From 2f6b77b28269ec7574535df9d1608d904ca42793 Mon Sep 17 00:00:00 2001 From: Sergej Dechand Date: Mon, 15 Dec 2025 16:38:58 +0100 Subject: [PATCH 1/4] Allow blocking all non-registered capabilities during runtime --- agent/README.md | 31 +++++++ .../serj/jcapslock/agent/CapslockAgent.java | 92 ++++++++++++++++++- examples/quick-test/.capslock/policy.yaml | 6 ++ 3 files changed, 125 insertions(+), 4 deletions(-) diff --git a/agent/README.md b/agent/README.md index 7838442..b5145c6 100644 --- a/agent/README.md +++ b/agent/README.md @@ -70,6 +70,37 @@ mvn clean package -pl agent -am The shaded JAR is at `agent/target/jcapslock-agent-1.0-SNAPSHOT.jar`. +## DEFAULT Blocking Mode + +Use `DEFAULT` in the blocked list to block all capabilities NOT in the snapshot for a package: + +```yaml +policies: + - package: com.example.myapp + blocked: + - DEFAULT # blocks all capabilities not in snapshot.json +``` + +The agent loads `.capslock/snapshot.json` (relative to policy file) and allows only +capabilities that exist in the snapshot for that package. Any capability usage not +in the snapshot is blocked. + +## Limitations + +> **Proof of Concept**: The enforcement mode is experimental and can be evaded. +> It should be used as one layer in a defense-in-depth strategy, not as a +> complete security solution. + +Known evasion vectors: +- **Async/threaded code**: Stack inspection won't show original caller after handoff to thread pool +- **Reflection**: Dynamically invoked methods bypass static analysis +- **Native code**: JNI and `sun.misc.Unsafe` can perform any operation +- **External processes**: Code executed via `Runtime.exec` is not monitored +- **Class loading tricks**: Custom classloaders can load uninstrumented code + +The static analysis also has inherent limitations: +- Reflection targets cannot be determined statically and lead to overapproximations + ## Capabilities Capabilities are loaded from `java-interesting.cm` in the core module. diff --git a/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java b/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java index 50b097c..ad2d64a 100644 --- a/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java +++ b/agent/src/main/java/com/github/serj/jcapslock/agent/CapslockAgent.java @@ -1,12 +1,14 @@ package com.github.serj.jcapslock.agent; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; import org.objectweb.asm.Type; import java.io.File; import java.lang.instrument.Instrumentation; +import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -73,6 +75,24 @@ public static Instrumentation getInstrumentation() { return instrumentation; } + /** + * All enforceable capabilities (excludes UNSPECIFIED, SAFE, UNANALYZED). + */ + private static final Set ALL_CAPABILITIES = new HashSet<>(Arrays.asList( + "CAPABILITY_FILES", + "CAPABILITY_NETWORK", + "CAPABILITY_RUNTIME", + "CAPABILITY_READ_SYSTEM_STATE", + "CAPABILITY_MODIFY_SYSTEM_STATE", + "CAPABILITY_OPERATING_SYSTEM", + "CAPABILITY_SYSTEM_CALLS", + "CAPABILITY_ARBITRARY_EXECUTION", + "CAPABILITY_CGO", + "CAPABILITY_UNSAFE_POINTER", + "CAPABILITY_REFLECT", + "CAPABILITY_EXEC" + )); + private static void loadPolicy(String policyPath) { File policyFile = new File(policyPath); if (!policyFile.exists()) { @@ -86,14 +106,42 @@ private static void loadPolicy(String policyPath) { ObjectMapper mapper = new ObjectMapper(new YAMLFactory()); PolicyFile policy = mapper.readValue(policyFile, PolicyFile.class); + // Check if any policy uses DEFAULT - if so, load snapshot + Map> snapshotCapabilities = null; + boolean hasDefault = policy.policies != null && policy.policies.stream() + .anyMatch(e -> e.blocked != null && e.blocked.contains("DEFAULT")); + + if (hasDefault) { + snapshotCapabilities = loadSnapshotCapabilities(policyFile.getParentFile()); + } + Map> capabilityToPackages = new HashMap<>(); if (policy.policies != null) { for (PolicyEntry entry : policy.policies) { if (entry.blocked != null) { - for (String capability : entry.blocked) { - capabilityToPackages - .computeIfAbsent(capability, k -> new HashSet<>()) - .add(entry.pkg); + List effectiveBlocked = entry.blocked; + + // Expand DEFAULT to all capabilities not in snapshot for this package + if (entry.blocked.contains("DEFAULT")) { + Set allowedFromSnapshot = snapshotCapabilities != null + ? snapshotCapabilities.getOrDefault(entry.pkg, Set.of()) + : Set.of(); + + Set toBlock = new HashSet<>(ALL_CAPABILITIES); + toBlock.removeAll(allowedFromSnapshot); + effectiveBlocked = List.copyOf(toBlock); + + Log.info("DEFAULT expansion for " + entry.pkg + + ": allowed from snapshot=" + allowedFromSnapshot + + ", blocking=" + toBlock); + } + + for (String capability : effectiveBlocked) { + if (!"DEFAULT".equals(capability)) { + capabilityToPackages + .computeIfAbsent(capability, k -> new HashSet<>()) + .add(entry.pkg); + } } } } @@ -110,6 +158,42 @@ private static void loadPolicy(String policyPath) { } } + /** + * Loads capabilities from snapshot.json in the given directory. + * Returns a map from package name to set of capabilities. + */ + private static Map> loadSnapshotCapabilities(File directory) { + File snapshotFile = new File(directory, "snapshot.json"); + if (!snapshotFile.exists()) { + Log.warn("Snapshot file not found: " + snapshotFile + " (DEFAULT blocking may not work correctly)"); + return Map.of(); + } + + try { + ObjectMapper mapper = new ObjectMapper(); + JsonNode root = mapper.readTree(snapshotFile); + JsonNode capabilityInfoList = root.get("capability_info"); + + Map> result = new HashMap<>(); + if (capabilityInfoList != null && capabilityInfoList.isArray()) { + for (JsonNode info : capabilityInfoList) { + String packageName = info.has("package_name") ? info.get("package_name").asText() : null; + String capability = info.has("capability") ? info.get("capability").asText() : null; + + if (packageName != null && capability != null) { + result.computeIfAbsent(packageName, k -> new HashSet<>()).add(capability); + } + } + } + + Log.info("Loaded snapshot with " + result.size() + " packages"); + return result; + } catch (Exception e) { + Log.error("Failed to load snapshot: " + e.getMessage()); + return Map.of(); + } + } + public static class PolicyFile { public List policies; } diff --git a/examples/quick-test/.capslock/policy.yaml b/examples/quick-test/.capslock/policy.yaml index 3a67bd8..083d9c5 100644 --- a/examples/quick-test/.capslock/policy.yaml +++ b/examples/quick-test/.capslock/policy.yaml @@ -2,6 +2,12 @@ # Packages listed here are blocked from using specified capabilities policies: + # Block all capabilities not in snapshot.json for this package + - package: "com.github.serj.jcapslock.examples.quicktest" + blocked: + - DEFAULT + + # Explicit blocking example - package: "com.github.serj.jcapslock.examples.quicktest.blocked" blocked: - CAPABILITY_EXEC From 95d489dd7bf72e72fc4778dfc429146e31638ce3 Mon Sep 17 00:00:00 2001 From: Sergej Dechand Date: Tue, 16 Dec 2025 10:01:22 +0100 Subject: [PATCH 2/4] Map exec methods to FILES capability for process pipes as in Go --- .../resources/interesting/java-interesting.cm | 2 + examples/quick-test/.capslock/snapshot.json | 77 +++++++++++++++++++ 2 files changed, 79 insertions(+) diff --git a/core/src/main/resources/interesting/java-interesting.cm b/core/src/main/resources/interesting/java-interesting.cm index 0ab1c20..96ae2cc 100644 --- a/core/src/main/resources/interesting/java-interesting.cm +++ b/core/src/main/resources/interesting/java-interesting.cm @@ -40,6 +40,7 @@ method java.lang.ClassLoader.defineClass CAPABILITY_REFLECT method java.lang.ClassLoader.findClass CAPABILITY_REFLECT method java.lang.ProcessBuilder.start CAPABILITY_EXEC +method java.lang.ProcessBuilder.start CAPABILITY_FILES method java.lang.ProcessBuilder.command CAPABILITY_EXEC method java.lang.ProcessBuilder. CAPABILITY_EXEC method java.lang.ProcessBuilder.redirectInput CAPABILITY_EXEC @@ -50,6 +51,7 @@ method java.lang.ProcessBuilder.redirectError CAPABILITY_EXEC method java.lang.ProcessBuilder.redirectError CAPABILITY_FILES method java.lang.Runtime.exec CAPABILITY_EXEC +method java.lang.Runtime.exec CAPABILITY_FILES method java.lang.Runtime.load CAPABILITY_CGO method java.lang.Runtime.loadLibrary CAPABILITY_CGO method java.lang.Runtime.getRuntime CAPABILITY_READ_SYSTEM_STATE diff --git a/examples/quick-test/.capslock/snapshot.json b/examples/quick-test/.capslock/snapshot.json index 8f695e0..95c1ba6 100644 --- a/examples/quick-test/.capslock/snapshot.json +++ b/examples/quick-test/.capslock/snapshot.json @@ -1,5 +1,82 @@ { "capability_info": [{ + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { "package_name": "com.github.serj.jcapslock.examples.quicktest", "capability": "CAPABILITY_READ_SYSTEM_STATE", "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.getRuntime", From 418a4a8c53b3d9bdfac9d9a24a4da07ecd394642 Mon Sep 17 00:00:00 2001 From: Sergej Dechand Date: Tue, 16 Dec 2025 11:42:58 +0100 Subject: [PATCH 3/4] Fix encoding for entire project --- .idea/encodings.xml | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/.idea/encodings.xml b/.idea/encodings.xml index 579c8a2..97626ba 100644 --- a/.idea/encodings.xml +++ b/.idea/encodings.xml @@ -1,19 +1,6 @@ - - - - - - - - - - - - - - + \ No newline at end of file From c72406128ca4bd2f8584811c4ffd708649f16ea8 Mon Sep 17 00:00:00 2001 From: Sergej Dechand Date: Tue, 16 Dec 2025 20:42:16 +0100 Subject: [PATCH 4/4] Enhance the capability maps --- .../serj/jcapslock/agent/PolicyChecker.java | 35 +- .../capability/CapabilityMapper.java | 102 +- .../resources/interesting/java-interesting.cm | 24 +- .../main/resources/interesting/java-safe.cm | 455 ++--- .../interesting/openjdk-sec-manager.cm | 450 +++++ .../capability/CapabilityMapperTest.java | 119 +- .../compress-test/.capslock/snapshot.json | 1494 +++++++++++++---- examples/quick-test/.capslock/snapshot.json | 106 +- 8 files changed, 2109 insertions(+), 676 deletions(-) create mode 100644 core/src/main/resources/interesting/openjdk-sec-manager.cm diff --git a/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java b/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java index d8c561d..c791e1a 100644 --- a/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java +++ b/agent/src/main/java/com/github/serj/jcapslock/agent/PolicyChecker.java @@ -13,11 +13,37 @@ public class PolicyChecker { public static final String PROP_PREFIX = "capslock.block."; + /** + * Reentrancy guard to prevent infinite recursion when instrumented methods + * (like System.getProperty, Thread.getStackTrace) are called from within check(). + * NOTE: Cannot use ThreadLocal.withInitial(() -> false) because lambda creation + * triggers instrumented methods before IN_CHECK is initialized. + */ + private static final ThreadLocal IN_CHECK = new ThreadLocal() { + @Override + protected Boolean initialValue() { + return Boolean.FALSE; + } + }; + /** * Check if capability is allowed for the current call stack. * Throws SecurityException if blocked. */ public static void check(String capability) { + // Reentrancy guard: if we're already in a check, skip to prevent infinite recursion + if (IN_CHECK.get()) { + return; + } + IN_CHECK.set(true); + try { + doCheck(capability); + } finally { + IN_CHECK.set(false); + } + } + + private static void doCheck(String capability) { String blocked = System.getProperty(PROP_PREFIX + capability); String[] blockedPackages = (blocked != null) ? blocked.split(",") : null; @@ -31,21 +57,24 @@ public static void check(String capability) { RuntimeCallGraph.recordPath(capability, appFrames); } - logFrames(capability, appFrames); - if (blockedPackages != null) { String violator = findViolator(appFrames, blockedPackages); if (violator != null) { + logFrames(capability, appFrames); throw new SecurityException("[CAPSLOCK] " + capability + " blocked for " + violator); } } } + private static final String POLICY_CHECKER_CLASS = PolicyChecker.class.getName(); + private static List collectAppFrames() { StackTraceElement[] stack = Thread.currentThread().getStackTrace(); List appFrames = new ArrayList<>(); for (int i = 2; i < stack.length; i++) { - if (!JavaUtils.isJdkPackage(stack[i].getClassName())) { + String className = stack[i].getClassName(); + // Filter out JDK packages and PolicyChecker itself (to avoid self-reference in logs) + if (!JavaUtils.isJdkPackage(className) && !className.equals(POLICY_CHECKER_CLASS)) { appFrames.add(stack[i]); } } diff --git a/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java b/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java index 293f51a..6f3aef1 100644 --- a/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java +++ b/core/src/main/java/com/github/serj/jcapslock/capability/CapabilityMapper.java @@ -19,14 +19,14 @@ /** * Static utility for mapping Java methods to capabilities. - * Loads capability mappings once at startup from the interesting.cm format. + * Loads capability mappings once at startup from the .cm format. * Format: method * - * Also loads safe function mappings that block capability inheritance. - * Format: SAFE + * CAPABILITY_SAFE is special - it marks functions and their callees as safe. */ public final class CapabilityMapper { public static final String DEFAULT_RESOURCE = "interesting/java-interesting.cm"; + public static final String OPENJDK_SEC_MANAGER_RESOURCE = "interesting/openjdk-sec-manager.cm"; public static final String SAFE_FUNCTIONS_RESOURCE = "interesting/java-safe.cm"; private static final Logger LOGGER = Logger.getLogger(CapabilityMapper.class.getName()); @@ -39,88 +39,39 @@ public final class CapabilityMapper { SAFE_METHODS = ConcurrentHashMap.newKeySet(); SAFE_CLASSES = ConcurrentHashMap.newKeySet(); loadDefaultMappings(); - loadSafeFunctions(); } - + private CapabilityMapper() { // Prevent instantiation } - + /** - * Load default capability mappings from the classpath resource. + * Load default capability mappings from classpath resources. + * Loads manually crafted mappings, SecurityManager mappings, and safe function mappings. */ private static void loadDefaultMappings() { + // Load manually crafted mappings (required) try { loadFromResource(DEFAULT_RESOURCE); } catch (IOException e) { LOGGER.severe("Failed to load default capability mappings: " + e.getMessage()); } - } - /** - * Load safe function mappings from the classpath resource. - */ - private static void loadSafeFunctions() { + // Load auto-generated SecurityManager-derived mappings try { - loadSafeFromResource(SAFE_FUNCTIONS_RESOURCE); + loadFromResource(OPENJDK_SEC_MANAGER_RESOURCE); } catch (IOException e) { - LOGGER.warning("Failed to load safe function mappings: " + e.getMessage()); - // Not fatal - safe functions are optional + LOGGER.fine("OpenJDK SecurityManager mappings not found (optional): " + e.getMessage()); } - } - /** - * Load safe function mappings from a classpath resource. - */ - public static void loadSafeFromResource(String resourcePath) throws IOException { - ClassLoader cl = CapabilityMapper.class.getClassLoader(); - InputStream is = (cl != null) - ? cl.getResourceAsStream(resourcePath) - : ClassLoader.getSystemResourceAsStream(resourcePath); - if (is == null) { - throw new IOException("Resource not found: " + resourcePath); - } - - try (BufferedReader reader = new BufferedReader(new InputStreamReader(is))) { - processSafeLines(reader.lines()); - LOGGER.info("Loaded safe function mappings from resource: " + resourcePath); + // Load safe function mappings + try { + loadFromResource(SAFE_FUNCTIONS_RESOURCE); + } catch (IOException e) { + LOGGER.fine("Safe function mappings not found (optional): " + e.getMessage()); } } - /** - * Process lines from the safe functions file. - */ - private static void processSafeLines(Stream lines) { - lines.map(String::trim) - .filter(line -> !line.isEmpty() && !line.startsWith("#")) - .forEach(CapabilityMapper::parseSafeLine); - } - - /** - * Parse a single line from the safe functions file. - * Format: SAFE . - * Use * as wildcard for all methods in a class. - */ - private static void parseSafeLine(String line) { - String[] parts = line.split("\\s+"); - if (parts.length != 2 || !parts[0].equals("SAFE")) { - LOGGER.warning("Invalid safe function line format: " + line); - return; - } - - String methodSignature = parts[1]; - - // Check for wildcard (class.