A tool to illustrate termination of Java virtual machine if a prohibited method is invoked. Checkout the README on that branch for instructions.
The project has two concepts - generating fingerprints and watching for prohibited classes.
The fingerprints are generated using the classfile-fingerprint
CLI.
It has three subcommands. All the commands take in the following parameters:
Required Parameters
Parameter | Type | Description |
---|---|---|
output or input |
File |
Path to index file. output will create a new file. input will merge the indices. |
jdk
: Generate fingerprints for JDK classes. |
supply-chain
: Generate fingerprints for all the dependencies captured in
the SBOM.
Required Parameters
Parameter | Type | Description |
---|---|---|
sbom |
File |
Path to the sbom file. |
sbom
could be CycloneDX 1.4 or 1.5 JSON document.
runtime
: Generate fingerprints for all the classes loaded at runtime.
Required Parameters
Parameter | Type | Description |
---|---|---|
project |
File |
Path to the project. |
executable-jar-module |
String |
The module ( artifactID )that generates the executable jar. |
Optional Parameters
Parameter | Type | Description |
---|---|---|
cleanup |
File |
Delete the temporary project after the process. |
The watchdog-agent
is a Java agent that watches for prohibited classes.
It takes in the following parameters:
Required Parameters
Parameter | Type | Description |
---|---|---|
sbom |
File |
Path to the index file. |
Optional Parameters
Parameter | Type | Description |
---|---|---|
skipShutdown |
boolean |
If true , the JVM will not shutdown if a prohibited class is loaded. Default: false . |