.CompressExample.main com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.input.ChecksumInputStream$Builder.get org.apache.commons.io.input.ChecksumInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.main",
"package": "com.example"
}, {
- "name": "com.example.CompressExample.extractArchive",
+ "name": "com.example.CompressExample.listArchiveContents",
"package": "com.example"
}, {
"name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry",
@@ -743,68 +695,10 @@
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_READ_SYSTEM_STATE",
- "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.compressAndExecute",
- "package": "com.example"
- }, {
- "name": "com.example.ProcessRunner.executeCommand",
- "package": "com.example"
- }, {
- "name": "java.lang.Runtime.getRuntime",
- "package": "java.lang"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_READ_SYSTEM_STATE",
- "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.executeCommand",
- "package": "com.example"
- }, {
- "name": "java.lang.Runtime.getRuntime",
- "package": "java.lang"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_READ_SYSTEM_STATE",
- "dep_path": "com.example.ProcessRunner.isCommandAvailable java.lang.Runtime.getRuntime",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.isCommandAvailable",
- "package": "com.example"
- }, {
- "name": "java.lang.Runtime.getRuntime",
- "package": "java.lang"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_READ_SYSTEM_STATE",
- "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.main",
- "package": "com.example"
- }, {
- "name": "com.example.ProcessRunner.executeCommand",
- "package": "com.example"
- }, {
- "name": "java.lang.Runtime.getRuntime",
- "package": "java.lang"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.Zstd.errCorruptionDetected",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read java.lang.Thread.interrupt",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.checkAvailableFormats",
"package": "com.example"
@@ -812,7 +706,7 @@
"name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e",
+ "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
"name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
@@ -824,65 +718,62 @@
"name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
"package": "org.apache.commons.compress.utils"
}, {
- "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte",
- "package": "org.apache.commons.io.input"
- }, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
}, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.io.input.QueueInputStream.read",
+ "package": "org.apache.commons.io.input"
}, {
- "name": "com.github.luben.zstd.Zstd.errCorruptionDetected",
- "package": "com.github.luben.zstd"
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
"name": "com.example.CompressExample.compressFileGzip",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e",
- "package": "org.apache.commons.compress.compressors.gzip"
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
}, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader",
- "package": "org.apache.commons.compress.compressors.gzip"
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
}, {
- "name": "com.github.luben.zstd.Zstd.isError",
- "package": "com.github.luben.zstd"
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.io.input.TeeInputStream.read org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.compressFileZstd",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write",
- "package": "org.apache.commons.compress.compressors.zstandard"
+ "name": "org.apache.commons.io.input.TeeInputStream.read",
+ "package": "org.apache.commons.io.input"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
}, {
- "name": "com.github.luben.zstd.Zstd.isError",
- "package": "com.github.luben.zstd"
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish org.apache.commons.codec.binary.BaseNCodecOutputStream.flush org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.createTarArchive",
"package": "com.example"
@@ -893,57 +784,50 @@
"name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
"package": "org.apache.commons.compress.archivers.tar"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.codec.binary.BaseNCodecOutputStream.flush",
+ "package": "org.apache.commons.codec.binary"
}, {
- "name": "com.github.luben.zstd.Zstd.isError",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipLong.getBytes org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.createZipArchive",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close",
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.\u003cclinit\u003e",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish",
+ "name": "org.apache.commons.compress.archivers.zip.ZipLong.getBytes",
"package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
- "package": "com.github.luben.zstd"
- }, {
- "name": "com.github.luben.zstd.Zstd.isError",
- "package": "com.github.luben.zstd"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.freeDStream",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
- "path": [{
- "name": "com.example.CompressExample.decompressFileGzip",
- "package": "com.example"
+ "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong",
+ "package": "org.apache.commons.compress.archivers.zip"
}, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close",
- "package": "org.apache.commons.compress.compressors.gzip"
+ "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian",
+ "package": "org.apache.commons.compress.utils"
}, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.close",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
}, {
- "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.freeDStream",
- "package": "com.github.luben.zstd"
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -953,15 +837,984 @@
"name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
"package": "com.github.luben.zstd"
}, {
- "name": "com.github.luben.zstd.Zstd.isError",
- "package": "com.github.luben.zstd"
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
}]
}, {
"package_name": "com.example",
- "capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.io.output.ProxyOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
"package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createTarArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createZipArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.skip org.apache.commons.io.input.QueueInputStream.read java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.listArchiveContents",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry",