*) - if (methodSignature.endsWith(".*")) { - String className = methodSignature.substring(0, methodSignature.length() - 2); - SAFE_CLASSES.add(className); - LOGGER.fine("Added safe class: " + className); - } else { - SAFE_METHODS.add(methodSignature); - LOGGER.fine("Added safe method: " + methodSignature); - } - } - /** * Load additional capability mappings from a file. * Can be called to supplement the default mappings. @@ -168,10 +119,24 @@ private static void parseLine(String line) { LOGGER.warning("Invalid line format: " + line); return; } - + String methodSignature = parts[1]; String capabilityName = parts[2]; - + + // Handle manually-crafted CAPABILITY_SAFE specially + // it goes into SAFE_METHODS/SAFE_CLASSES + if ("CAPABILITY_SAFE".equals(capabilityName)) { + if (methodSignature.endsWith(".*")) { + String className = methodSignature.substring(0, methodSignature.length() - 2); + SAFE_CLASSES.add(className); + LOGGER.fine("Added safe class: " + className); + } else { + SAFE_METHODS.add(methodSignature); + LOGGER.fine("Added safe method: " + methodSignature); + } + return; + } + try { Capability capability = Capability.valueOf(capabilityName); METHOD_CAPABILITIES.computeIfAbsent(methodSignature, k -> ConcurrentHashMap.newKeySet()) @@ -221,7 +186,7 @@ public static boolean hasCapability(String className, String methodName) { /** * Check if a method is marked as SAFE. - * Safe methods block capability inheritance from their callees. + * Safe methods assumes also safe callees. * * @param className Fully qualified class name (e.g., "java.lang.String") * @param methodName Method name (e.g., "length") @@ -274,7 +239,6 @@ public static void reset() { SAFE_METHODS.clear(); SAFE_CLASSES.clear(); loadDefaultMappings(); - loadSafeFunctions(); } /** diff --git a/core/src/main/resources/interesting/java-interesting.cm b/core/src/main/resources/interesting/java-interesting.cm index 96ae2cc..aea721c 100644 --- a/core/src/main/resources/interesting/java-interesting.cm +++ b/core/src/main/resources/interesting/java-interesting.cm @@ -2,13 +2,6 @@ # Format: method # Using standard Java notation with dots (.) -# ===== java.awt ===== -method java.awt.Desktop.open CAPABILITY_EXEC -method java.awt.Desktop.browse CAPABILITY_EXEC -method java.awt.Desktop.mail CAPABILITY_EXEC -method java.awt.Desktop.edit CAPABILITY_EXEC -method java.awt.Desktop.print CAPABILITY_EXEC - # ===== java.io ===== method java.io.File.delete CAPABILITY_FILES method java.io.File.length CAPABILITY_FILES @@ -37,6 +30,7 @@ method java.lang.Class.newInstance CAPABILITY_REFLECT method java.lang.ClassLoader.loadClass CAPABILITY_REFLECT method java.lang.ClassLoader.defineClass CAPABILITY_REFLECT +method java.lang.ClassLoader.defineClass CAPABILITY_ARBITRARY_EXECUTION method java.lang.ClassLoader.findClass CAPABILITY_REFLECT method java.lang.ProcessBuilder.start CAPABILITY_EXEC @@ -159,16 +153,16 @@ method java.nio.file.Files.size CAPABILITY_FILES method java.nio.file.Files.isDirectory CAPABILITY_FILES # ===== jdk.internal.misc ===== -method jdk.internal.misc.Unsafe.allocateMemory CAPABILITY_CGO -method jdk.internal.misc.Unsafe.freeMemory CAPABILITY_CGO -method jdk.internal.misc.Unsafe.setMemory CAPABILITY_CGO -method jdk.internal.misc.Unsafe.copyMemory CAPABILITY_CGO +method jdk.internal.misc.Unsafe.allocateMemory CAPABILITY_UNSAFE_POINTER +method jdk.internal.misc.Unsafe.freeMemory CAPABILITY_UNSAFE_POINTER +method jdk.internal.misc.Unsafe.setMemory CAPABILITY_UNSAFE_POINTER +method jdk.internal.misc.Unsafe.copyMemory CAPABILITY_UNSAFE_POINTER # ===== sun.misc ===== -method sun.misc.Unsafe.allocateMemory CAPABILITY_CGO -method sun.misc.Unsafe.freeMemory CAPABILITY_CGO -method sun.misc.Unsafe.putAddress CAPABILITY_CGO -method sun.misc.Unsafe.getAddress CAPABILITY_CGO +method sun.misc.Unsafe.allocateMemory CAPABILITY_UNSAFE_POINTER +method sun.misc.Unsafe.freeMemory CAPABILITY_UNSAFE_POINTER +method sun.misc.Unsafe.putAddress CAPABILITY_UNSAFE_POINTER +method sun.misc.Unsafe.getAddress CAPABILITY_UNSAFE_POINTER method sun.misc.Unsafe.allocateInstance CAPABILITY_UNSAFE_POINTER method sun.misc.Unsafe.objectFieldOffset CAPABILITY_UNSAFE_POINTER method sun.misc.Unsafe.compareAndSwapInt CAPABILITY_UNSAFE_POINTER diff --git a/core/src/main/resources/interesting/java-safe.cm b/core/src/main/resources/interesting/java-safe.cm index 9d952f5..5c9982e 100644 --- a/core/src/main/resources/interesting/java-safe.cm +++ b/core/src/main/resources/interesting/java-safe.cm @@ -1,8 +1,8 @@ # Java Safe Functions -# Functions marked as SAFE block capability inheritance from callees. +# Functions marked as CAPABILITY_SAFE block capability inheritance from callees. # This is similar to Go CapsLock's CAPABILITY_SAFE marking. # -# Format: SAFE . +# Format: method . CAPABILITY_SAFE # Use * as wildcard for all methods in a class # # A SAFE function: @@ -11,242 +11,295 @@ # - Is considered to have no security-relevant side effects # java.lang.String - All string operations are safe -SAFE java.lang.String.* +method java.lang.String.* CAPABILITY_SAFE # java.lang.Object - Basic object methods -SAFE java.lang.Object.equals -SAFE java.lang.Object.hashCode -SAFE java.lang.Object.toString -SAFE java.lang.Object.getClass +method java.lang.Object.equals CAPABILITY_SAFE +method java.lang.Object.hashCode CAPABILITY_SAFE +method java.lang.Object.toString CAPABILITY_SAFE +method java.lang.Object.getClass CAPABILITY_SAFE # Primitive wrapper classes - value operations -SAFE java.lang.Integer.valueOf -SAFE java.lang.Integer.parseInt -SAFE java.lang.Integer.intValue -SAFE java.lang.Integer.toString -SAFE java.lang.Integer.compareTo -SAFE java.lang.Integer.equals -SAFE java.lang.Integer.hashCode - -SAFE java.lang.Long.valueOf -SAFE java.lang.Long.parseLong -SAFE java.lang.Long.longValue -SAFE java.lang.Long.toString -SAFE java.lang.Long.compareTo -SAFE java.lang.Long.equals -SAFE java.lang.Long.hashCode - -SAFE java.lang.Double.valueOf -SAFE java.lang.Double.parseDouble -SAFE java.lang.Double.doubleValue -SAFE java.lang.Double.toString -SAFE java.lang.Double.compareTo -SAFE java.lang.Double.equals -SAFE java.lang.Double.hashCode -SAFE java.lang.Double.isNaN -SAFE java.lang.Double.isInfinite - -SAFE java.lang.Float.valueOf -SAFE java.lang.Float.parseFloat -SAFE java.lang.Float.floatValue -SAFE java.lang.Float.toString -SAFE java.lang.Float.compareTo -SAFE java.lang.Float.equals -SAFE java.lang.Float.hashCode -SAFE java.lang.Float.isNaN -SAFE java.lang.Float.isInfinite - -SAFE java.lang.Boolean.valueOf -SAFE java.lang.Boolean.parseBoolean -SAFE java.lang.Boolean.booleanValue -SAFE java.lang.Boolean.toString -SAFE java.lang.Boolean.compareTo -SAFE java.lang.Boolean.equals -SAFE java.lang.Boolean.hashCode - -SAFE java.lang.Byte.valueOf -SAFE java.lang.Byte.parseByte -SAFE java.lang.Byte.byteValue -SAFE java.lang.Byte.toString - -SAFE java.lang.Short.valueOf -SAFE java.lang.Short.parseShort -SAFE java.lang.Short.shortValue -SAFE java.lang.Short.toString - -SAFE java.lang.Character.valueOf -SAFE java.lang.Character.charValue -SAFE java.lang.Character.toString -SAFE java.lang.Character.isDigit -SAFE java.lang.Character.isLetter -SAFE java.lang.Character.isWhitespace -SAFE java.lang.Character.toLowerCase -SAFE java.lang.Character.toUpperCase +method java.lang.Integer.valueOf CAPABILITY_SAFE +method java.lang.Integer.parseInt CAPABILITY_SAFE +method java.lang.Integer.intValue CAPABILITY_SAFE +method java.lang.Integer.toString CAPABILITY_SAFE +method java.lang.Integer.compareTo CAPABILITY_SAFE +method java.lang.Integer.equals CAPABILITY_SAFE +method java.lang.Integer.hashCode CAPABILITY_SAFE + +method java.lang.Long.valueOf CAPABILITY_SAFE +method java.lang.Long.parseLong CAPABILITY_SAFE +method java.lang.Long.longValue CAPABILITY_SAFE +method java.lang.Long.toString CAPABILITY_SAFE +method java.lang.Long.compareTo CAPABILITY_SAFE +method java.lang.Long.equals CAPABILITY_SAFE +method java.lang.Long.hashCode CAPABILITY_SAFE + +method java.lang.Double.valueOf CAPABILITY_SAFE +method java.lang.Double.parseDouble CAPABILITY_SAFE +method java.lang.Double.doubleValue CAPABILITY_SAFE +method java.lang.Double.toString CAPABILITY_SAFE +method java.lang.Double.compareTo CAPABILITY_SAFE +method java.lang.Double.equals CAPABILITY_SAFE +method java.lang.Double.hashCode CAPABILITY_SAFE +method java.lang.Double.isNaN CAPABILITY_SAFE +method java.lang.Double.isInfinite CAPABILITY_SAFE + +method java.lang.Float.valueOf CAPABILITY_SAFE +method java.lang.Float.parseFloat CAPABILITY_SAFE +method java.lang.Float.floatValue CAPABILITY_SAFE +method java.lang.Float.toString CAPABILITY_SAFE +method java.lang.Float.compareTo CAPABILITY_SAFE +method java.lang.Float.equals CAPABILITY_SAFE +method java.lang.Float.hashCode CAPABILITY_SAFE +method java.lang.Float.isNaN CAPABILITY_SAFE +method java.lang.Float.isInfinite CAPABILITY_SAFE + +method java.lang.Boolean.valueOf CAPABILITY_SAFE +method java.lang.Boolean.parseBoolean CAPABILITY_SAFE +method java.lang.Boolean.booleanValue CAPABILITY_SAFE +method java.lang.Boolean.toString CAPABILITY_SAFE +method java.lang.Boolean.compareTo CAPABILITY_SAFE +method java.lang.Boolean.equals CAPABILITY_SAFE +method java.lang.Boolean.hashCode CAPABILITY_SAFE + +method java.lang.Byte.valueOf CAPABILITY_SAFE +method java.lang.Byte.parseByte CAPABILITY_SAFE +method java.lang.Byte.byteValue CAPABILITY_SAFE +method java.lang.Byte.toString CAPABILITY_SAFE + +method java.lang.Short.valueOf CAPABILITY_SAFE +method java.lang.Short.parseShort CAPABILITY_SAFE +method java.lang.Short.shortValue CAPABILITY_SAFE +method java.lang.Short.toString CAPABILITY_SAFE + +method java.lang.Character.valueOf CAPABILITY_SAFE +method java.lang.Character.charValue CAPABILITY_SAFE +method java.lang.Character.toString CAPABILITY_SAFE +method java.lang.Character.isDigit CAPABILITY_SAFE +method java.lang.Character.isLetter CAPABILITY_SAFE +method java.lang.Character.isWhitespace CAPABILITY_SAFE +method java.lang.Character.toLowerCase CAPABILITY_SAFE +method java.lang.Character.toUpperCase CAPABILITY_SAFE # java.lang.Math - All math operations are safe -SAFE java.lang.Math.* +method java.lang.Math.* CAPABILITY_SAFE # java.lang.StrictMath - All strict math operations are safe -SAFE java.lang.StrictMath.* +method java.lang.StrictMath.* CAPABILITY_SAFE # java.util.Objects - Utility methods -SAFE java.util.Objects.requireNonNull -SAFE java.util.Objects.equals -SAFE java.util.Objects.deepEquals -SAFE java.util.Objects.hashCode -SAFE java.util.Objects.hash -SAFE java.util.Objects.toString -SAFE java.util.Objects.compare -SAFE java.util.Objects.isNull -SAFE java.util.Objects.nonNull +method java.util.Objects.requireNonNull CAPABILITY_SAFE +method java.util.Objects.equals CAPABILITY_SAFE +method java.util.Objects.deepEquals CAPABILITY_SAFE +method java.util.Objects.hashCode CAPABILITY_SAFE +method java.util.Objects.hash CAPABILITY_SAFE +method java.util.Objects.toString CAPABILITY_SAFE +method java.util.Objects.compare CAPABILITY_SAFE +method java.util.Objects.isNull CAPABILITY_SAFE +method java.util.Objects.nonNull CAPABILITY_SAFE # java.util.Optional - Safe container operations -SAFE java.util.Optional.* -SAFE java.util.OptionalInt.* -SAFE java.util.OptionalLong.* -SAFE java.util.OptionalDouble.* +method java.util.Optional.* CAPABILITY_SAFE +method java.util.OptionalInt.* CAPABILITY_SAFE +method java.util.OptionalLong.* CAPABILITY_SAFE +method java.util.OptionalDouble.