Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/chains-project/sbom.exe

calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246

https://github.com/chains-project/sbom.exe

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.1%) to scientific vocabulary
Last synced: 9 months ago · JSON representation

Repository

calls the police if a prohibited class is loaded by the JVM http://arxiv.org/pdf/2407.00246

Basic Info
Statistics
  • Stars: 8
  • Watchers: 2
  • Forks: 1
  • Open Issues: 12
  • Releases: 16
Created about 3 years ago · Last pushed 10 months ago
Metadata Files
Readme Changelog License

README.md

sbom.exe

tests

A tool to illustrate termination of Java virtual machine if a prohibited method is invoked. Checkout the README on that branch for instructions.

Visualization by GitHub Next

Visualization of the codebase

Project structure

The project has two concepts - generating fingerprints and watching for prohibited classes.

Generation of fingerprints

The fingerprints are generated using the classfile-fingerprint CLI.

It has three subcommands. All the commands take in the following parameters:

Required Parameters

| Parameter | Type | Description | |:-------------------:|:------:|-------------------------------------------------------------------------------------------| | output or input | File | Path to index file. output will create a
new file. input will merge the indices. |

  1. jdk: Generate fingerprints for JDK classes. |

  2. supply-chain: Generate fingerprints for all the dependencies captured in the SBOM.

    • Required Parameters

    | Parameter | Type | Description | |:---------:|:------:|------------------------| | sbom | File | Path to the sbom file. |

    sbom could be CycloneDX 1.4 or 1.5 JSON document.

  3. runtime: Generate fingerprints for all the classes loaded at runtime.

    • Required Parameters

    | Parameter | Type | Description | |:---------:|:-------:|------------------------------------------------------------------| | project | File | Path to the project. | | executable-jar-module | String | The module
    (artifactID)that generates the executable jar. |

- **Optional Parameters**

  | Parameter |  Type  | Description             |
  |:---------:|:------:|-------------------------|
  |  `cleanup`   | `File` | Delete the temporary project after the process. |

Watching for prohibited classes

The watchdog-agent is a Java agent that watches for prohibited classes.

It takes in the following parameters:

Required Parameters

| Parameter | Type | Description | |:---------:|:------:|-------------------------| | sbom | File | Path to the index file. |

Optional Parameters

| Parameter | Type | Description | |:--------------:|:---------:|-----------------------------------------------------------------------------------------| | skipShutdown | boolean | If true, the JVM will not shutdown if a prohibited class is loaded. Default: false. |

Owner

  • Name: CHAINS research project at KTH Royal Institute of Technology
  • Login: chains-project
  • Kind: organization

"Consistent Hardening and Analysis of Software Supply Chains" at KTH, funded by SSF

GitHub Events

Total
  • Create event: 52
  • Release event: 1
  • Issues event: 1
  • Watch event: 1
  • Delete event: 54
  • Issue comment event: 13
  • Push event: 108
  • Pull request event: 108
  • Fork event: 1
Last Year
  • Create event: 52
  • Release event: 1
  • Issues event: 1
  • Watch event: 1
  • Delete event: 54
  • Issue comment event: 13
  • Push event: 108
  • Pull request event: 108
  • Fork event: 1

Issues and Pull Requests

Last synced: 10 months ago

All Time
  • Total issues: 27
  • Total pull requests: 217
  • Average time to close issues: about 1 month
  • Average time to close pull requests: 1 day
  • Total issue authors: 4
  • Total pull request authors: 3
  • Average comments per issue: 1.74
  • Average comments per pull request: 0.35
  • Merged pull requests: 197
  • Bot issues: 1
  • Bot pull requests: 144
Past Year
  • Issues: 0
  • Pull requests: 90
  • Average time to close issues: N/A
  • Average time to close pull requests: about 4 hours
  • Issue authors: 0
  • Pull request authors: 2
  • Average comments per issue: 0
  • Average comments per pull request: 0.16
  • Merged pull requests: 77
  • Bot issues: 0
  • Bot pull requests: 85
View more stats
Top Authors
Issue Authors
  • algomaster99 (36)
  • MartinWitt (3)
  • renovate[bot] (3)
  • LogFlames (1)
  • monperrus (1)
Pull Request Authors
  • renovate[bot] (221)
  • algomaster99 (110)
  • MartinWitt (3)
  • LogFlames (1)
Top Labels
Issue Labels
Pull Request Labels

