0

I'm investigating ways to ensure a java class only calls a limited set of allowed methods from other classes. The usecase I have receives the class via the standard java serialization.

The approach I want to try is to simply list the methods it calls and only run the code if it passes a short whire list.

The question I have : how do I list the methods used in that class?

Niels Basjes
  • 10,424
  • 9
  • 50
  • 66
  • You can pass around the `Method` instance. For information anything more than that, we need some more details in your question. Perhaps with some code snippets. – Rohit Jain Mar 09 '14 at 09:01
  • do you need to do the listing as static, based on the source code, or at runtime when code is being executed? – eis Mar 09 '14 at 09:09
  • If you just need to forbid access to some methods of a class you just don't expose them to the user of that class. – Chedy2149 Mar 09 '14 at 09:18
  • I want to list the external methods a class uses without having the source. I want to make sure that for example none of the System calls are used. – Niels Basjes Mar 09 '14 at 09:24
  • What do you mean that you get the class via standard java serialization? Through serialization you get a serialized instance which is not executable. How do you execute methods on it? Do I miss something? – Pantelis Natsiavas Mar 09 '14 at 09:28
  • @NielsBasjes but do you wish to do it runtime or as a static analysis? – eis Mar 09 '14 at 09:39
  • I want to it runtime. The server process (receiving the class) is long running and the client is the one that submits the class. – Niels Basjes Mar 09 '14 at 14:20
  • 1
    @NielsBasjes You may want to have a look at http://stackoverflow.com/a/502388/1820501 which explains how to securely run code sent by users. – Florent Bayle Mar 22 '14 at 02:27

2 Answers2

1

This is not a perfect solution but you coud use this if you can't find something better. You can use javap, if you're in Linux, run in the command line (or run a proccess using Runtime.exec()): javap -verbose /path/to/my/classfile.class | grep invoke and you'll have the binary signatures that the class "calls" from other classes. Yes, I know, it's not what you wanted but you could use it as a last resource.

If you need a more "javaish" solution, you could have a look at a java library called "asm": http://asm.ow2.org/

morgano
  • 17,210
  • 10
  • 45
  • 56
1

You could pass a dynamic proxy object to the caller, which inside checks the methods against your white list and throws exception when the call is not allowed.

Dynamic proxies basically allows you to insert piece of code between the caller's method invocation and the actual invocation of the called method.

I'd really think through though to if you really need this. Dynamic proxies are useful but they can also be very confusing and annoying to debug.

Enno Shioji
  • 26,542
  • 13
  • 70
  • 109
  • Thanks for the pointer. As far as I understand this: Each call goes through the validation of the proxy. Because the application I have in mind is in the BigData arena I expect this to be a bit too expensive in terms of CPU cycles. – Niels Basjes Mar 09 '14 at 21:46