blob: 9d71553c81a46b11287aab57e1eed5323421f7bb [file] [log] [blame]
#!/usr/bin/env python
Check boot jars.
Usage: <package_whitelist_file> <jar1> <jar2> ...
import logging
import os.path
import re
import subprocess
import sys
# The compiled whitelist RE.
whitelist_re = None
def LoadWhitelist(filename):
""" Load and compile whitelist regular expressions from filename.
lines = []
with open(filename, 'r') as f:
for line in f:
line = line.strip()
if not line or line.startswith('#'):
combined_re = r'^(%s)$' % '|'.join(lines)
global whitelist_re
whitelist_re = re.compile(combined_re)
except re.error:
'Cannot compile package whitelist regular expression: %r',
whitelist_re = None
return False
return True
def CheckJar(whitelist_path, jar):
"""Check a jar file.
# Get the list of files inside the jar file.
p = subprocess.Popen(args='jar tf %s' % jar,
stdout=subprocess.PIPE, shell=True)
stdout, _ = p.communicate()
if p.returncode != 0:
return False
items = stdout.split()
for f in items:
if f.endswith('.class'):
package_name = os.path.dirname(f)
package_name = package_name.replace('/', '.')
# Skip class without a package name
if package_name and not whitelist_re.match(package_name):
print >> sys.stderr, ('Error: %s contains class file %s, whose package name %s is not '
'in the whitelist %s of packages allowed on the bootclasspath.'
% (jar, f, package_name, whitelist_path))
return False
return True
def main(argv):
if len(argv) < 2:
print __doc__
return 1
whitelist_path = argv[0]
if not LoadWhitelist(whitelist_path):
return 1
passed = True
for jar in argv[1:]:
if not CheckJar(whitelist_path, jar):
passed = False
if not passed:
return 1
return 0
if __name__ == '__main__':