Dependencies

.github/workflows/code-quality.yml actions
  • actions/checkout v3 composite
  • actions/setup-java v3 composite
  • github/codeql-action/analyze v2 composite
  • github/codeql-action/init v2 composite
.github/workflows/create-diagram.yml actions
  • actions/checkout master composite
  • githubocto/repo-visualizer 0.9.1 composite
.github/workflows/jreleaser.yml actions
  • actions-js/push v1.4 composite
  • actions-js/push master composite
  • actions/checkout 8e5e7e5ab8b370d6c329ec480221332ada57f0ab composite
  • actions/setup-java 5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 composite
  • actions/upload-artifact 0b7f8abb1508181956e8e162db84b466c27e18ce composite
  • jreleaser/release-action v2 composite
.github/workflows/tests.yml actions
  • actions/checkout v3 composite
  • actions/setup-java v3 composite
classfile-fingerprint/pom.xml maven
  • org.apache.maven:maven-core 3.9.4 provided
  • org.apache.maven:maven-plugin-api 3.9.4 provided
  • com.fasterxml.jackson.core:jackson-databind
  • info.picocli:picocli
  • io.github.algomaster99:terminator-commons 0.11.1-SNAPSHOT
  • org.apache.logging.log4j:log4j-core
  • org.apache.maven.plugin-tools:maven-plugin-annotations 3.9.0
  • org.slf4j:log4j-over-slf4j
  • com.soebes.itf.jupiter.extension:itf-assertj 0.12.0 test
  • com.soebes.itf.jupiter.extension:itf-jupiter-extension 0.12.0 test
  • org.assertj:assertj-core test
  • org.junit.jupiter:junit-jupiter-engine 5.10.0 test
pom.xml maven
terminator-commons/pom.xml maven
  • com.fasterxml.jackson.core:jackson-databind
  • io.github.classgraph:classgraph 4.8.165
  • org.apache.logging.log4j:log4j-core
  • org.assertj:assertj-core
  • org.jsoup:jsoup
  • org.junit.jupiter:junit-jupiter-api
  • org.ow2.asm:asm
  • org.ow2.asm:asm-tree
  • org.ow2.asm:asm-util
  • org.slf4j:log4j-over-slf4j
watchdog-agent/pom.xml maven
  • com.fasterxml.jackson.core:jackson-databind
  • io.github.algomaster99:terminator-commons 0.11.1-SNAPSHOT
  • org.apache.maven.shared:maven-invoker
  • org.junit.jupiter:junit-jupiter-api
runtime-class-interceptor/pom.xml maven
  • io.github.algomaster99:terminator-commons 0.11.1-SNAPSHOT
terminator-commons/src/test/resources/maven-modules/multi-module-multiple-depth/m1/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-multiple-depth/m2/m21/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-multiple-depth/m2/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-multiple-depth/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-single-depth/m1/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-single-depth/m2/pom.xml maven
terminator-commons/src/test/resources/maven-modules/multi-module-single-depth/pom.xml maven
terminator-commons/src/test/resources/maven-modules/single-module/pom.xml maven
terminator-commons/src/test/resources/maven-modules/submodule-as-dependency/m1/pom.xml maven
  • org.example:m2 10.4.2
terminator-commons/src/test/resources/maven-modules/submodule-as-dependency/m2/pom.xml maven
terminator-commons/src/test/resources/maven-modules/submodule-as-dependency/pom.xml maven
classfile-fingerprint/src/test/resources/runtime-index/basic-math/pom.xml maven
  • org.junit.jupiter:junit-jupiter 5.8.2 test
.github/workflows/tests-on-11.yml actions
  • actions/checkout v4 composite
  • actions/setup-java v4 composite