* CAPABILITY_SAFE # java.util.Arrays - Array utility methods (most are safe) -SAFE java.util.Arrays.equals -SAFE java.util.Arrays.deepEquals -SAFE java.util.Arrays.hashCode -SAFE java.util.Arrays.deepHashCode -SAFE java.util.Arrays.toString -SAFE java.util.Arrays.deepToString -SAFE java.util.Arrays.binarySearch -SAFE java.util.Arrays.copyOf -SAFE java.util.Arrays.copyOfRange -SAFE java.util.Arrays.fill -SAFE java.util.Arrays.sort -SAFE java.util.Arrays.asList +method java.util.Arrays.equals CAPABILITY_SAFE +method java.util.Arrays.deepEquals CAPABILITY_SAFE +method java.util.Arrays.hashCode CAPABILITY_SAFE +method java.util.Arrays.deepHashCode CAPABILITY_SAFE +method java.util.Arrays.toString CAPABILITY_SAFE +method java.util.Arrays.deepToString CAPABILITY_SAFE +method java.util.Arrays.binarySearch CAPABILITY_SAFE +method java.util.Arrays.copyOf CAPABILITY_SAFE +method java.util.Arrays.copyOfRange CAPABILITY_SAFE +method java.util.Arrays.fill CAPABILITY_SAFE +method java.util.Arrays.sort CAPABILITY_SAFE +method java.util.Arrays.asList CAPABILITY_SAFE # java.util.Collections - Unmodifiable wrappers are safe -SAFE java.util.Collections.unmodifiableCollection -SAFE java.util.Collections.unmodifiableList -SAFE java.util.Collections.unmodifiableSet -SAFE java.util.Collections.unmodifiableMap -SAFE java.util.Collections.unmodifiableSortedSet -SAFE java.util.Collections.unmodifiableSortedMap -SAFE java.util.Collections.emptyList -SAFE java.util.Collections.emptySet -SAFE java.util.Collections.emptyMap -SAFE java.util.Collections.singleton -SAFE java.util.Collections.singletonList -SAFE java.util.Collections.singletonMap -SAFE java.util.Collections.sort -SAFE java.util.Collections.binarySearch -SAFE java.util.Collections.reverse -SAFE java.util.Collections.shuffle -SAFE java.util.Collections.min -SAFE java.util.Collections.max +method java.util.Collections.unmodifiableCollection CAPABILITY_SAFE +method java.util.Collections.unmodifiableList CAPABILITY_SAFE +method java.util.Collections.unmodifiableSet CAPABILITY_SAFE +method java.util.Collections.unmodifiableMap CAPABILITY_SAFE +method java.util.Collections.unmodifiableSortedSet CAPABILITY_SAFE +method java.util.Collections.unmodifiableSortedMap CAPABILITY_SAFE +method java.util.Collections.emptyList CAPABILITY_SAFE +method java.util.Collections.emptySet CAPABILITY_SAFE +method java.util.Collections.emptyMap CAPABILITY_SAFE +method java.util.Collections.singleton CAPABILITY_SAFE +method java.util.Collections.singletonList CAPABILITY_SAFE +method java.util.Collections.singletonMap CAPABILITY_SAFE +method java.util.Collections.sort CAPABILITY_SAFE +method java.util.Collections.binarySearch CAPABILITY_SAFE +method java.util.Collections.reverse CAPABILITY_SAFE +method java.util.Collections.shuffle CAPABILITY_SAFE +method java.util.Collections.min CAPABILITY_SAFE +method java.util.Collections.max CAPABILITY_SAFE # Collection interface - Read-only operations -SAFE java.util.Collection.size -SAFE java.util.Collection.isEmpty -SAFE java.util.Collection.contains -SAFE java.util.Collection.containsAll -SAFE java.util.Collection.iterator -SAFE java.util.Collection.toArray +method java.util.Collection.size CAPABILITY_SAFE +method java.util.Collection.isEmpty CAPABILITY_SAFE +method java.util.Collection.contains CAPABILITY_SAFE +method java.util.Collection.containsAll CAPABILITY_SAFE +method java.util.Collection.iterator CAPABILITY_SAFE +method java.util.Collection.toArray CAPABILITY_SAFE # List interface - Read-only operations -SAFE java.util.List.get -SAFE java.util.List.indexOf -SAFE java.util.List.lastIndexOf -SAFE java.util.List.subList +method java.util.List.get CAPABILITY_SAFE +method java.util.List.indexOf CAPABILITY_SAFE +method java.util.List.lastIndexOf CAPABILITY_SAFE +method java.util.List.subList CAPABILITY_SAFE # Map interface - Read-only operations -SAFE java.util.Map.size -SAFE java.util.Map.isEmpty -SAFE java.util.Map.containsKey -SAFE java.util.Map.containsValue -SAFE java.util.Map.get -SAFE java.util.Map.getOrDefault -SAFE java.util.Map.keySet -SAFE java.util.Map.values -SAFE java.util.Map.entrySet +method java.util.Map.size CAPABILITY_SAFE +method java.util.Map.isEmpty CAPABILITY_SAFE +method java.util.Map.containsKey CAPABILITY_SAFE +method java.util.Map.containsValue CAPABILITY_SAFE +method java.util.Map.get CAPABILITY_SAFE +method java.util.Map.getOrDefault CAPABILITY_SAFE +method java.util.Map.keySet CAPABILITY_SAFE +method java.util.Map.values CAPABILITY_SAFE +method java.util.Map.entrySet CAPABILITY_SAFE # Set interface - Read-only operations -SAFE java.util.Set.size -SAFE java.util.Set.isEmpty -SAFE java.util.Set.contains -SAFE java.util.Set.containsAll -SAFE java.util.Set.iterator -SAFE java.util.Set.toArray +method java.util.Set.size CAPABILITY_SAFE +method java.util.Set.isEmpty CAPABILITY_SAFE +method java.util.Set.contains CAPABILITY_SAFE +method java.util.Set.containsAll CAPABILITY_SAFE +method java.util.Set.iterator CAPABILITY_SAFE +method java.util.Set.toArray CAPABILITY_SAFE # StringBuilder/StringBuffer - String building is safe -SAFE java.lang.StringBuilder.* -SAFE java.lang.StringBuffer.* +method java.lang.StringBuilder.* CAPABILITY_SAFE +method java.lang.StringBuffer.* CAPABILITY_SAFE # java.util.regex - Pattern matching (read-only) -SAFE java.util.regex.Pattern.compile -SAFE java.util.regex.Pattern.matcher -SAFE java.util.regex.Pattern.matches -SAFE java.util.regex.Pattern.pattern -SAFE java.util.regex.Pattern.flags -SAFE java.util.regex.Matcher.matches -SAFE java.util.regex.Matcher.find -SAFE java.util.regex.Matcher.group -SAFE java.util.regex.Matcher.start -SAFE java.util.regex.Matcher.end -SAFE java.util.regex.Matcher.reset -SAFE java.util.regex.Matcher.replaceAll -SAFE java.util.regex.Matcher.replaceFirst +method java.util.regex.Pattern.compile CAPABILITY_SAFE +method java.util.regex.Pattern.matcher CAPABILITY_SAFE +method java.util.regex.Pattern.matches CAPABILITY_SAFE +method java.util.regex.Pattern.pattern CAPABILITY_SAFE +method java.util.regex.Pattern.flags CAPABILITY_SAFE +method java.util.regex.Matcher.matches CAPABILITY_SAFE +method java.util.regex.Matcher.find CAPABILITY_SAFE +method java.util.regex.Matcher.group CAPABILITY_SAFE +method java.util.regex.Matcher.start CAPABILITY_SAFE +method java.util.regex.Matcher.end CAPABILITY_SAFE +method java.util.regex.Matcher.reset CAPABILITY_SAFE +method java.util.regex.Matcher.replaceAll CAPABILITY_SAFE +method java.util.regex.Matcher.replaceFirst CAPABILITY_SAFE # java.time - Immutable time classes are safe -SAFE java.time.Instant.* -SAFE java.time.LocalDate.* -SAFE java.time.LocalTime.* -SAFE java.time.LocalDateTime.* -SAFE java.time.ZonedDateTime.* -SAFE java.time.Duration.* -SAFE java.time.Period.* -SAFE java.time.ZoneId.* -SAFE java.time.ZoneOffset.* +method java.time.Instant.* CAPABILITY_SAFE +method java.time.LocalDate.* CAPABILITY_SAFE +method java.time.LocalTime.* CAPABILITY_SAFE +method java.time.LocalDateTime.* CAPABILITY_SAFE +method java.time.ZonedDateTime.* CAPABILITY_SAFE +method java.time.Duration.* CAPABILITY_SAFE +method java.time.Period.* CAPABILITY_SAFE +method java.time.ZoneId.* CAPABILITY_SAFE +method java.time.ZoneOffset.* CAPABILITY_SAFE # java.math - BigInteger and BigDecimal are safe -SAFE java.math.BigInteger.* -SAFE java.math.BigDecimal.* -SAFE java.math.MathContext.* +method java.math.BigInteger.* CAPABILITY_SAFE +method java.math.BigDecimal.* CAPABILITY_SAFE +method java.math.MathContext.* CAPABILITY_SAFE # java.util.UUID - UUID generation and parsing -SAFE java.util.UUID.randomUUID -SAFE java.util.UUID.fromString -SAFE java.util.UUID.toString -SAFE java.util.UUID.equals -SAFE java.util.UUID.hashCode -SAFE java.util.UUID.compareTo +method java.util.UUID.randomUUID CAPABILITY_SAFE +method java.util.UUID.fromString CAPABILITY_SAFE +method java.util.UUID.toString CAPABILITY_SAFE +method java.util.UUID.equals CAPABILITY_SAFE +method java.util.UUID.hashCode CAPABILITY_SAFE +method java.util.UUID.compareTo CAPABILITY_SAFE # java.nio - Buffer read operations -SAFE java.nio.Buffer.position -SAFE java.nio.Buffer.limit -SAFE java.nio.Buffer.capacity -SAFE java.nio.Buffer.remaining -SAFE java.nio.Buffer.hasRemaining -SAFE java.nio.ByteBuffer.get -SAFE java.nio.ByteBuffer.getInt -SAFE java.nio.ByteBuffer.getLong -SAFE java.nio.ByteBuffer.getDouble -SAFE java.nio.ByteBuffer.wrap -SAFE java.nio.ByteBuffer.allocate +method java.nio.Buffer.position CAPABILITY_SAFE +method java.nio.Buffer.limit CAPABILITY_SAFE +method java.nio.Buffer.capacity CAPABILITY_SAFE +method java.nio.Buffer.remaining CAPABILITY_SAFE +method java.nio.Buffer.hasRemaining CAPABILITY_SAFE +method java.nio.ByteBuffer.get CAPABILITY_SAFE +method java.nio.ByteBuffer.getInt CAPABILITY_SAFE +method java.nio.ByteBuffer.getLong CAPABILITY_SAFE +method java.nio.ByteBuffer.getDouble CAPABILITY_SAFE +method java.nio.ByteBuffer.wrap CAPABILITY_SAFE +method java.nio.ByteBuffer.allocate CAPABILITY_SAFE # Logging frameworks - Logging is generally safe -SAFE java.util.logging.Logger.info -SAFE java.util.logging.Logger.warning -SAFE java.util.logging.Logger.severe -SAFE java.util.logging.Logger.fine -SAFE java.util.logging.Logger.finer -SAFE java.util.logging.Logger.finest -SAFE java.util.logging.Logger.log -SAFE java.util.logging.Logger.isLoggable +method java.util.logging.Logger.info CAPABILITY_SAFE +method java.util.logging.Logger.warning CAPABILITY_SAFE +method java.util.logging.Logger.severe CAPABILITY_SAFE +method java.util.logging.Logger.fine CAPABILITY_SAFE +method java.util.logging.Logger.finer CAPABILITY_SAFE +method java.util.logging.Logger.finest CAPABILITY_SAFE +method java.util.logging.Logger.log CAPABILITY_SAFE +method java.util.logging.Logger.isLoggable CAPABILITY_SAFE # Common third-party logging (if used) -SAFE org.slf4j.Logger.info -SAFE org.slf4j.Logger.warn -SAFE org.slf4j.Logger.error -SAFE org.slf4j.Logger.debug -SAFE org.slf4j.Logger.trace -SAFE org.slf4j.Logger.isInfoEnabled -SAFE org.slf4j.Logger.isDebugEnabled -SAFE org.slf4j.Logger.isWarnEnabled -SAFE org.slf4j.Logger.isErrorEnabled -SAFE org.slf4j.Logger.isTraceEnabled +method org.slf4j.Logger.info CAPABILITY_SAFE +method org.slf4j.Logger.warn CAPABILITY_SAFE +method org.slf4j.Logger.error CAPABILITY_SAFE +method org.slf4j.Logger.debug CAPABILITY_SAFE +method org.slf4j.Logger.trace CAPABILITY_SAFE +method org.slf4j.Logger.isInfoEnabled CAPABILITY_SAFE +method org.slf4j.Logger.isDebugEnabled CAPABILITY_SAFE +method org.slf4j.Logger.isWarnEnabled CAPABILITY_SAFE +method org.slf4j.Logger.isErrorEnabled CAPABILITY_SAFE +method org.slf4j.Logger.isTraceEnabled CAPABILITY_SAFE + +# java.util.Iterator - Read-only iteration +method java.util.Iterator.hasNext CAPABILITY_SAFE +method java.util.Iterator.next CAPABILITY_SAFE + +# java.lang.Enum - Enum utilities (pure) +method java.lang.Enum.name CAPABILITY_SAFE +method java.lang.Enum.ordinal CAPABILITY_SAFE +method java.lang.Enum.valueOf CAPABILITY_SAFE +method java.lang.Enum.toString CAPABILITY_SAFE +method java.lang.Enum.equals CAPABILITY_SAFE +method java.lang.Enum.hashCode CAPABILITY_SAFE +method java.lang.Enum.compareTo CAPABILITY_SAFE + +# java.util.Locale - Locale metadata +method java.util.Locale.* CAPABILITY_SAFE + +# java.nio.charset.Charset - Charset metadata +method java.nio.charset.Charset.forName CAPABILITY_SAFE +method java.nio.charset.Charset.defaultCharset CAPABILITY_SAFE +method java.nio.charset.Charset.availableCharsets CAPABILITY_SAFE +method java.nio.charset.Charset.isSupported CAPABILITY_SAFE +method java.nio.charset.Charset.name CAPABILITY_SAFE +method java.nio.charset.Charset.aliases CAPABILITY_SAFE +method java.nio.charset.Charset.displayName CAPABILITY_SAFE +method java.nio.charset.Charset.contains CAPABILITY_SAFE +method java.nio.charset.Charset.newEncoder CAPABILITY_SAFE +method java.nio.charset.Charset.newDecoder CAPABILITY_SAFE +method java.nio.charset.Charset.encode CAPABILITY_SAFE +method java.nio.charset.Charset.decode CAPABILITY_SAFE + +# java.util.Base64 - Pure encoding/decoding +method java.util.Base64.getEncoder CAPABILITY_SAFE +method java.util.Base64.getDecoder CAPABILITY_SAFE +method java.util.Base64.getMimeEncoder CAPABILITY_SAFE +method java.util.Base64.getMimeDecoder CAPABILITY_SAFE +method java.util.Base64.getUrlEncoder CAPABILITY_SAFE +method java.util.Base64.getUrlDecoder CAPABILITY_SAFE +method java.util.Base64$Encoder.encode CAPABILITY_SAFE +method java.util.Base64$Encoder.encodeToString CAPABILITY_SAFE +method java.util.Base64$Decoder.decode CAPABILITY_SAFE + +# java.net.URI - URI parsing (no network, unlike URL) +method java.net.URI.* CAPABILITY_SAFE + +# java.util.StringJoiner - Pure string building +method java.util.StringJoiner.* CAPABILITY_SAFE + +# java.text.MessageFormat - Pure string formatting +method java.text.MessageFormat.format CAPABILITY_SAFE +method java.text.MessageFormat.parse CAPABILITY_SAFE +method java.text.MessageFormat.toPattern CAPABILITY_SAFE +method java.text.MessageFormat.applyPattern CAPABILITY_SAFE \ No newline at end of file diff --git a/core/src/main/resources/interesting/openjdk-sec-manager.cm b/core/src/main/resources/interesting/openjdk-sec-manager.cm new file mode 100644 index 0000000..a2844e4 --- /dev/null +++ b/core/src/main/resources/interesting/openjdk-sec-manager.cm @@ -0,0 +1,450 @@ +# OpenJDK SecurityManager-Derived Capability Mappings +# +# Generated from SecurityManager.check* call site analysis in OpenJDK 11 and 17 source. +# These mappings represent methods that historically required security permissions in the security manager +# +# Sources: +# - https://github.com/openjdk/jdk8u (JDK 8) +# - https://github.com/openjdk/jdk11u (JDK 11) +# - https://github.com/openjdk/jdk17u (JDK 17) +# - https://github.com/openjdk/jdk (JDK 22/24) --> only for unsafe. +# +# Methodology: Analyzed SecurityManager.check* calls to map to capabilities +# +# Note on JDK 22+: SecurityManager was deprecated for removal in JDK 17 and +# removed in JDK 24. @Restricted (an internal marker used by the JDK) is used to +# label restricted methods: Java SE methods whose misuse can violate JVM +# integrity (crashes, memory corruption) or otherwise cross the Java runtime +# boundary in a way the runtime can’t validate --> NATIVE +# +# SecurityManager Method -> Capability Mapping: +# checkRead -> CAPABILITY_FILES +# checkWrite -> CAPABILITY_FILES +# checkDelete -> CAPABILITY_FILES +# checkConnect -> CAPABILITY_NETWORK +# checkListen -> CAPABILITY_NETWORK +# checkAccept -> CAPABILITY_NETWORK +# checkExec -> CAPABILITY_EXEC +# checkLink -> CAPABILITY_CGO +# checkPropertyAccess -> CAPABILITY_READ_SYSTEM_STATE +# checkPropertiesAccess -> CAPABILITY_READ_SYSTEM_STATE +# checkPermission(getenv) -> CAPABILITY_READ_SYSTEM_STATE +# checkSetFactory -> CAPABILITY_MODIFY_SYSTEM_STATE +# checkCreateClassLoader -> CAPABILITY_ARBITRARY_EXECUTION +# checkAccess(Thread) -> CAPABILITY_RUNTIME +# checkAccess(ThreadGroup) -> CAPABILITY_RUNTIME +# checkExit -> CAPABILITY_OPERATING_SYSTEM +# checkMemberAccess -> CAPABILITY_REFLECT +# checkPermission(ReflectPermission) -> CAPABILITY_REFLECT + +# ===== CAPABILITY_FILES ===== +# From: java.io.File (checkRead/checkWrite/checkDelete) +method java.io.File.canRead CAPABILITY_FILES +method java.io.File.canWrite CAPABILITY_FILES +method java.io.File.exists CAPABILITY_FILES +method java.io.File.isDirectory CAPABILITY_FILES +method java.io.File.isFile CAPABILITY_FILES +method java.io.File.isHidden CAPABILITY_FILES +method java.io.File.lastModified CAPABILITY_FILES +method java.io.File.length CAPABILITY_FILES +method java.io.File.createNewFile CAPABILITY_FILES +method java.io.File.delete CAPABILITY_FILES +method java.io.File.deleteOnExit CAPABILITY_FILES +method java.io.File.list CAPABILITY_FILES +method java.io.File.listFiles CAPABILITY_FILES +method java.io.File.renameTo CAPABILITY_FILES +method java.io.File.setLastModified CAPABILITY_FILES +method java.io.File.setReadOnly CAPABILITY_FILES +method java.io.File.setWritable CAPABILITY_FILES +method java.io.File.setReadable CAPABILITY_FILES +method java.io.File.setExecutable CAPABILITY_FILES +method java.io.File.canExecute CAPABILITY_FILES +method java.io.File.getTotalSpace CAPABILITY_FILES +method