RFR: 8345431: Improve jar --validate to detect duplicate or invalid entries [v11]
Jaikiran Pai
jpai at openjdk.org
Wed May 21 16:55:53 UTC 2025
On Wed, 21 May 2025 15:49:29 GMT, Henry Jen <henryjen at openjdk.org> wrote:
>> This PR check the jar file to ensure entries are consistent from the central directory and local file header. Also check there is no duplicate entry names that could override the desired content by accident.
>
> Henry Jen has updated the pull request incrementally with one additional commit since the last revision:
>
> Mismatched order is considered invalid
src/jdk.jartool/share/classes/sun/tools/jar/Main.java line 454:
> 452: new FileInputStream(file)))) {
> 453:
> 454: return Validator.validate(this, zf, zis);
I think it might be better to change the `Validator.validate()` method to accept a `java.nio.file.Path` instead of accepting a ZipFile instance and a ZipInputStream instance. In its current form it feels odd that the call site (like here) needs to pass ZipFile and ZipInputStream to a validator. The checks using a ZipFile and a ZipInputStream for the same file is more an internal detail of the validator, so it would be good to let it construct those instances internally as appropriate.
The `Validator` class itself belongs to an internal package of this tool, so changing the signature of this method to accept a `Path` wouldn't be a problem.
It also looks like the Validator uses this `Main` instance merely for error reporting. So maybe in a future update we could remove the need to pass along this `Main` instance to the validator. That one doesn't have to be done in this PR.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24430#discussion_r2100761422
More information about the core-libs-dev
mailing list