+ "package": "org.apache.commons.compress.archivers.arj"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.skip",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "org.apache.commons.io.input.QueueInputStream.read",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.CompressExample.main com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.main",
+ "package": "com.example"
+ }, {
+ "name": "com.example.CompressExample.compressFileGzip",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish org.apache.commons.codec.binary.BaseNCodecOutputStream.flush org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.ProcessRunner.compressAndExecute",
+ "package": "com.example"
+ }, {
+ "name": "com.example.CompressExample.createTarArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.codec.binary.BaseNCodecOutputStream.flush",
+ "package": "org.apache.commons.codec.binary"
+ }, {
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "org.apache.commons.io.function.Uncheck.get",
+ "package": "org.apache.commons.io.function"
+ }, {
+ "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get",
+ "package": "org.apache.commons.compress.compressors.lzma"
+ }, {
+ "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.compressors.lzma"
+ }, {
+ "name": "org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e",
+ "package": "org.tukaani.xz"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.ProcessRunner.main",
+ "package": "com.example"
+ }, {
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "org.apache.commons.io.function.Uncheck.get",
+ "package": "org.apache.commons.io.function"
+ }, {
+ "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get",
+ "package": "org.apache.commons.compress.compressors.lzma"
+ }, {
+ "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.compressors.lzma"
+ }, {
+ "name": "org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e",
+ "package": "org.tukaani.xz"
+ }, {
+ "name": "org.apache.commons.io.output.QueueOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "java.lang.Thread.interrupt",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.ProxyInputStream.read org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.checkAvailableFormats",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.input.ProxyInputStream.read",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.io.output.DemuxOutputStream.close org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileGzip",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.io.output.DemuxOutputStream.close",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.io.input.ProxyInputStream.read org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileZstd",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.io.input.ProxyInputStream.read",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.System.getProperty",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.createTarArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.System.getProperty",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish org.apache.commons.io.output.DemuxOutputStream.close org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.createZipArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.io.output.DemuxOutputStream.close",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.extractArchive org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.extractArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry",
+ "package": "org.apache.commons.compress.archivers.arj"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveEntry.\u003cinit\u003e org.apache.commons.lang3.SystemProperties.getUserName org.apache.commons.lang3.SystemProperties.getProperty java.lang.System.getProperty",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createTarArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveEntry.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.lang3.SystemProperties.getUserName",
+ "package": "org.apache.commons.lang3"
+ }, {
+ "name": "org.apache.commons.lang3.SystemProperties.getProperty",
+ "package": "org.apache.commons.lang3"
+ }, {
+ "name": "java.lang.System.getProperty",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.ProxyOutputStream.write org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createZipArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.io.output.ProxyOutputStream.write",
+ "package": "org.apache.commons.io.output"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.listArchiveContents",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry",
+ "package": "org.apache.commons.compress.archivers.arj"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.CompressExample.main com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.main",
+ "package": "com.example"
+ }, {
+ "name": "com.example.CompressExample.listArchiveContents",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry",
+ "package": "org.apache.commons.compress.archivers.arj"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "java.lang.System.lineSeparator",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.example.ProcessRunner.compressAndExecute",
+ "package": "com.example"
+ }, {
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "java.lang.Runtime.getRuntime",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "java.lang.Runtime.getRuntime",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_READ_SYSTEM_STATE",
+ "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.example.ProcessRunner.main",
+ "package": "com.example"
+ }, {
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "java.lang.Runtime.getRuntime",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.checkAvailableFormats",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileGzip",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.compressFileZstd com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileZstd",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.createTarArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.createZipArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.extractArchive",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createTarArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.lambda$createZipArchive$1",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.listArchiveContents com.github.luben.zstd.ZstdInputStreamNoFinalizer.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.listArchiveContents",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.CompressExample.main org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.CompressExample.main",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
+ "path": [{
+ "name": "com.example.ProcessRunner.compressAndExecute",
+ "package": "com.example"
+ }, {