java.io.File.getFreeSpace CAPABILITY_FILES +method java.io.File.getUsableSpace CAPABILITY_FILES +method java.io.File.createTempFile CAPABILITY_FILES +method java.io.File.mkdir CAPABILITY_FILES +method java.io.File.mkdirs CAPABILITY_FILES + +# From: java.io.FileInputStream (checkRead) +method java.io.FileInputStream. CAPABILITY_FILES + +# From: java.io.FileOutputStream (checkWrite) +method java.io.FileOutputStream. CAPABILITY_FILES + +# From: java.io.RandomAccessFile (checkRead/checkWrite) +method java.io.RandomAccessFile. CAPABILITY_FILES + +# From: java.nio.file.Files (checkRead/checkWrite/checkDelete) +method java.nio.file.Files.newInputStream CAPABILITY_FILES +method java.nio.file.Files.newOutputStream CAPABILITY_FILES +method java.nio.file.Files.newByteChannel CAPABILITY_FILES +method java.nio.file.Files.newDirectoryStream CAPABILITY_FILES +method java.nio.file.Files.createFile CAPABILITY_FILES +method java.nio.file.Files.createDirectory CAPABILITY_FILES +method java.nio.file.Files.createDirectories CAPABILITY_FILES +method java.nio.file.Files.createTempFile CAPABILITY_FILES +method java.nio.file.Files.createTempDirectory CAPABILITY_FILES +method java.nio.file.Files.createSymbolicLink CAPABILITY_FILES +method java.nio.file.Files.createLink CAPABILITY_FILES +method java.nio.file.Files.delete CAPABILITY_FILES +method java.nio.file.Files.deleteIfExists CAPABILITY_FILES +method java.nio.file.Files.copy CAPABILITY_FILES +method java.nio.file.Files.move CAPABILITY_FILES +method java.nio.file.Files.getFileStore CAPABILITY_FILES +method java.nio.file.Files.isSameFile CAPABILITY_FILES +method java.nio.file.Files.isHidden CAPABILITY_FILES +method java.nio.file.Files.getFileAttributeView CAPABILITY_FILES +method java.nio.file.Files.readAttributes CAPABILITY_FILES +method java.nio.file.Files.setAttribute CAPABILITY_FILES +method java.nio.file.Files.getAttribute CAPABILITY_FILES +method java.nio.file.Files.getPosixFilePermissions CAPABILITY_FILES +method java.nio.file.Files.setPosixFilePermissions CAPABILITY_FILES +method java.nio.file.Files.getOwner CAPABILITY_FILES +method java.nio.file.Files.setOwner CAPABILITY_FILES +method java.nio.file.Files.exists CAPABILITY_FILES +method java.nio.file.Files.notExists CAPABILITY_FILES +method java.nio.file.Files.isReadable CAPABILITY_FILES +method java.nio.file.Files.isWritable CAPABILITY_FILES +method java.nio.file.Files.isExecutable CAPABILITY_FILES +method java.nio.file.Files.readAllBytes CAPABILITY_FILES +method java.nio.file.Files.readString CAPABILITY_FILES +method java.nio.file.Files.readAllLines CAPABILITY_FILES +method java.nio.file.Files.write CAPABILITY_FILES +method java.nio.file.Files.lines CAPABILITY_FILES +method java.nio.file.Files.list CAPABILITY_FILES +method java.nio.file.Files.walk CAPABILITY_FILES +method java.nio.file.Files.find CAPABILITY_FILES +method java.nio.file.Files.size CAPABILITY_FILES +method java.nio.file.Files.isRegularFile CAPABILITY_FILES +method java.nio.file.Files.isSymbolicLink CAPABILITY_FILES +method java.nio.file.Files.getLastModifiedTime CAPABILITY_FILES +method java.nio.file.Files.setLastModifiedTime CAPABILITY_FILES +method java.nio.file.Files.probeContentType CAPABILITY_FILES +method java.nio.file.Files.readSymbolicLink CAPABILITY_FILES +method java.nio.file.Files.newBufferedReader CAPABILITY_FILES +method java.nio.file.Files.newBufferedWriter CAPABILITY_FILES +method java.nio.file.Files.writeString CAPABILITY_FILES +method java.nio.file.Files.mismatch CAPABILITY_FILES + +# ===== CAPABILITY_NETWORK ===== +# From: java.net.Socket (checkConnect/checkListen) +method java.net.Socket. CAPABILITY_NETWORK +method java.net.Socket.connect CAPABILITY_NETWORK +method java.net.Socket.bind CAPABILITY_NETWORK +method java.net.Socket.getLocalAddress CAPABILITY_NETWORK +method java.net.Socket.setSocketImplFactory CAPABILITY_NETWORK + +# From: java.net.ServerSocket (checkListen/checkAccept/checkConnect) +method java.net.ServerSocket. CAPABILITY_NETWORK +method java.net.ServerSocket.bind CAPABILITY_NETWORK +method java.net.ServerSocket.accept CAPABILITY_NETWORK +method java.net.ServerSocket.getInetAddress CAPABILITY_NETWORK +method java.net.ServerSocket.setSocketFactory CAPABILITY_NETWORK + +# From: java.net.DatagramSocket (checkListen/checkConnect/checkAccept/checkMulticast) +method java.net.DatagramSocket. CAPABILITY_NETWORK +method java.net.DatagramSocket.bind CAPABILITY_NETWORK +method java.net.DatagramSocket.connect CAPABILITY_NETWORK +method java.net.DatagramSocket.send CAPABILITY_NETWORK +method java.net.DatagramSocket.receive CAPABILITY_NETWORK +method java.net.DatagramSocket.getLocalAddress CAPABILITY_NETWORK +method java.net.DatagramSocket.setDatagramSocketImplFactory CAPABILITY_NETWORK + +# From: java.net.MulticastSocket +method java.net.MulticastSocket. CAPABILITY_NETWORK +method java.net.MulticastSocket.joinGroup CAPABILITY_NETWORK +method java.net.MulticastSocket.leaveGroup CAPABILITY_NETWORK +method java.net.MulticastSocket.setInterface CAPABILITY_NETWORK +method java.net.MulticastSocket.setNetworkInterface CAPABILITY_NETWORK + +# From: java.net.InetAddress (checkConnect) +method java.net.InetAddress.getHostName CAPABILITY_NETWORK +method java.net.InetAddress.getCanonicalHostName CAPABILITY_NETWORK +method java.net.InetAddress.getByName CAPABILITY_NETWORK +method java.net.InetAddress.getAllByName CAPABILITY_NETWORK +method java.net.InetAddress.getLocalHost CAPABILITY_NETWORK + +# From: java.net.URL (checkConnect/checkSetFactory) +method java.net.URL.openConnection CAPABILITY_NETWORK +method java.net.URL.openStream CAPABILITY_NETWORK +method java.net.URL.setURLStreamHandlerFactory CAPABILITY_NETWORK + +# From: java.net.URLConnection (checkSetFactory) +method java.net.URLConnection.setFileNameMap CAPABILITY_NETWORK +method java.net.URLConnection.setContentHandlerFactory CAPABILITY_NETWORK + +# From: java.net.http.HttpClient (JDK 11+, URLPermission) +method java.net.http.HttpClient.send CAPABILITY_NETWORK +method java.net.http.HttpClient.sendAsync CAPABILITY_NETWORK +method java.net.http.HttpClient.newHttpClient CAPABILITY_NETWORK +method java.net.http.HttpClient.newBuilder CAPABILITY_NETWORK + +# ===== CAPABILITY_RUNTIME ===== +# From: java.lang.Thread (checkAccess) +method java.lang.Thread.stop CAPABILITY_RUNTIME +method java.lang.Thread.destroy CAPABILITY_RUNTIME +method java.lang.Thread.interrupt CAPABILITY_RUNTIME +method java.lang.Thread.suspend CAPABILITY_RUNTIME +method java.lang.Thread.resume CAPABILITY_RUNTIME +method java.lang.Thread.setPriority CAPABILITY_RUNTIME +method java.lang.Thread.setName CAPABILITY_RUNTIME +method java.lang.Thread.setDaemon CAPABILITY_RUNTIME +method java.lang.Thread.checkAccess CAPABILITY_RUNTIME +method java.lang.Thread.getContextClassLoader CAPABILITY_RUNTIME +method java.lang.Thread.setContextClassLoader CAPABILITY_RUNTIME +method java.lang.Thread.getStackTrace CAPABILITY_RUNTIME +method java.lang.Thread.getAllStackTraces CAPABILITY_RUNTIME +method java.lang.Thread.setDefaultUncaughtExceptionHandler CAPABILITY_RUNTIME +method java.lang.Thread.setUncaughtExceptionHandler CAPABILITY_RUNTIME + +# From: java.lang.ThreadGroup (checkAccess) +method java.lang.ThreadGroup.getParent CAPABILITY_RUNTIME +method java.lang.ThreadGroup.checkAccess CAPABILITY_RUNTIME +method java.lang.ThreadGroup.enumerate CAPABILITY_RUNTIME +method java.lang.ThreadGroup.setDaemon CAPABILITY_RUNTIME +method java.lang.ThreadGroup.setMaxPriority CAPABILITY_RUNTIME +method java.lang.ThreadGroup.stop CAPABILITY_RUNTIME +method java.lang.ThreadGroup.suspend CAPABILITY_RUNTIME +method java.lang.ThreadGroup.interrupt CAPABILITY_RUNTIME +method java.lang.ThreadGroup.resume CAPABILITY_RUNTIME +method java.lang.ThreadGroup.destroy CAPABILITY_RUNTIME + +# From: java.lang.Runtime (memory/gc related) +method java.lang.Runtime.gc CAPABILITY_RUNTIME +method java.lang.Runtime.freeMemory CAPABILITY_RUNTIME +method java.lang.Runtime.totalMemory CAPABILITY_RUNTIME +method java.lang.Runtime.maxMemory CAPABILITY_RUNTIME +method java.lang.Runtime.addShutdownHook CAPABILITY_RUNTIME +method java.lang.Runtime.removeShutdownHook CAPABILITY_RUNTIME + +# From: java.lang.System +method java.lang.System.gc CAPABILITY_RUNTIME +method java.lang.System.runFinalization CAPABILITY_RUNTIME +method java.lang.System.runFinalizersOnExit CAPABILITY_RUNTIME + +# From: java.lang.Runtime (deprecated JDK 8) +method java.lang.Runtime.runFinalizersOnExit CAPABILITY_RUNTIME + +# ===== CAPABILITY_READ_SYSTEM_STATE ===== +# From: java.lang.System (checkPropertyAccess/checkPropertiesAccess/getenv) +method java.lang.System.getProperties CAPABILITY_READ_SYSTEM_STATE +method java.lang.System.getProperty CAPABILITY_READ_SYSTEM_STATE +method java.lang.System.getenv CAPABILITY_READ_SYSTEM_STATE +method java.lang.System.lineSeparator CAPABILITY_READ_SYSTEM_STATE +method java.lang.System.console CAPABILITY_READ_SYSTEM_STATE + +# From: java.lang.Runtime +method java.lang.Runtime.availableProcessors CAPABILITY_READ_SYSTEM_STATE +method java.lang.Runtime.getRuntime CAPABILITY_READ_SYSTEM_STATE +method java.lang.Runtime.version CAPABILITY_READ_SYSTEM_STATE + +# From: java.lang.ProcessBuilder (getenv) +method java.lang.ProcessBuilder.environment CAPABILITY_READ_SYSTEM_STATE + +# From: java.lang.ProcessHandle +method java.lang.ProcessHandle.current CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.of CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.allProcesses CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.info CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.pid CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.parent CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.children CAPABILITY_READ_SYSTEM_STATE +method java.lang.ProcessHandle.descendants CAPABILITY_READ_SYSTEM_STATE + +# From: java.net.NetworkInterface (getNetworkInformation permission) +method java.net.NetworkInterface.getInetAddresses CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.inetAddresses CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getInterfaceAddresses CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getHardwareAddress CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getNetworkInterfaces CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getByName CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getByIndex CAPABILITY_READ_SYSTEM_STATE +method java.net.NetworkInterface.getByInetAddress CAPABILITY_READ_SYSTEM_STATE + +# ===== CAPABILITY_MODIFY_SYSTEM_STATE ===== +# From: java.lang.System (checkPropertiesAccess/setIO) +method java.lang.System.setProperties CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.setProperty CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.clearProperty CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.setIn CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.setOut CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.setErr CAPABILITY_MODIFY_SYSTEM_STATE +method java.lang.System.setSecurityManager CAPABILITY_MODIFY_SYSTEM_STATE + +# From: various setFactory methods (checkSetFactory) +method java.net.Socket.setSocketImplFactory CAPABILITY_MODIFY_SYSTEM_STATE +method java.net.ServerSocket.setSocketFactory CAPABILITY_MODIFY_SYSTEM_STATE +method java.net.DatagramSocket.setDatagramSocketImplFactory CAPABILITY_MODIFY_SYSTEM_STATE +method java.net.URL.setURLStreamHandlerFactory CAPABILITY_MODIFY_SYSTEM_STATE +method java.net.URLConnection.setFileNameMap CAPABILITY_MODIFY_SYSTEM_STATE +method java.net.URLConnection.setContentHandlerFactory CAPABILITY_MODIFY_SYSTEM_STATE + +# ===== CAPABILITY_OPERATING_SYSTEM ===== +# From: java.lang.Runtime (checkExit) +method java.lang.Runtime.exit CAPABILITY_OPERATING_SYSTEM +method java.lang.Runtime.halt CAPABILITY_OPERATING_SYSTEM + +# From: java.lang.System +method java.lang.System.exit CAPABILITY_OPERATING_SYSTEM + +# From: java.awt.Desktop (checkExit for quit handlers) +method java.awt.Desktop.setQuitHandler CAPABILITY_OPERATING_SYSTEM +method java.awt.Desktop.setQuitStrategy CAPABILITY_OPERATING_SYSTEM +method java.awt.Desktop.enableSuddenTermination CAPABILITY_OPERATING_SYSTEM +method java.awt.Desktop.disableSuddenTermination CAPABILITY_OPERATING_SYSTEM +method java.awt.Desktop.moveToTrash CAPABILITY_OPERATING_SYSTEM +method java.awt.Desktop.open CAPABILITY_EXEC +method java.awt.Desktop.browse CAPABILITY_EXEC +method java.awt.Desktop.mail CAPABILITY_EXEC +method java.awt.Desktop.edit CAPABILITY_EXEC +method java.awt.Desktop.print CAPABILITY_EXEC + +# ===== CAPABILITY_ARBITRARY_EXECUTION ===== +# From: java.lang.ClassLoader (checkCreateClassLoader) +method java.lang.ClassLoader. CAPABILITY_ARBITRARY_EXECUTION +method java.lang.ClassLoader.defineClass CAPABILITY_ARBITRARY_EXECUTION +method java.lang.ClassLoader.getParent CAPABILITY_ARBITRARY_EXECUTION +method java.lang.ClassLoader.getPlatformClassLoader CAPABILITY_ARBITRARY_EXECUTION +method java.lang.ClassLoader.getSystemClassLoader CAPABILITY_ARBITRARY_EXECUTION + +# From: java.net.URLClassLoader +method java.net.URLClassLoader. CAPABILITY_ARBITRARY_EXECUTION +method java.net.URLClassLoader.newInstance CAPABILITY_ARBITRARY_EXECUTION +method java.net.URLClassLoader.addURL CAPABILITY_ARBITRARY_EXECUTION + +# From: java.lang.Class.forName (with custom classloader) +method java.lang.Class.forName CAPABILITY_ARBITRARY_EXECUTION + +# From: java.lang.invoke.MethodHandles.Lookup (RuntimePermission defineClass) +method java.lang.invoke.MethodHandles$Lookup.defineClass CAPABILITY_ARBITRARY_EXECUTION +method java.lang.invoke.MethodHandles$Lookup.defineHiddenClass CAPABILITY_ARBITRARY_EXECUTION +method java.lang.invoke.MethodHandles$Lookup.defineHiddenClassWithClassData CAPABILITY_ARBITRARY_EXECUTION + +# ===== CAPABILITY_CGO ===== +# From: java.lang.Runtime (checkLink) +method java.lang.Runtime.load CAPABILITY_CGO +method java.lang.Runtime.loadLibrary CAPABILITY_CGO + +# From: java.lang.System (checkLink) +method java.lang.System.load CAPABILITY_CGO +method java.lang.System.loadLibrary CAPABILITY_CGO +method java.lang.System.mapLibraryName CAPABILITY_CGO + +# From: java.lang.foreign (JDK 21+?, @Restricted - requires native access) +method java.lang.foreign.Linker.nativeLinker CAPABILITY_CGO +method java.lang.foreign.Linker.downcallHandle CAPABILITY_CGO +method java.lang.foreign.Linker.upcallStub CAPABILITY_CGO +method java.lang.foreign.SymbolLookup.libraryLookup CAPABILITY_CGO +# These allocate / access memory, for passing but don't call anything. +method java.lang.foreign.MemorySegment.reinterpret CAPABILITY_UNSAFE_POINTER +method java.lang.foreign.Arena.ofAuto CAPABILITY_UNSAFE_POINTER +method java.lang.foreign.Arena.ofConfined