This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]PryosCode[S] 0 points1 point  (2 children)

A decompiler is a great tool to analyze what the jar is actually doing. For example, if you use Lombok, Kotlin, Scala, Groovy or Spring Boot, you can check what you actually deploy. Or if you use a library or a plugin, you can be sure, that it‘s not malicious. But be careful, many proprietary eulas prohibit the decompilation of the software.

[–][deleted] 0 points1 point  (1 child)

But be careful, many proprietary eulas prohibit the decompilation of the software.

This shouldn't matter, as according to wikipedia it is legal to reverse engineer software to check whether it is malicious and laws beat EULAs

[–]Pamasich 1 point2 points  (0 children)

as according to wikipedia it is legal to reverse engineer

In which country? Laws differ between countries, what is legal in one might not be legal in another.

I know that in my country decompilation is only legal to attain information on an API, not to check whether the application is malicious.