This makes it rather inconvenient to use third-party signatures because Java Serialization can in the worst case lead to remote code execution, so you would have to trust the source of those signature files 100% when using them. And verifying that the serialization data in a signature file is safe and does not contain any malicious content is not easily possible.
Would it be possible to support an additional signature file format such as JSON which does not have these security issues (and allow specifying the signature type in the Maven plugin configuration)?
Then it would be easier to use third-party signature files, even if you don't fully trust the author. Because you can easily inspect the Maven artifact and verify that it only contains a JSON signature file. In the worst case that JSON file could crash your build if it is malformed or cause a denial of service attack for your build, but it cannot cause execution of arbitrary malicious code.
Currently Animal Sniffer uses Java Serialization (
ObjectOutputStream) as format for the signature files: https://github.com/mojohaus/animal-sniffer/blob/e530b5639b784b8298f0d7347fe861ca593bdbe9/animal-sniffer/src/main/java/org/codehaus/mojo/animal_sniffer/SignatureBuilder.java#L137This makes it rather inconvenient to use third-party signatures because Java Serialization can in the worst case lead to remote code execution, so you would have to trust the source of those signature files 100% when using them. And verifying that the serialization data in a signature file is safe and does not contain any malicious content is not easily possible.
Would it be possible to support an additional signature file format such as JSON which does not have these security issues (and allow specifying the signature type in the Maven plugin configuration)? Then it would be easier to use third-party signature files, even if you don't fully trust the author. Because you can easily inspect the Maven artifact and verify that it only contains a JSON signature file. In the worst case that JSON file could crash your build if it is malformed or cause a denial of service attack for your build, but it cannot cause execution of arbitrary malicious code.