CAPABILITY_UNSAFE_POINTER +method java.lang.foreign.Arena.ofShared CAPABILITY_UNSAFE_POINTER +method java.lang.foreign.Arena.global CAPABILITY_UNSAFE_POINTER + +# ===== CAPABILITY_EXEC ===== +# From: java.lang.Runtime (checkExec) +# NOTE: exec() also requires RUNTIME because JDK internally creates daemon threads +method java.lang.Runtime.exec CAPABILITY_EXEC +method java.lang.Runtime.exec CAPABILITY_RUNTIME + +# From: java.lang.ProcessBuilder (checkExec) +# NOTE: start() also requires RUNTIME because JDK internally creates daemon threads +method java.lang.ProcessBuilder. CAPABILITY_EXEC +method java.lang.ProcessBuilder.start CAPABILITY_EXEC +method java.lang.ProcessBuilder.start CAPABILITY_RUNTIME +method java.lang.ProcessBuilder.command CAPABILITY_EXEC +method java.lang.ProcessBuilder.startPipeline CAPABILITY_EXEC +method java.lang.ProcessBuilder.startPipeline CAPABILITY_RUNTIME + +# From: java.io.File (canExecute uses checkExec) +method java.io.File.canExecute CAPABILITY_EXEC + +# From: java.nio.file.Files (isExecutable) +method java.nio.file.Files.isExecutable CAPABILITY_EXEC + +# From: java.awt.Desktop +method java.awt.Desktop.open CAPABILITY_EXEC +method java.awt.Desktop.edit CAPABILITY_EXEC +method java.awt.Desktop.print CAPABILITY_EXEC +method java.awt.Desktop.browse CAPABILITY_EXEC +method java.awt.Desktop.mail CAPABILITY_EXEC +method java.awt.Desktop.browseFileDirectory CAPABILITY_EXEC + +# ===== CAPABILITY_REFLECT ===== +# From: java.lang.Class (checkMemberAccess) +method java.lang.Class.getField CAPABILITY_REFLECT +method java.lang.Class.getFields CAPABILITY_REFLECT +method java.lang.Class.getMethods CAPABILITY_REFLECT +method java.lang.Class.getMethod CAPABILITY_REFLECT +method java.lang.Class.getConstructors CAPABILITY_REFLECT +method java.lang.Class.getConstructor CAPABILITY_REFLECT +method java.lang.Class.getClasses CAPABILITY_REFLECT +method java.lang.Class.getDeclaredClasses CAPABILITY_REFLECT +method java.lang.Class.getDeclaredFields CAPABILITY_REFLECT +method java.lang.Class.getDeclaredField CAPABILITY_REFLECT +method java.lang.Class.getDeclaredMethods CAPABILITY_REFLECT +method java.lang.Class.getDeclaredMethod CAPABILITY_REFLECT +method java.lang.Class.getDeclaredConstructors CAPABILITY_REFLECT +method java.lang.Class.getDeclaredConstructor CAPABILITY_REFLECT +method java.lang.Class.getEnclosingMethod CAPABILITY_REFLECT +method java.lang.Class.getEnclosingConstructor CAPABILITY_REFLECT +method java.lang.Class.getDeclaringClass CAPABILITY_REFLECT +method java.lang.Class.getEnclosingClass CAPABILITY_REFLECT +method java.lang.Class.getProtectionDomain CAPABILITY_REFLECT +method java.lang.Class.getNestHost CAPABILITY_REFLECT +method java.lang.Class.getNestMembers CAPABILITY_REFLECT +method java.lang.Class.newInstance CAPABILITY_REFLECT +method java.lang.Class.getClassLoader CAPABILITY_REFLECT +method java.lang.Class.forName CAPABILITY_REFLECT + +# From: java.lang.reflect.AccessibleObject (checkPermission ReflectPermission) +method java.lang.reflect.AccessibleObject.setAccessible CAPABILITY_REFLECT +method java.lang.reflect.AccessibleObject.trySetAccessible CAPABILITY_REFLECT + +# From: java.lang.reflect.Field +method java.lang.reflect.Field.setAccessible CAPABILITY_REFLECT +method java.lang.reflect.Field.get CAPABILITY_REFLECT +method java.lang.reflect.Field.set CAPABILITY_REFLECT + +# From: java.lang.reflect.Method +method java.lang.reflect.Method.setAccessible CAPABILITY_REFLECT +method java.lang.reflect.Method.invoke CAPABILITY_REFLECT + +# From: java.lang.reflect.Constructor +method java.lang.reflect.Constructor.setAccessible CAPABILITY_REFLECT +method java.lang.reflect.Constructor.newInstance CAPABILITY_REFLECT + +# From: java.lang.reflect.Proxy +method java.lang.reflect.Proxy.newProxyInstance CAPABILITY_REFLECT +method java.lang.reflect.Proxy.getProxyClass CAPABILITY_REFLECT + +# From: java.lang.invoke.MethodHandles.Lookup (checkSecurityManager) +method java.lang.invoke.MethodHandles.lookup CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles.publicLookup CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles.privateLookupIn CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findStatic CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findVirtual CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findConstructor CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findClass CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.accessClass CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findSpecial CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findGetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findSetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findVarHandle CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findStaticGetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findStaticSetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.findStaticVarHandle CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.bind CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.unreflect CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.unreflectSpecial CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.unreflectConstructor CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.unreflectGetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.unreflectSetter CAPABILITY_REFLECT +method java.lang.invoke.MethodHandles$Lookup.revealDirect CAPABILITY_REFLECT + +# From: java.lang.invoke.MethodHandle +method java.lang.invoke.MethodHandle.invoke CAPABILITY_REFLECT +method java.lang.invoke.MethodHandle.invokeExact CAPABILITY_REFLECT +method java.lang.invoke.MethodHandle.invokeWithArguments CAPABILITY_REFLECT \ No newline at end of file diff --git a/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java b/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java index b3d7bc0..e44e585 100644 --- a/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java +++ b/core/src/test/java/com/github/serj/jcapslock/capability/CapabilityMapperTest.java @@ -4,64 +4,105 @@ import org.junit.jupiter.api.Test; import org.junit.jupiter.api.BeforeAll; import static org.junit.jupiter.api.Assertions.*; -import java.io.IOException; import java.util.Set; /** * Tests for the CapabilityMapper static utility. */ public class CapabilityMapperTest { - + @BeforeAll - static void setUp() throws IOException { - // CapabilityMapper loads mappings automatically in static initializer - // Force initialization by calling any static method + static void setUp() { + // Force initialization CapabilityMapper.getAllMappings(); } - + + // ===== Parser and file loading tests ===== + + @Test + void testManualMappingsLoaded() { + // From java-interesting.cm - manually crafted + Set caps = CapabilityMapper.getCapabilities("java.lang.Runtime", "loadLibrary"); + assertTrue(caps.contains(Capability.CAPABILITY_CGO), "Manual mappings should be loaded"); + } + + @Test + void testSecManagerMappingsLoaded() { + // From openjdk-sec-manager.cm - auto-generated + Set caps = CapabilityMapper.getCapabilities("java.lang.Thread", "interrupt"); + assertTrue(caps.contains(Capability.CAPABILITY_RUNTIME), "SecurityManager-derived mappings should be loaded"); + } + @Test - void testFileInputStreamConstructorMapping() { - // Test that FileInputStream constructor is properly mapped - Set caps = CapabilityMapper.getCapabilities("java.io.FileInputStream", ""); - assertFalse(caps.isEmpty(), "FileInputStream. should be mapped"); - assertTrue(caps.contains(Capability.CAPABILITY_FILES)); - + void testSafeMappingsLoaded() { + // From java-safe.cm + assertTrue(CapabilityMapper.isSafe("java.lang.Math", "abs"), "Safe mappings should be loaded"); } - + + // ===== Wildcard matching ===== + @Test - void testOtherCapabilityMappings() { - // Test that other mappings work correctly - Set execCaps = CapabilityMapper.getCapabilities("java.lang.Runtime", "exec"); - assertTrue(execCaps.contains(Capability.CAPABILITY_EXEC)); - - Set reflectCaps = CapabilityMapper.getCapabilities("java.lang.Class", "forName"); - assertTrue(reflectCaps.contains(Capability.CAPABILITY_REFLECT)); - - Set cgoCaps = CapabilityMapper.getCapabilities("java.lang.System", "load"); - assertTrue(cgoCaps.contains(Capability.CAPABILITY_CGO)); - - Set unsafeCaps = CapabilityMapper.getCapabilities("sun.misc.Unsafe", "allocateMemory"); - assertTrue(unsafeCaps.contains(Capability.CAPABILITY_CGO)); + void testWildcardClassSafe() { + // java.lang.String.* is marked CAPABILITY_SAFE + assertTrue(CapabilityMapper.isSafe("java.lang.String", "length")); + assertTrue(CapabilityMapper.isSafe("java.lang.String", "substring")); + assertTrue(CapabilityMapper.isSafe("java.lang.String", "anyMethodName")); } - + @Test - void testInternalNotation() { - // Test internal JVM notation conversion - Set caps = CapabilityMapper.getCapabilitiesInternal("java/io/FileInputStream", ""); - assertFalse(caps.isEmpty()); - assertTrue(caps.contains(Capability.CAPABILITY_FILES)); + void testNonWildcardSafeMethod() { + // Individual method marked safe + assertTrue(CapabilityMapper.isSafe("java.lang.Object", "equals")); + // But other methods on same class not safe + assertFalse(CapabilityMapper.isSafe("java.lang.Object", "wait")); } - + + // ===== Internal name conversion ===== + + @Test + void testInternalNameConversion() { + // Internal JVM notation: java/lang/Runtime + Set caps = CapabilityMapper.getCapabilitiesInternal("java/lang/Runtime", "loadLibrary"); + assertTrue(caps.contains(Capability.CAPABILITY_CGO)); + } + + @Test + void testInternalNameSafeConversion() { + // Internal JVM notation for safe check + assertTrue(CapabilityMapper.isSafeInternal("java/lang/String", "length")); + assertFalse(CapabilityMapper.isSafeInternal("java/lang/Runtime", "exec")); + } + + // ===== Edge cases ===== + + @Test + void testUnknownMethodReturnsEmpty() { + Set caps = CapabilityMapper.getCapabilities("com.fake.NonExistent", "fakeMethod"); + assertTrue(caps.isEmpty(), "Unknown method should return empty set"); + } + + @Test + void testUnknownMethodNotSafe() { + assertFalse(CapabilityMapper.isSafe("com.fake.NonExistent", "fakeMethod"), + "Unknown method should not be considered safe"); + } + @Test void testHasCapability() { assertTrue(CapabilityMapper.hasCapability("java.lang.Runtime", "exec")); - assertFalse(CapabilityMapper.hasCapability("java.lang.String", "valueOf")); + assertFalse(CapabilityMapper.hasCapability("com.fake.NonExistent", "fakeMethod")); } - + + @Test + void testEmptyMethodName() { + Set caps = CapabilityMapper.getCapabilities("java.lang.Runtime", ""); + assertTrue(caps.isEmpty()); + } + @Test - void testOptionalCapabilities() { - // Test using getCapabilities with empty check instead of findCapabilities - assertFalse(CapabilityMapper.getCapabilities("java.lang.Runtime", "exec").isEmpty()); - assertTrue(CapabilityMapper.getCapabilities("java.lang.String", "valueOf").isEmpty()); + void testNullSafety() { + // These should not throw, just return empty/false + assertTrue(CapabilityMapper.getCapabilities("java.lang.String", "nonexistent").isEmpty()); + assertFalse(CapabilityMapper.hasCapability("java.lang.String", "nonexistent")); } } \ No newline at end of file diff --git a/examples/compress-test/.capslock/snapshot.json b/examples/compress-test/.capslock/snapshot.json index cb1b81a..75f41bb 100644 --- a/examples/compress-test/.capslock/snapshot.json +++ b/examples/compress-test/.capslock/snapshot.json @@ -2,9 +2,9 @@ "capability_info": [{ "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.io.File.delete", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.TeeInputStream.read org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.write org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.openNewSplitSegment java.nio.file.Files.move", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.checkAvailableFormats", "package": "com.example" @@ -12,7 +12,7 @@ "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e", + "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", @@ -24,101 +24,98 @@ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", "package": "org.apache.commons.compress.utils" }, { - "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte", - "package": "org.apache.commons.io.input" - }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.io.input.TeeInputStream.read", + "package": "org.apache.commons.io.input" }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.write", + "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "com.github.luben.zstd.util.Native.load", - "package": "com.github.luben.zstd.util" + "name": "org.apache.commons.compress.archivers.zip.ZipSplitOutputStream.openNewSplitSegment", + "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "java.io.File.delete", - "package": "java.io" + "name": "java.nio.file.Files.move", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.compressFileGzip java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.compressFileGzip java.nio.file.Files.newInputStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.compressFileGzip", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.newInputStream", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.compressFileZstd java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.compressFileZstd java.nio.file.Files.newInputStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.compressFileZstd", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.newInputStream", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.createTarArchive java.io.FileOutputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.createTarArchive java.nio.file.Files.newOutputStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.createTarArchive", "package": "com.example" }, { - "name": "java.io.FileOutputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.newOutputStream", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.createZipArchive java.io.FileOutputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.createZipArchive java.nio.file.Files.newOutputStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.createZipArchive", "package": "com.example" }, { - "name": "java.io.FileOutputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.newOutputStream", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.decompressFileGzip java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.extractArchive java.nio.file.Files.createDirectories", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ - "name": "com.example.CompressExample.decompressFileGzip", + "name": "com.example.CompressExample.extractArchive", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.createDirectories", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.extractArchive java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$0 java.nio.file.Files.isRegularFile", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ - "name": "com.example.CompressExample.extractArchive", + "name": "com.example.CompressExample.lambda$createTarArchive$0", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.isRegularFile", + "package": "java.nio.file" }] }, { "package_name": "com.example", @@ -133,6 +130,19 @@ "name": "java.nio.file.Files.copy", "package": "java.nio.file" }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_FILES", + "dep_path": "com.example.CompressExample.lambda$createZipArchive$0 java.nio.file.Files.isRegularFile", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.example.CompressExample.lambda$createZipArchive$0", + "package": "com.example" + }, { + "name": "java.nio.file.Files.isRegularFile", + "package": "java.nio.file" + }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", @@ -149,73 +159,64 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.listArchiveContents java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.CompressExample.listArchiveContents java.nio.file.Files.newInputStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.listArchiveContents", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.nio.file.Files.newInputStream", + "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.CompressExample.main java.nio.file.Files.write", + "dep_path": "com.example.CompressExample.main java.nio.file.Files.createDirectories", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.CompressExample.main", "package": "com.example" }, { - "name": "java.nio.file.Files.write", + "name": "java.nio.file.Files.createDirectories", "package": "java.nio.file" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.compressFileZstd java.io.FileInputStream.