+ "name": "com.example.CompressExample.checkAvailableFormats",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable",
+ "package": "org.apache.commons.compress.compressors.zstandard"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.ProcessRunner.executeCommand",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine",
+ "package": "org.apache.commons.io.input"
+ }, {
+ "name": "org.apache.commons.io.function.Uncheck.get",
+ "package": "org.apache.commons.io.function"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipFile$Builder.get",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.closeQuietly",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.ProcessRunner.main",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.lang3.exception.ContextedException.getMessage",
+ "package": "org.apache.commons.lang3.exception"
+ }, {
+ "name": "org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage",
+ "package": "org.apache.commons.lang3.exception"
+ }, {
+ "name": "org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage",
+ "package": "org.apache.commons.lang3.exception"
+ }, {
+ "name": "org.apache.commons.io.LineIterator.hasNext",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "org.apache.commons.io.IOUtils.closeQuietly",
+ "package": "org.apache.commons.io"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.util.Native.load",
+ "package": "com.github.luben.zstd.util"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.Zstd.errCorruptionDetected",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.checkAvailableFormats",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte",
+ "package": "org.apache.commons.compress.utils"
+ }, {
+ "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.errCorruptionDetected",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileGzip",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.isError",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.compressFileZstd com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.compressFileZstd",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.isError",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.createTarArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.isError",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.createZipArchive",
+ "package": "com.example"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.zip"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.isError",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
+ "path": [{
+ "name": "com.example.CompressExample.extractArchive",
+ "package": "com.example"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "package": "com.github.luben.zstd"
+ }, {
+ "name": "com.github.luben.zstd.Zstd.isError",
+ "package": "com.github.luben.zstd"
+ }]
+ }, {
+ "package_name": "com.example",
+ "capability": "CAPABILITY_CGO",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError",
+ "package_dir": "com.example",
+ "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
"name": "com.example.CompressExample.lambda$createTarArchive$1",
"package": "com.example"
@@ -972,8 +1825,8 @@
"name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord",
"package": "org.apache.commons.compress.archivers.tar"
}, {
- "name": "org.apache.commons.io.output.ProxyOutputStream.write",
- "package": "org.apache.commons.io.output"
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
}, {
"name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
"package": "com.github.luben.zstd"
@@ -1031,14 +1884,14 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_CGO",
- "dep_path": "com.example.CompressExample.main com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "dep_path": "com.example.CompressExample.main com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
"name": "com.example.CompressExample.main",
"package": "com.example"
}, {
- "name": "com.example.CompressExample.extractArchive",
+ "name": "com.example.CompressExample.compressFileGzip",
"package": "com.example"
}, {
"name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
@@ -1050,20 +1903,23 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_CGO",
- "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError",
+ "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
"name": "com.example.ProcessRunner.compressAndExecute",
"package": "com.example"
}, {
- "name": "com.example.CompressExample.compressFileZstd",
+ "name": "com.example.CompressExample.createTarArchive",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write",
- "package": "org.apache.commons.compress.compressors.zstandard"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write",
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish",
+ "package": "org.apache.commons.compress.archivers.tar"
+ }, {
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
"package": "com.github.luben.zstd"
}, {
"name": "com.github.luben.zstd.Zstd.isError",
@@ -1072,7 +1928,7 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_CGO",
- "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -1094,7 +1950,7 @@
"name": "org.apache.commons.io.IOUtils.closeQuietly",
"package": "org.apache.commons.io"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "name": "com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close",
"package": "com.github.luben.zstd"
}, {
"name": "com.github.luben.zstd.Zstd.isError",
@@ -1103,7 +1959,7 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_CGO",
- "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
+ "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -1125,7 +1981,7 @@
"name": "org.apache.commons.io.IOUtils.closeQuietly",
"package": "org.apache.commons.io"
}, {
- "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close",
+ "name": "com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close",
"package": "com.github.luben.zstd"
}, {
"name": "com.github.luben.zstd.Zstd.isError",
@@ -1147,21 +2003,15 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_REFLECT",
- "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray org.apache.commons.compress.utils.ServiceLoaderIterator.next",
+ "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.compressFileGzip",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray",
- "package": "org.apache.commons.compress.compressors.gzip"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
"name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next",
"package": "org.apache.commons.compress.utils"
@@ -1169,26 +2019,23 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_REFLECT",
- "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.toZstdOutputStream org.apache.commons.lang3.ArrayUtils.\u003cclinit\u003e",
+ "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE",
