On Mon, Nov 29, 2010 at 9:29 PM, Roan Kattouw <[email protected]> wrote: > "An alternative [to rejecting all ZIP files] would be to parse the > entire zip directory and to reject any archives that contain a file > with a .class extension. I can’t vouch for this method. **If you did > this, the zip library you used would have to be exactly as tolerant of > zip format errors as the one used by Java.** It would probably be best > to actually shell out to Java to do the test." >
I was thinking about this. There appears to be no option to the java command line client to only check a file without executing. An option would be to invoke the java debugger (jdb), which initially breaks at the first instruction and presumably fails if the file is not a valid jar. Still sounds nasty though, plus the fact that jdb is not a generally installed program. Bryan _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
