search

UnitTestBot / jacodb

fast and effective way to access and analyze java bytecode
Apache License 2.0
20 stars 15 forks source link

Failed to load the signed jar package #250

Open cxf2006 opened 3 months ago

cxf2006 commented 3 months ago

Version: 1.4.5

When analyzing the project today, I found that among more than 100 jar packages, only the Bouncy Castle jar package failed to be imported, and the error was as follows:

[DefaultDispatcher-worker-1 @coroutine#1] INFO org.jacodb.impl.storage.PersistenceService - Starting app version [1.4] [DefaultDispatcher-worker-1 @coroutine#1] INFO org.jacodb.impl.storage.PersistenceService - Restored app version is 1.4 [DefaultDispatcher-worker-3 @coroutine#8] WARN org.jacodb.impl.fs.JarLocation - error loading classes from jar: bcutil-jdk15on-1.70.jar. returning empty loader java.lang.IllegalStateException: zip file closed at java.base/java.util.zip.ZipFile.ensureOpen(ZipFile.java:840) at java.base/java.util.zip.ZipFile.getInputStream(ZipFile.java:369) at java.base/java.util.jar.JarFile.getBytes(JarFile.java:800) at java.base/java.util.jar.JarFile.checkForSpecialAttributes(JarFile.java:1006) at java.base/java.util.jar.JarFile.isMultiRelease(JarFile.java:388) at java.base/java.util.jar.JarFile$JarFileEntry.realEntry(JarFile.java:691) at java.base/java.util.jar.JarFile.verifiableEntry(JarFile.java:869) at java.base/java.util.jar.JarFile.getInputStream(JarFile.java:861) at org.jacodb.impl.fs.JarFacade.getBytecode(Jars.kt:84) at org.jacodb.impl.fs.JarLocation.getClasses(JarLocationImpl.kt:48) at org.jacodb.impl.fs.ByteCodeLoaderImplKt.getSources(ByteCodeLoaderImpl.kt:24) at org.jacodb.impl.JcDatabaseImpl$process$3$1$1.invokeSuspend(JcDatabaseImpl.kt:138) at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33) at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106) at kotlinx.coroutines.internal.LimitedDispatcher.run(LimitedDispatcher.kt:42) at kotlinx.coroutines.scheduling.TaskImpl.run(Tasks.kt:95) at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:570) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:750) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:677) at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:664)

Later I deleted the following four files and imported the bcutil-jdk15on-1.70.jar successfully:

image

The test code when loading is as follows:

public void JarLoad() throws ExecutionException, InterruptedException { File classPath = new File("bcutil-jdk15on-1.70.jar"); JcSettings jcSettings = new JcSettings(); jcSettings.useProcessJavaRuntime(); jcSettings.installFeatures(Usages.INSTANCE, InMemoryHierarchy.INSTANCE); jcSettings.persistent("jaco.db"); JcDatabase jcDatabase = JacoDB.async(jcSettings).get(); jcDatabase.asyncLoad(Arrays.asList(classPath)).get(); jcDatabase.asyncRefresh().get(); }

cxf2006 commented 2 months ago

Disabling the signature verification of the JAR package can resolve this issue. The code on line 68 of org.jacodb.impl.fs.JarLocationImpl.kt was modified to [JarFile(jarOrFolder, false)], with verify set to false. It is hoped that the JAR package signature verification can be made optional.