0

I am working on a static analysis tool for java applications. In one of the tasks I need to present the security analysis of a method and the corresponding method from the source code. In the case of a java project where the source files are presented that's easy, however in the case of a jar file I need to find a more complex solution. So far I have come up with unzipping the jar file extracting the class files and then decompiling them to source files and finally reading the content. I can't find any suitable libraries for the decompilation process. Are there any suitable java libraries for that? I found these crf and procyon decompilers, but I need to collect the output as String and their main methods analyze(List<String>) and decompile() returns void. Does anyone no how to convert it to String or any other library that provides that functionality. Any help would be much appreciated.

Jimmy the King
  • 15
  • 4
  • 1
    Can you please confirm whether this is a duplicate of [this question](https://stackoverflow.com/q/22086605)? If so, I'll mark it as such. – Dawood ibn Kareem May 02 '22 at 01:18
  • It looks like you could adapt that decompiler to "dump" to strings ... or something. It is open source, and the structure seems to support providing a custom dumper factory. ([Read the source Luke](https://github.com/leibnitz27/cfr).) – Stephen C May 02 '22 at 01:33
  • Hello @DawoodibnKareem the subject is the same, however I think I need something more specific related to being able to manipulate the result. Moreover the other question is 8 years old, maybe there's some new library that's not so well known. In any case if you feel it doesn't provide any value I could erase my question. – Jimmy the King May 02 '22 at 18:12

0 Answers0