Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

If a referenced Java class is not found, or blacklisted, when is this detected?

I wanted to use, inside Google appengine, a small library; one of the methods of one of its classes (say MyClass.writeToFile()) uses java.io.FileOutputStream, which is among the blacklisted classes (well, not white-listed).

Does this imply that MyClass will fail at classloading time, or just when (if) I try to invoke the offending method? At what point is that checking ("FileOutputStream not allowed") done? When loading MyClass file and detecting that it "refers to/depends on" FileOutputStream (I dont know if this is declared in the MyClass bytecode)? Or when trying to load FileOutputStream, while invoking MyClass.writeToFile() for the first time?

Further, assuming that the method MyClass.writeToFile() is not essential for my library (but MyClass is), is there some workaround, or should one refactor the library (and build, say two different jars, one full fledged and other sandbox-friendly) ?

like image 276
leonbloy Avatar asked Nov 13 '22 22:11

leonbloy


1 Answers

Do a test deploy. Deployment should fail if I remember it correctly. Classes that are used by a certain class is part of the byte code, and google is verifying it.

Edit: I'm contradicting myself :) This thread indicates that deployment only fail if the FileOutputStream class is loaded: GoogleAppEngine : possible to disable FileUpload?

Edit2: And this indicates that it is the class loader that is checking / stopping loading of forbidden classes: The Sandbox

like image 72
Kaj Avatar answered Dec 16 '22 12:12

Kaj