\u003cinit\u003e", + "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.exec", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.ProcessRunner.compressAndExecute", "package": "com.example" }, { - "name": "com.example.CompressExample.compressFileZstd", + "name": "com.example.ProcessRunner.executeCommand", "package": "com.example" }, { - "name": "java.io.FileInputStream.\u003cinit\u003e", - "package": "java.io" + "name": "java.lang.Runtime.exec", + "package": "java.lang" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get java.nio.file.Files.newByteChannel", + "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.exec", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.ProcessRunner.executeCommand", "package": "com.example" }, { - "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine", - "package": "org.apache.commons.io.input" - }, { - "name": "org.apache.commons.io.function.Uncheck.get", - "package": "org.apache.commons.io.function" - }, { - "name": "org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get", - "package": "org.apache.commons.compress.archivers.sevenz" - }, { - "name": "java.nio.file.Files.newByteChannel", - "package": "java.nio.file" + "name": "java.lang.Runtime.exec", + "package": "java.lang" }] }, { "package_name": "com.example", "capability": "CAPABILITY_FILES", - "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get java.nio.file.Files.newByteChannel", + "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.exec", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "capability_type": "CAPABILITY_TYPE_DIRECT", "path": [{ "name": "com.example.ProcessRunner.main", "package": "com.example" @@ -223,22 +224,13 @@ "name": "com.example.ProcessRunner.executeCommand", "package": "com.example" }, { - "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine", - "package": "org.apache.commons.io.input" - }, { - "name": "org.apache.commons.io.function.Uncheck.get", - "package": "org.apache.commons.io.function" - }, { - "name": "org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.get", - "package": "org.apache.commons.compress.archivers.sevenz" - }, { - "name": "java.nio.file.Files.newByteChannel", - "package": "java.nio.file" + "name": "java.lang.Runtime.exec", + "package": "java.lang" }] }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ @@ -248,7 +240,7 @@ "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e", + "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", @@ -260,8 +252,8 @@ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", "package": "org.apache.commons.compress.utils" }, { - "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte", - "package": "org.apache.commons.io.input" + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" }, { "name": "org.apache.commons.io.input.QueueInputStream.read", "package": "org.apache.commons.io.input" @@ -287,21 +279,15 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.compressFileGzip", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray", - "package": "org.apache.commons.compress.compressors.gzip" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { "name": "org.apache.commons.io.function.UncheckedIOIterator.next", "package": "org.apache.commons.io.function" @@ -324,27 +310,15 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.write org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.flushBuffer org.apache.commons.compress.utils.FixedLengthBlockOutputStream.close org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.compressFileZstd", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write", - "package": "org.apache.commons.compress.compressors.zstandard" - }, { - "name": "org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.write", - "package": "org.apache.commons.compress.compressors.snappy" - }, { - "name": "org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream.flushBuffer", - "package": "org.apache.commons.compress.compressors.snappy" - }, { - "name": "org.apache.commons.compress.utils.FixedLengthBlockOutputStream.close", - "package": "org.apache.commons.compress.utils" - }, { - "name": "org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close", - "package": "org.apache.commons.compress.utils" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { "name": "org.apache.commons.io.function.UncheckedIOIterator.next", "package": "org.apache.commons.io.function" @@ -367,7 +341,7 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.\u003cclinit\u003e com.github.luben.zstd.util.Native.load org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -383,7 +357,7 @@ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", "package": "com.github.luben.zstd" }, { - "name": "com.github.luben.zstd.Zstd.\u003cclinit\u003e", + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", "package": "com.github.luben.zstd" }, { "name": "com.github.luben.zstd.util.Native.load", @@ -447,28 +421,6 @@ "name": "java.net.URL.openStream", "package": "java.net" }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE", - "path": [{ - "name": "com.example.CompressExample.decompressFileGzip", - "package": "com.example" - }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.\u003cinit\u003e", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.io.build.AbstractStreamBuilder.getInputStream", - "package": "org.apache.commons.io.build" - }, { - "name": "org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream", - "package": "org.apache.commons.io.build" - }, { - "name": "java.net.URL.openStream", - "package": "java.net" - }] }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", @@ -500,7 +452,7 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.closeArchiveEntry org.apache.commons.compress.utils.FixedLengthBlockOutputStream.flushBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream.writeBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream$BufferAtATimeOutputChannel.write org.apache.commons.io.IOUtils.closeQuietly org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.closeArchiveEntry org.apache.commons.compress.utils.FixedLengthBlockOutputStream.flushBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream.writeBlock org.apache.commons.compress.utils.FixedLengthBlockOutputStream$BufferAtATimeOutputChannel.write org.apache.commons.io.IOUtils.closeQuietly org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ @@ -522,8 +474,8 @@ "name": "org.apache.commons.io.IOUtils.closeQuietly", "package": "org.apache.commons.io" }, { - "name": "org.apache.commons.compress.utils.MultiReadOnlySeekableByteChannel.close", - "package": "org.apache.commons.compress.utils" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { "name": "org.apache.commons.io.function.UncheckedIOIterator.next", "package": "org.apache.commons.io.function" @@ -546,20 +498,20 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveEntry.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipArchiveEntry.parseExtraFields org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.jar.JarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.JarMarker.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read org.apache.commons.io.function.UncheckedIOIterator.next org.apache.commons.io.function.Uncheck.get org.apache.commons.io.input.XmlStreamReader$Builder.get org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.lambda$createZipArchive$1", "package": "com.example" }, { - "name": "org.apache.commons.compress.archivers.zip.ZipArchiveEntry.\u003cinit\u003e", - "package": "org.apache.commons.compress.archivers.zip" + "name": "org.apache.commons.compress.archivers.jar.JarArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.jar" }, { - "name": "org.apache.commons.compress.archivers.zip.ZipArchiveEntry.parseExtraFields", + "name": "org.apache.commons.compress.archivers.zip.JarMarker.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.parse", + "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { "name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue", @@ -568,8 +520,8 @@ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", "package": "org.apache.commons.compress.utils" }, { - "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte", - "package": "org.apache.commons.io.input" + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" }, { "name": "org.apache.commons.io.input.QueueInputStream.read", "package": "org.apache.commons.io.input" @@ -623,14 +575,14 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_NETWORK", - "dep_path": "com.example.CompressExample.main com.example.CompressExample.extractArchive org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.input.ChecksumInputStream$Builder.get org.apache.commons.io.input.ChecksumInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", + "dep_path": "com.example.CompressExample.main com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.input.ChecksumInputStream$Builder.get org.apache.commons.io.input.ChecksumInputStream.\u003cinit\u003e org.apache.commons.io.build.AbstractStreamBuilder.getInputStream org.apache.commons.io.build.AbstractOrigin$URIOrigin.getInputStream java.net.URL.openStream", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.main", "package": "com.example" }, { - "name": "com.example.CompressExample.extractArchive", + "name": "com.example.CompressExample.listArchiveContents", "package": "com.example" }, { "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry", @@ -743,68 +695,10 @@ }] }, { "package_name": "com.example", - "capability": "CAPABILITY_READ_SYSTEM_STATE", - "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.compressAndExecute", - "package": "com.example" - }, { - "name": "com.example.ProcessRunner.executeCommand", - "package": "com.example" - }, { - "name": "java.lang.Runtime.getRuntime", - "package": "java.lang" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_READ_SYSTEM_STATE", - "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.executeCommand", - "package": "com.example" - }, { - "name": "java.lang.Runtime.getRuntime", - "package": "java.lang" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_READ_SYSTEM_STATE", - "dep_path": "com.example.ProcessRunner.isCommandAvailable java.lang.Runtime.getRuntime", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.isCommandAvailable", - "package": "com.example" - }, { - "name": "java.lang.Runtime.getRuntime", - "package": "java.lang" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_READ_SYSTEM_STATE", - "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.main", - "package": "com.example" - }, { - "name": "com.example.ProcessRunner.executeCommand", - "package": "com.example" - }, { - "name": "java.lang.Runtime.getRuntime", - "package": "java.lang" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.Zstd.errCorruptionDetected", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.QueueInputStream.read java.lang.Thread.interrupt", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.checkAvailableFormats", "package": "com.example" @@ -812,7 +706,7 @@ "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.archivers.zip.UnicodeCommentExtraField.\u003cclinit\u003e", + "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", @@ -824,65 +718,62 @@ "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", "package": "org.apache.commons.compress.utils" }, { - "name": "org.apache.commons.io.input.SwappedDataInputStream.readUnsignedByte", - "package": "org.apache.commons.io.input" - }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.io.input.QueueInputStream.read", + "package": "org.apache.commons.io.input" }, { - "name": "com.github.luben.zstd.Zstd.errCorruptionDetected", - "package": "com.github.luben.zstd" + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ "name": "com.example.CompressExample.compressFileGzip", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e", - "package": "org.apache.commons.compress.compressors.gzip" + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader", - "package": "org.apache.commons.compress.compressors.gzip" + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" }, { - "name": "com.github.luben.zstd.Zstd.isError", - "package": "com.github.luben.zstd" + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.io.input.TeeInputStream.read org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.compressFileZstd", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write", - "package": "org.apache.commons.compress.compressors.zstandard" + "name": "org.apache.commons.io.input.TeeInputStream.read", + "package": "org.apache.commons.io.input" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" }, { - "name": "com.github.luben.zstd.Zstd.isError", - "package": "com.github.luben.zstd" + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish org.apache.commons.codec.binary.BaseNCodecOutputStream.flush org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.createTarArchive", "package": "com.example" @@ -893,57 +784,50 @@ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", "package": "org.apache.commons.compress.archivers.tar" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.codec.binary.BaseNCodecOutputStream.flush", + "package": "org.apache.commons.codec.binary" }, { - "name": "com.github.luben.zstd.Zstd.isError", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipLong.getBytes org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.createZipArchive", "package": "com.example" }, { - "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close", + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.