Reputation: 32240
Is it possible for a Java source file to run arbitrary code when compiled?
Is it possible for me to structure a Java source file such that, when compiled with javac (but not invoked with java) it will run arbitrary code?
Or can I assume that it's safe to run arbitrary source files through javac?
Upvotes: 1
Views: 153
Answers (2)
Reputation: 43391
I've never actually used this feature, but javac can run annotation processors -- which I believe are jut arbitrary code. The processors have to be in the processor path, which by default is just the user class path. So depending on your use case, I think that yes, this is a security concern to watch out for. You'll probably want to make sure annotation processing is disabled with -proc:none, or take some other precaution.
See the Annotation Processing section of the Javac manual.
Upvotes: 4
Reputation: 1667
It is not possible for javac to execute Java, regardless of how the source files are set up. All it is going to do is compile java files into class files.
Upvotes: 1
Related Questions
- Compile and execute java source file in memory
- Can JVM bytecode be manipulated at compile time?
- Running a Java program without compiling
- Is it possible to compile to machine code in Java without an external program?
- Use Java Runtime to compile/run .java files?
- Can i somehow run previously compiled java bytecode from a new Java program?
- Is it possible that write a program with Java bytecode instructions directly?
- Can a Java program access its own source code?
- Is it possible to run C source code from Java?
- Generating, compiling and using Java code at run time?