Bryan Tong Minh wrote: > On Mon, Nov 29, 2010 at 9:29 PM, Roan Kattouw <[email protected]> wrote: >> "An alternative [to rejecting all ZIP files] would be to parse the >> entire zip directory and to reject any archives that contain a file >> with a .class extension. I can’t vouch for this method. **If you did >> this, the zip library you used would have to be exactly as tolerant of >> zip format errors as the one used by Java.** It would probably be best >> to actually shell out to Java to do the test." >> > > I was thinking about this. There appears to be no option to the java > command line client to only check a file without executing. An option > would be to invoke the java debugger (jdb), which initially breaks at > the first instruction and presumably fails if the file is not a valid > jar. Still sounds nasty though, plus the fact that jdb is not a > generally installed program. > > > Bryan
Note that you can't simply check (or reverse-engineer) that JVM X doesn't treat it as a jar, since it could be detected in X-1 or X+1. So there should be a range of still in use JVMs to assert. _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