\u003cclinit\u003e", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish", + "name": "org.apache.commons.compress.archivers.zip.ZipLong.getBytes", "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", - "package": "com.github.luben.zstd" - }, { - "name": "com.github.luben.zstd.Zstd.isError", - "package": "com.github.luben.zstd" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.freeDStream", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", - "path": [{ - "name": "com.example.CompressExample.decompressFileGzip", - "package": "com.example" + "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong", + "package": "org.apache.commons.compress.archivers.zip" }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close", - "package": "org.apache.commons.compress.compressors.gzip" + "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian", + "package": "org.apache.commons.compress.utils" }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.close", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" }, { - "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.freeDStream", - "package": "com.github.luben.zstd" + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -953,15 +837,984 @@ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", "package": "com.github.luben.zstd" }, { - "name": "com.github.luben.zstd.Zstd.isError", - "package": "com.github.luben.zstd" + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" }] }, { "package_name": "com.example", - "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.io.output.ProxyOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.lambda$createTarArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.lambda$createZipArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.skip org.apache.commons.io.input.QueueInputStream.read java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.listArchiveContents", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry", + "package": "org.apache.commons.compress.archivers.arj" + }, { + "name": "org.apache.commons.io.IOUtils.skip", + "package": "org.apache.commons.io" + }, { + "name": "org.apache.commons.io.input.QueueInputStream.read", + "package": "org.apache.commons.io.input" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.CompressExample.main com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.main", + "package": "com.example" + }, { + "name": "com.example.CompressExample.compressFileGzip", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish org.apache.commons.codec.binary.BaseNCodecOutputStream.flush org.apache.commons.compress.utils.CountingOutputStream.write org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.ProcessRunner.compressAndExecute", + "package": "com.example" + }, { + "name": "com.example.CompressExample.createTarArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.codec.binary.BaseNCodecOutputStream.flush", + "package": "org.apache.commons.codec.binary" + }, { + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine", + "package": "org.apache.commons.io.input" + }, { + "name": "org.apache.commons.io.function.Uncheck.get", + "package": "org.apache.commons.io.function" + }, { + "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get", + "package": "org.apache.commons.compress.compressors.lzma" + }, { + "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e", + "package": "org.apache.commons.compress.compressors.lzma" + }, { + "name": "org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e", + "package": "org.tukaani.xz" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e org.apache.commons.io.output.QueueOutputStream.write java.lang.Thread.interrupt", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.ProcessRunner.main", + "package": "com.example" + }, { + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine", + "package": "org.apache.commons.io.input" + }, { + "name": "org.apache.commons.io.function.Uncheck.get", + "package": "org.apache.commons.io.function" + }, { + "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream$Builder.get", + "package": "org.apache.commons.compress.compressors.lzma" + }, { + "name": "org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream.\u003cinit\u003e", + "package": "org.apache.commons.compress.compressors.lzma" + }, { + "name": "org.tukaani.xz.LZMAOutputStream.\u003cinit\u003e", + "package": "org.tukaani.xz" + }, { + "name": "org.apache.commons.io.output.QueueOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "java.lang.Thread.interrupt", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte org.apache.commons.io.input.ProxyInputStream.read org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.checkAvailableFormats", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.input.ProxyInputStream.read", + "package": "org.apache.commons.io.input" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.io.output.DemuxOutputStream.close org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.compressFileGzip", + "package": "com.example" + }, { + "name": "org.apache.commons.io.output.DemuxOutputStream.close", + "package": "org.apache.commons.io.output" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.io.input.ProxyInputStream.read org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.compressFileZstd", + "package": "com.example" + }, { + "name": "org.apache.commons.io.input.ProxyInputStream.read", + "package": "org.apache.commons.io.input" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.System.getProperty", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.createTarArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.System.getProperty", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish org.apache.commons.io.output.DemuxOutputStream.close org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.createZipArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.io.output.DemuxOutputStream.close", + "package": "org.apache.commons.io.output" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.extractArchive org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.extractArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry", + "package": "org.apache.commons.compress.archivers.arj" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveEntry.\u003cinit\u003e org.apache.commons.lang3.SystemProperties.getUserName org.apache.commons.lang3.SystemProperties.getProperty java.lang.System.getProperty", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.lambda$createTarArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveEntry.\u003cinit\u003e", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.lang3.SystemProperties.getUserName", + "package": "org.apache.commons.lang3" + }, { + "name": "org.apache.commons.lang3.SystemProperties.getProperty", + "package": "org.apache.commons.lang3" + }, { + "name": "java.lang.System.getProperty", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian org.apache.commons.io.output.ProxyOutputStream.write org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.lambda$createZipArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.io.output.ProxyOutputStream.write", + "package": "org.apache.commons.io.output" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.listArchiveContents", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry", + "package": "org.apache.commons.compress.archivers.arj" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.CompressExample.main com.example.CompressExample.listArchiveContents org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry org.apache.commons.io.IOUtils.\u003cclinit\u003e java.lang.System.lineSeparator", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.main", + "package": "com.example" + }, { + "name": "com.example.CompressExample.listArchiveContents", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.arj.ArjArchiveInputStream.getNextEntry", + "package": "org.apache.commons.compress.archivers.arj" + }, { + "name": "org.apache.commons.io.IOUtils.\u003cclinit\u003e", + "package": "org.apache.commons.io" + }, { + "name": "java.lang.System.lineSeparator", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.example.ProcessRunner.compressAndExecute", + "package": "com.example" + }, { + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "java.lang.Runtime.getRuntime", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "java.lang.Runtime.getRuntime", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_READ_SYSTEM_STATE", + "dep_path": "com.example.ProcessRunner.main com.example.ProcessRunner.executeCommand java.lang.Runtime.getRuntime", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.example.ProcessRunner.main", + "package": "com.example" + }, { + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "java.lang.Runtime.getRuntime", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.checkAvailableFormats", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.compressFileGzip", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.compressFileZstd com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.compressFileZstd", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.createTarArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.createZipArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.extractArchive", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.lambda$createTarArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.lambda$createZipArchive$1 org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader org.apache.commons.compress.archivers.zip.ZipLong.putLong org.apache.commons.compress.utils.ByteUtils.toLittleEndian com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.lambda$createZipArchive$1", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.putArchiveEntry", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.writeLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.createLocalFileHeader", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipLong.putLong", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils.toLittleEndian", + "package": "org.apache.commons.compress.utils" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.listArchiveContents com.github.luben.zstd.ZstdInputStreamNoFinalizer.close com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.listArchiveContents", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.CompressExample.main org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.CompressExample.main", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE", + "path": [{ + "name": "com.example.ProcessRunner.compressAndExecute", + "package": "com.example" + }, { + "name": "com.example.CompressExample.checkAvailableFormats", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.isZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "org.apache.commons.compress.compressors.zstandard.ZstdUtils.internalIsZstdCompressionAvailable", + "package": "org.apache.commons.compress.compressors.zstandard" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.ProcessRunner.executeCommand", + "package": "com.example" + }, { + "name": "org.apache.commons.io.input.UncheckedBufferedReader.readLine", + "package": "org.apache.commons.io.input" + }, { + "name": "org.apache.commons.io.function.Uncheck.get", + "package": "org.apache.commons.io.function" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipFile$Builder.get", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.io.IOUtils.closeQuietly", + "package": "org.apache.commons.io" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load java.lang.Class.forName", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.ProcessRunner.main", + "package": "com.example" + }, { + "name": "org.apache.commons.lang3.exception.ContextedException.getMessage", + "package": "org.apache.commons.lang3.exception" + }, { + "name": "org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage", + "package": "org.apache.commons.lang3.exception" + }, { + "name": "org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage", + "package": "org.apache.commons.lang3.exception" + }, { + "name": "org.apache.commons.io.LineIterator.hasNext", + "package": "org.apache.commons.io" + }, { + "name": "org.apache.commons.io.IOUtils.closeQuietly", + "package": "org.apache.commons.io" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.util.Native.load", + "package": "com.github.luben.zstd.util" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.checkAvailableFormats org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e org.apache.commons.compress.archivers.zip.ZipShort.getValue org.apache.commons.compress.utils.ByteUtils.fromLittleEndian org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte com.github.luben.zstd.ZstdInputStreamNoFinalizer.read com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal com.github.luben.zstd.Zstd.errCorruptionDetected", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.checkAvailableFormats", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ExtraFieldUtils.\u003cclinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.X0019_EncryptionRecipientCertificateList.\u003cclinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipShort.