Is there a way to make sure that the jar file is built from the target source?

Asked 2 years ago, Updated 2 years ago, 85 views

Various jar files can be added as dependencies by utilizing nexus repository such as maven central.Suddenly, I wondered if there was any way to verify that the jar file uploaded here was built from the source code of the target.I thought that while building and deploying source code, a malicious third party would be able to get in and replace jar's deliverables.

ASK:

  • If I know the source code that would have been built, can I verify that the jar file is indeed the result of building the source code?

java security

2022-09-30 18:48

1 Answers

How about using decompilers such as JD-GUI to decompile class files in bulk and compare them with source code?Or, on the contrary, compile the source code and compare it.

2022-09-30 18:48

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

613 GDB gets version error when attempting to debug with the Presense SDK (IDE)

574 Who developed the "avformat-59.dll" that comes with FFmpeg?

590 Scrap text information after the "View More" button when searching in the Yahoo! News search window

1022 In Java servlet, when SHA-256 sends WW-Authenticate header for digest authentication, the client does not return the result.

619 Uncaught (inpromise) Error on Electron: An object could not be cloned

© 2024 OneMinuteCode. All rights reserved.