Is there a way to make sure that the jar file is built from the target source?

Asked 2 years ago, Updated 2 years ago, 78 views

Various jar files can be added as dependencies by utilizing nexus repository such as maven central.Suddenly, I wondered if there was any way to verify that the jar file uploaded here was built from the source code of the target.I thought that while building and deploying source code, a malicious third party would be able to get in and replace jar's deliverables.

ASK:

  • If I know the source code that would have been built, can I verify that the jar file is indeed the result of building the source code?

java security

2022-09-30 18:48

1 Answers

How about using decompilers such as JD-GUI to decompile class files in bulk and compare them with source code?Or, on the contrary, compile the source code and compare it.

2022-09-30 18:48

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

642 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

709 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

546 Understanding How to Configure Google API Key

549 PHP ssh2_scp_send fails to send files as intended

© 2024 OneMinuteCode. All rights reserved.