\u003cinit\u003e", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipShort.getValue", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils.fromLittleEndian", + "package": "org.apache.commons.compress.utils" + }, { + "name": "org.apache.commons.compress.utils.ByteUtils$InputStreamByteSupplier.getAsByte", + "package": "org.apache.commons.compress.utils" + }, { + "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.read", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.ZstdInputStreamNoFinalizer.readInternal", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.errCorruptionDetected", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.compressFileGzip", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.isError", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.compressFileZstd com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.compressFileZstd", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.isError", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.createTarArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.isError", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.createZipArchive org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.createZipArchive", + "package": "com.example" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.zip" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.isError", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", + "path": [{ + "name": "com.example.CompressExample.extractArchive", + "package": "com.example" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "package": "com.github.luben.zstd" + }, { + "name": "com.github.luben.zstd.Zstd.isError", + "package": "com.github.luben.zstd" + }] + }, { + "package_name": "com.example", + "capability": "CAPABILITY_CGO", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError", + "package_dir": "com.example", + "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ "name": "com.example.CompressExample.lambda$createTarArchive$1", "package": "com.example" @@ -972,8 +1825,8 @@ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord", "package": "org.apache.commons.compress.archivers.tar" }, { - "name": "org.apache.commons.io.output.ProxyOutputStream.write", - "package": "org.apache.commons.io.output" + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" }, { "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", "package": "com.github.luben.zstd" @@ -1031,14 +1884,14 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_CGO", - "dep_path": "com.example.CompressExample.main com.example.CompressExample.extractArchive com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "dep_path": "com.example.CompressExample.main com.example.CompressExample.compressFileGzip com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ "name": "com.example.CompressExample.main", "package": "com.example" }, { - "name": "com.example.CompressExample.extractArchive", + "name": "com.example.CompressExample.compressFileGzip", "package": "com.example" }, { "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", @@ -1050,20 +1903,23 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_CGO", - "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write com.github.luben.zstd.Zstd.isError", + "dep_path": "com.example.ProcessRunner.compressAndExecute com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.isError", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ "name": "com.example.ProcessRunner.compressAndExecute", "package": "com.example" }, { - "name": "com.example.CompressExample.compressFileZstd", + "name": "com.example.CompressExample.createTarArchive", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.write", - "package": "org.apache.commons.compress.compressors.zstandard" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.write", + "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish", + "package": "org.apache.commons.compress.archivers.tar" + }, { + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", "package": "com.github.luben.zstd" }, { "name": "com.github.luben.zstd.Zstd.isError", @@ -1072,7 +1928,7 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_CGO", - "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "dep_path": "com.example.ProcessRunner.executeCommand org.apache.commons.io.input.UncheckedBufferedReader.readLine org.apache.commons.io.function.Uncheck.get org.apache.commons.compress.archivers.zip.ZipFile$Builder.get org.apache.commons.compress.archivers.zip.ZipFile.\u003cinit\u003e org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -1094,7 +1950,7 @@ "name": "org.apache.commons.io.IOUtils.closeQuietly", "package": "org.apache.commons.io" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "name": "com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close", "package": "com.github.luben.zstd" }, { "name": "com.github.luben.zstd.Zstd.isError", @@ -1103,7 +1959,7 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_CGO", - "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", + "dep_path": "com.example.ProcessRunner.main org.apache.commons.lang3.exception.ContextedException.getMessage org.apache.commons.lang3.exception.ContextedException.getFormattedExceptionMessage org.apache.commons.lang3.exception.DefaultExceptionContext.getFormattedExceptionMessage org.apache.commons.io.LineIterator.hasNext org.apache.commons.io.IOUtils.closeQuietly com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close com.github.luben.zstd.Zstd.isError", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -1125,7 +1981,7 @@ "name": "org.apache.commons.io.IOUtils.closeQuietly", "package": "org.apache.commons.io" }, { - "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.close", + "name": "com.github.luben.zstd.ZstdDirectBufferCompressingStreamNoFinalizer.close", "package": "com.github.luben.zstd" }, { "name": "com.github.luben.zstd.Zstd.isError", @@ -1147,21 +2003,15 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_REFLECT", - "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray org.apache.commons.compress.utils.ServiceLoaderIterator.next", + "dep_path": "com.example.CompressExample.compressFileGzip org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.compressFileGzip", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.\u003cinit\u003e", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream.writeMemberHeader", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.compress.compressors.gzip.ExtraField.toByteArray", - "package": "org.apache.commons.compress.compressors.gzip" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next", "package": "org.apache.commons.compress.utils" @@ -1169,26 +2019,23 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_REFLECT", - "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.\u003cinit\u003e org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.toZstdOutputStream org.apache.commons.lang3.ArrayUtils.\u003cclinit\u003e", + "dep_path": "com.example.CompressExample.compressFileZstd org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE", "path": [{ "name": "com.example.CompressExample.compressFileZstd", "package": "com.example" }, { - "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.\u003cinit\u003e", - "package": "org.apache.commons.compress.compressors.zstandard" - }, { - "name": "org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.toZstdOutputStream", - "package": "org.apache.commons.compress.compressors.zstandard" + "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", + "package": "org.apache.commons.compress.archivers.tar" }, { - "name": "org.apache.commons.lang3.ArrayUtils.\u003cclinit\u003e", - "package": "org.apache.commons.lang3" + "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next", + "package": "org.apache.commons.compress.utils" }] }, { "package_name": "com.example", "capability": "CAPABILITY_REFLECT", - "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.Zstd.\u003cclinit\u003e com.github.luben.zstd.util.Native.load", + "dep_path": "com.example.CompressExample.createTarArchive org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.close org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.finish com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e com.github.luben.zstd.util.Native.load", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -1204,7 +2051,7 @@ "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.flush", "package": "com.github.luben.zstd" }, { - "name": "com.github.luben.zstd.Zstd.\u003cclinit\u003e", + "name": "com.github.luben.zstd.ZstdOutputStreamNoFinalizer.\u003cclinit\u003e", "package": "com.github.luben.zstd" }, { "name": "com.github.luben.zstd.util.Native.load", @@ -1232,25 +2079,6 @@ "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next", "package": "org.apache.commons.compress.utils" }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_REFLECT", - "dep_path": "com.example.CompressExample.decompressFileGzip org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close org.apache.commons.compress.utils.ServiceLoaderIterator.next", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_TRANSITIVE", - "path": [{ - "name": "com.example.CompressExample.decompressFileGzip", - "package": "com.example" - }, { - "name": "org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.close", - "package": "org.apache.commons.compress.compressors.gzip" - }, { - "name": "org.apache.commons.compress.archivers.tar.TarArchiveInputStream.close", - "package": "org.apache.commons.compress.archivers.tar" - }, { - "name": "org.apache.commons.compress.utils.ServiceLoaderIterator.next", - "package": "org.apache.commons.compress.utils" - }] }, { "package_name": "com.example", "capability": "CAPABILITY_REFLECT", @@ -1270,7 +2098,7 @@ }, { "package_name": "com.example", "capability": "CAPABILITY_REFLECT", - "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.io.output.ProxyOutputStream.write org.tukaani.xz.SimpleOutputStream.write org.tukaani.xz.SimpleOutputStream.\u003cclinit\u003e", + "dep_path": "com.example.CompressExample.lambda$createTarArchive$1 org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.putArchiveEntry org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord org.apache.commons.compress.utils.CountingOutputStream.write org.tukaani.xz.SimpleOutputStream.write org.tukaani.xz.SimpleOutputStream.\u003cclinit\u003e", "package_dir": "com.example", "capability_type": "CAPABILITY_TYPE_TRANSITIVE_OPTIONAL", "path": [{ @@ -1283,8 +2111,8 @@ "name": "org.apache.commons.compress.archivers.tar.TarArchiveOutputStream.writeRecord", "package": "org.apache.commons.compress.archivers.tar" }, { - "name": "org.apache.commons.io.output.ProxyOutputStream.write", - "package": "org.apache.commons.io.output" + "name": "org.apache.commons.compress.utils.CountingOutputStream.write", + "package": "org.apache.commons.compress.utils" }, { "name": "org.tukaani.xz.SimpleOutputStream.write", "package": "org.tukaani.xz" @@ -1429,32 +2257,6 @@ "name": "java.lang.Runtime.exec", "package": "java.lang" }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_EXEC", - "dep_path": "com.example.ProcessRunner.executeWithBuilder java.lang.ProcessBuilder.\u003cinit\u003e", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.executeWithBuilder", - "package": "com.example" - }, { - "name": "java.lang.ProcessBuilder.\u003cinit\u003e", - "package": "java.lang" - }] - }, { - "package_name": "com.example", - "capability": "CAPABILITY_EXEC", - "dep_path": "com.example.ProcessRunner.isCommandAvailable java.lang.Runtime.exec", - "package_dir": "com.example", - "capability_type": "CAPABILITY_TYPE_DIRECT", - "path": [{ - "name": "com.example.ProcessRunner.isCommandAvailable", - "package": "com.example" - }, { - "name": "java.lang.Runtime.exec", - "package": "java.lang" - }] }, { "package_name": "com.example", "capability": "CAPABILITY_EXEC", @@ -1473,7 +2275,7 @@ }] }], "module_info": [{ - "path": "com.coverage:compress-test", + "path": "com.github.serj:compress-test", "version": "1.0-SNAPSHOT" }], "package_info": [] diff --git a/examples/quick-test/.capslock/snapshot.json b/examples/quick-test/.capslock/snapshot.json index 95c1ba6..fd83022 100644 --- a/examples/quick-test/.capslock/snapshot.json +++ b/examples/quick-test/.capslock/snapshot.json @@ -15,6 +15,93 @@ }, { "package_name": "com.github.serj.jcapslock.examples.quicktest", "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile java.io.File.exists", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.io.File.exists", + "package": "java.io" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile java.io.File.exists", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.readFile", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.io.File.exists", + "package": "java.io" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability": "CAPABILITY_FILES", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand", + "package": "com.github.serj.jcapslock.examples.quicktest.blocked" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_RUNTIME", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Runtime.exec", + "package": "java.lang" + }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_RUNTIME", "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.main com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", "package_dir": "com.github.serj.jcapslock.examples.quicktest", "capability_type": "CAPABILITY_TYPE_DIRECT", @@ -33,7 +120,7 @@ }] }, { "package_name": "com.github.serj.jcapslock.examples.quicktest", - "capability": "CAPABILITY_FILES", + "capability": "CAPABILITY_RUNTIME", "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.runSystemCommand com.github.serj.jcapslock.examples.quicktest.SimpleApp.executeCommand java.lang.Runtime.exec", "package_dir": "com.github.serj.jcapslock.examples.quicktest", "capability_type": "CAPABILITY_TYPE_DIRECT", @@ -49,7 +136,7 @@ }] }, { "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", - "capability": "CAPABILITY_FILES", + "capability": "CAPABILITY_RUNTIME", "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.main com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", "capability_type": "CAPABILITY_TYPE_DIRECT", @@ -65,7 +152,7 @@ }] }, { "package_name": "com.github.serj.jcapslock.examples.quicktest.blocked", - "capability": "CAPABILITY_FILES", + "capability": "CAPABILITY_RUNTIME", "dep_path": "com.github.serj.jcapslock.examples.quicktest.blocked.BlockedExec.runCommand java.lang.Runtime.exec", "package_dir": "com.github.serj.jcapslock.examples.quicktest.blocked", "capability_type": "CAPABILITY_TYPE_DIRECT", @@ -153,6 +240,19 @@ "name": "java.lang.Runtime.getRuntime", "package": "java.lang" }] + }, { + "package_name": "com.github.serj.jcapslock.examples.quicktest", + "capability": "CAPABILITY_ARBITRARY_EXECUTION", + "dep_path": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.useReflection java.lang.Class.forName", + "package_dir": "com.github.serj.jcapslock.examples.quicktest", + "capability_type": "CAPABILITY_TYPE_DIRECT", + "path": [{ + "name": "com.github.serj.jcapslock.examples.quicktest.SimpleApp.useReflection", + "package": "com.github.serj.jcapslock.examples.quicktest" + }, { + "name": "java.lang.Class.forName", + "package": "java.lang" + }] }, { "package_name": "com.github.serj.jcapslock.examples.quicktest", "capability": "CAPABILITY_REFLECT",