This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

Extension ID

com.castsoftware.java2program

Description

This extension is responsible of creating objects representing calls from a java application to external programs. It is also responsible of creating objects representing JAR applications. Here programs is understood in a broad sense: it comprises scripts, operating system commands, and general purpose applications. The link between these objects and the objects representing the programs themselves (if present) is performed by a different com.castsoftware.wbslinker extension during the application analysis level.

What results can you expect?

Objects

The following specific objects are displayed in CAST Enlighten:

Icon

Description


Java Call to Java Program


Java Call to Generic Program

Java JAR Program

Supported program types

The primary target are customer programs possibly contained in the application under analysis. The only exception to this are operating system commands which can be identified by the property "Operating system call" (and filter if necessary). The list of supported program types is given in the table below.

Program typeSupportProgram name (extensions)Special property
Script-like programs

(coche)

*.py, *.pl, *.sh, *.bash, *.bat, *.jy
Calls to operating system commands 

(coche)

cp, chmod, gunzip, ...Operating system call (=1)
Java programs

(coche)

*.java
Jar programs

(coche) 

*.jar

Supported program invocation mechanisms

The two common classes allowing calls to external program in Java are supported: ProcessBuilder and Runtime.

java.lang.ProcessBuilder

In the example below the call to the shell script myCommand.sh is represented by a Java Call to General Program object of the same name.

 ProcessBuilder pb = new ProcessBuilder("myCommand.sh", "myArg1", "myArg2");
 Process p = pb.start();

The ProcessBuilder.command method used to construct the command line string is also supported.

java.lang.Runtime

In the example below, the results are similar to those in the example above for 'java.lang.ProcessBuilder'.

Runtime runtime = Runtime.getRuntime();
Process p = runtime.exec("CMD /C myCommand.sh myArg1 myArg2");

Command options and arguments

The arguments passed to the ProcessBuilder class or the Runtime.exe method might be parameterized. There are two different main cases that are treated differently. In the first one, it is the executed program name itself being parameterized, in which case the analyzer will create different objects for each different program name. 

The second case is when the command line options and arguments are being parameterized. In that case, a single Java Call to Program object is created. However the receiving call links of this object will reflect the the origin of the value passed to the parameterized argument. 

    public void executeCommand(String option) throws IOException {
        String[] command = {"CMD", "/C", "myprogram.sh", option};        
        Runtime runtime = Runtime.getRuntime();
        Process p = runtime.exec(command);
    }
    
    public void callA() throws IOException {
        String myvar = "option1";
        executeCommand(myvar);
    }
    
    public void callB() throws IOException {
        String myvar = "option2";
        executeCommand(myvar);
    }

The Java Call to Program object belongs to the method containing the expression invoking the command (ProcessBuilder.start(...) or Runtime.exec(...)), in this case the method executeCommand. The callers to the Java Call to Program represent the methods from where the parameters of the (usually parameterized) invocation have been determined. In the figure above we can seen the two different call links (C) from methods callA and callB that correspond to two different values of the argument passed to the myprogram.sh script (option1 and option2). The list of all unique full command lines associated to a given Java Call to Program object can be found in the "Full command lines" property:

Snapshot from Enlighten

The correspondence between the calling object and a particular command line can be only verified by manual inspection. Undefined (or hard to determine) parameters are represented by question marks "?".

Specifics in calls to Java programs

Two different ways of calling Java programs is supported. The first one, directly invokes the main class:

ProcessBuilder pb = new ProcessBuilder("java", "mycode.Hello");     // This corresponds to the command: "java mycode.Hello"
Process p = pb.start();

which is represented by a Java Call To Java Program with the main class name. The class fullname information (namely mycode.Hello) is saved in the property "Fullname of the class, ...":

The second approach, is to invoke a JAR application:

ProcessBuilder pb = new ProcessBuilder("java", "-jar", "myProgram.jar");
Process p = pb.start();

Following this code a common Java Call To Generic Program object will be created. In order to link this call to the main java class, the analyzer will search for jar compilation instructions in maven files (we only support for "maven-assembly-plugin" artifacts). In case it is found, the analyzer will create a Java JAR Program together with the callLink to the main method. The link between the call to the JAR and the JAR program will be done during the application level analysis by the web service linker extension. 

Below is an example of both ways of invoking the same Java program mycode.Hello:

Limitations

  • Command lines using pipelines and more complex constructs are not fully supported yet (the quality of the results might vary).
  • The Java JAR Program and the link to the main method is created when the jar-defining pom.xml file and the main class file share the same analysis unit. This restriction will be relaxed in future releases.
  • The reconstruction of the invoked full command lines is a complex task which is under constant improvement. This means that when upgrading the version of the extension there might be notable changes in the number of commands retrieved.