Scanning an Open Source Program For Issues

H

Hal Vaughan

I've just downloaded an open source Java program that I can use for
networking (I'm testing a Java implementation of ssh that I asked about in
an earlier post). I have the source, but it's a lot of stuff to read. Are
there any shortcuts in what I can look for if I want to be sure this
program doesn't phone home or store my passwords or id keys anywhere I
don't want them?

I figured I could use grep and search for any references to using networking
packages, but Java io packages could be used as well. Any ideas of how to
do a quick scan or search to verify there are no networking contacts other
than connecting to the system I specify?

Thanks!

Hal
 
M

Mike Schilling

Hal Vaughan said:
I've just downloaded an open source Java program that I can use for
networking (I'm testing a Java implementation of ssh that I asked
about in
an earlier post). I have the source, but it's a lot of stuff to
read. Are
there any shortcuts in what I can look for if I want to be sure this
program doesn't phone home or store my passwords or id keys anywhere
I
don't want them?

I figured I could use grep and search for any references to using
networking
packages, but Java io packages could be used as well. Any ideas of
how to
do a quick scan or search to verify there are no networking contacts
other
than connecting to the system I specify?
Click to expand...

I usually answer question only when I know the answer (or think I do,
anyway). This is speculation, so take it with a grain of salt.

Try modifying it to create a SecurityManager that catches every
attempt to use the network, the file system, etc. You can simply log
and grant each request, which, at the end of your session will show
you which sorts of accesses were done, or you can get fancier and
display a dialog for each one, allowing you to forbid anything that
looks questionable. This won't prove that obscure code paths don't
lead to the kind of violation you're concerned about, but if
everything looks OK, you'll be more confident.

And, of course, you can look for other users of the package and ask
what their experience has been.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Invitation for Open Source Project 1
Need Open Source Mock Up/ Designing Tool 2
Looking for open source project maintainer 6
Looking for an open-source: Task, feature and issue tracker 0
Open Source installer toolkits? 4
Looking For Advice 1
Looking for someone to take alook at this code and help 2
Any open source solution with JMS and server-side clustering? 3

Members online

No members online now.
Total: 38 (members: 1, guests: 37)
Robots: 84

Forum statistics

Threads
473,781
Messages
2,569,619
Members
45,316
Latest member
naturesElixirCBDGummies

Latest Threads

Top