"path": [{
"name": "com.example.CompressExample.compressFileZstd",
"package": "com.example"
}, {
- "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.\u003cinit\u003e",
- "package": "org.apache.commons.compress.compressors.zstandard"
- }, {
- "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.toZstdOutputStream",
- "package": "org.apache.commons.compress.compressors.zstandard"
+ "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
+ "package": "org.apache.commons.compress.archivers.tar"
}, {
- "name": "org.apache.commons.lang3.ArrayUtils.\u003cclinit\u003e",
- "package": "org.apache.commons.lang3"
+ "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next",
+ "package": "org.apache.commons.compress.utils"
}]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_REFLECT",
- "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.\u003cclinit\u003e com.github.luben.zstd.util.Native.load",
+ "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -1204,7 +2051,7 @@
"name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush",
"package": "com.github.luben.zstd"
}, {
- "name": "com.github.luben.zstd.Zstd.\u003cclinit\u003e",
+ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e",
"package": "com.github.luben.zstd"
}, {
"name": "com.github.luben.zstd.util.Native.load",
@@ -1232,25 +2079,6 @@
"name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next",
"package": "org.apache.commons.compress.utils"
}]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_REFLECT",
- "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_TRANSITIVE",
- "path": [{
- "name": "com.example.CompressExample.decompressFileGzip",
- "package": "com.example"
- }, {
- "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close",
- "package": "org.apache.commons.compress.compressors.gzip"
- }, {
- "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close",
- "package": "org.apache.commons.compress.archivers.tar"
- }, {
- "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next",
- "package": "org.apache.commons.compress.utils"
- }]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_REFLECT",
@@ -1270,7 +2098,7 @@
}, {
"package_name": "com.example",
"capability": "CAPABILITY_REFLECT",
- "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.io.output.ProxyOutputStream.write org.tukaani.xz.SimpleOutputStream.write org.tukaani.xz.SimpleOutputStream.\u003cclinit\u003e",
+ "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write org.tukaani.xz.SimpleOutputStream.write org.tukaani.xz.SimpleOutputStream.\u003cclinit\u003e",
"package_dir": "com.example",
"capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL",
"path": [{
@@ -1283,8 +2111,8 @@
"name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord",
"package": "org.apache.commons.compress.archivers.tar"
}, {
- "name": "org.apache.commons.io.output.ProxyOutputStream.write",
- "package": "org.apache.commons.io.output"
+ "name": "org.apache.commons.compress.utils.CountingOutputStream.write",
+ "package": "org.apache.commons.compress.utils"
}, {
"name": "org.tukaani.xz.SimpleOutputStream.write",
"package": "org.tukaani.xz"
@@ -1429,32 +2257,6 @@
"name": "java.lang.Runtime.exec",
"package": "java.lang"
}]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_EXEC",
- "dep_path": "com.example.ProcessRunner.executeWithBuilder java.lang.ProcessBuilder.\u003cinit\u003e",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.executeWithBuilder",
- "package": "com.example"
- }, {
- "name": "java.lang.ProcessBuilder.\u003cinit\u003e",
- "package": "java.lang"
- }]
- }, {
- "package_name": "com.example",
- "capability": "CAPABILITY_EXEC",
- "dep_path": "com.example.ProcessRunner.isCommandAvailable java.lang.Runtime.exec",
- "package_dir": "com.example",
- "capability_type": "CAPABILITY_TYPE_DIRECT",
- "path": [{
- "name": "com.example.ProcessRunner.isCommandAvailable",
- "package": "com.example"
- }, {
- "name": "java.lang.Runtime.exec",
- "package": "java.lang"
- }]
}, {
"package_name": "com.example",
"capability": "CAPABILITY_EXEC",
@@ -1473,7 +2275,7 @@
}]
}],
"module_info": [{
- "path": "com.coverage:compress-test",
+ "path": "com.github.serj:compress-test",
"version": "1.0-SNAPSHOT"
}],
"package_info": []
diff --git a/examples/quick-test/.capslock/policy.yaml b/examples/quick-test/.capslock/policy.yaml
index 3a67bd8..083d9c5 100644
--- a/examples/quick-test/.capslock/policy.yaml
+++ b/examples/quick-test/.capslock/policy.yaml
@@ -2,6 +2,12 @@
# Packages listed here are blocked from using specified capabilities
policies:
+ # Block all capabilities not in snapshot.json for this package
+ - package: "com.github.serj.jcapslock.examples.quicktest"
+ blocked:
+ - DEFAULT
+
+ # Explicit blocking example
- package: "com.github.serj.jcapslock.examples.quicktest.blocked"
blocked:
- CAPABILITY_EXEC
diff --git a/examples/quick-test/.capslock/snapshot.json b/examples/quick-test/.capslock/snapshot.json
index 8f695e0..fd83022 100644
--- a/examples/quick-test/.capslock/snapshot.json
+++ b/examples/quick-test/.capslock/snapshot.json
@@ -1,5 +1,169 @@
{
"capability_info": [{
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile java.io.File.exists",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.io.File.exists",
+ "package": "java.io"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile java.io.File.exists",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.io.File.exists",
+ "package": "java.io"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability": "CAPABILITY_FILES",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability": "CAPABILITY_RUNTIME",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand",
+ "package": "com.github.serj.jcapslock.examples.quicktest.blocked"
+ }, {
+ "name": "java.lang.Runtime.exec",
+ "package": "java.lang"
+ }]
+ }, {
"package_name": "com.github.serj.jcapslock.examples.quicktest",
"capability": "CAPABILITY_READ_SYSTEM_STATE",
"dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.getRuntime",
@@ -76,6 +240,19 @@
"name": "java.lang.Runtime.getRuntime",
"package": "java.lang"
}]
+ }, {
+ "package_name": "com.github.serj.jcapslock.examples.quicktest",
+ "capability": "CAPABILITY_ARBITRARY_EXECUTION",
+ "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.useReflection java.lang.Class.forName",
+ "package_dir": "com.github.serj.jcapslock.examples.quicktest",
+ "capability_type": "CAPABILITY_TYPE_DIRECT",
+ "path": [{
+ "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.useReflection",
+ "package": "com.github.serj.jcapslock.examples.quicktest"
+ }, {
+ "name": "java.lang.Class.forName",
+ "package": "java.lang"
+ }]
}, {
"package_name": "com.github.serj.jcapslock.examples.quicktest",
"capability": "CAPABILITY_REFLECT",