https://github.com/chains-project/sbom.exe
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
https://github.com/chains-project/sbom.exe
Last synced: 3 months ago
JSON representation
calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246
- Host: GitHub
- URL: https://github.com/chains-project/sbom.exe
- Owner: chains-project
- License: mit
- Created: 2023-05-24T22:30:25.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2026-02-26T21:32:26.000Z (4 months ago)
- Last Synced: 2026-02-27T03:36:36.507Z (4 months ago)
- Language: Java
- Homepage: https://arxiv.org/abs/2407.00246
- Size: 232 MB
- Stars: 9
- Watchers: 1
- Forks: 1
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# sbom.exe
[](https://github.com/ASSERT-KTH/terminator/actions/workflows/tests.yml)
A tool to illustrate termination of Java virtual machine if a
prohibited method is invoked.
Checkout the README on that branch for instructions.
## [Visualization by GitHub Next](https://githubnext.com/projects/repo-visualization/)
## Project structure
The project has two concepts - generating fingerprints and watching for
prohibited classes.
## Generation of fingerprints
The fingerprints are generated using the `classfile-fingerprint` CLI.
It has three subcommands.
All the commands take in the following parameters:
**Required Parameters**
| Parameter | Type | Description |
|:-------------------:|:------:|-------------------------------------------------------------------------------------------|
| `output` or `input` | `File` | Path to index file. `output` will create a
new file. `input` will merge the indices. |
1. `jdk`: Generate fingerprints for JDK classes. |
2. `supply-chain`: Generate fingerprints for all the dependencies captured in
the SBOM.
- **Required Parameters**
| Parameter | Type | Description |
|:---------:|:------:|------------------------|
| `sbom` | `File` | Path to the sbom file. |
> `sbom` could be CycloneDX 1.4 or 1.5 JSON document.
3. `runtime`: Generate fingerprints for all the classes loaded at runtime.
- **Required Parameters**
| Parameter | Type | Description |
|:---------:|:-------:|------------------------------------------------------------------|
| `project` | `File` | Path to the project. |
| `executable-jar-module` | `String` | The module
(`artifactID`)that generates the executable jar. |
- **Optional Parameters**
| Parameter | Type | Description |
|:---------:|:------:|-------------------------|
| `cleanup` | `File` | Delete the temporary project after the process. |
## Watching for prohibited classes
The `watchdog-agent` is a Java agent that watches for prohibited classes.
It takes in the following parameters:
**Required Parameters**
| Parameter | Type | Description |
|:---------:|:------:|-------------------------|
| `sbom` | `File` | Path to the index file. |
**Optional Parameters**
| Parameter | Type | Description |
|:--------------:|:---------:|-----------------------------------------------------------------------------------------|
| `skipShutdown` | `boolean` | If `true`, the JVM will not shutdown if a prohibited class is loaded. Default: `false`. |