I'm currently working with an old Java SE project which has got some version of SLF4J as a dependency (eg referring to org.slf4j.Logger ), but the relevant classes are packaged in a very strange JAR simply called commons.jar
, and I couldn't find any matching libraries on the Internet which have contents matching this file; Is there any "intelligent" way of finding code which matches the compiled Java class files found inside this JAR file? The file itself has no metadata of any kind — only compiled *.class
files:
commons.jar
├── apache
│ ├── commons
│ ├── http
│ ├── log4j
├── slf4j
As shown in the structure above, the JAR doesn't seem to "belong" to any commonly-available distributor; Even though it contains the terms apache , commons , log* , and slf4j , it doesn't seem to be from Apache Commons or from SLF4J.
At the moment, the best I can think of is to download a bunch of versions of SLF4J, extract them, and then run eg cmp
on the org/slf4j/Logger.class
file from the mystery JAR and the analogous Logger.class
file from each version, eg
cmp commons/org/slf4j/Logger.class slf4j-1.7.22/slf4j-api-1.7.22/org/slf4j/Logger.class
However, not only does that involve a lot of work, but I believe that equivalent source might be compiled slightly differently depending on the exact compiler used by the distributors of the JARs in question... meaning that they wouldn't be comparable on a byte-per-byte basis. How might I do this kind of search in a more intelligent way?
How about reflecting across all public and private classes and their members, put them in strings, sort the strings and generate a text file for each version.
You will either find exactly one version of the library that matches the mystery version of the library or a smallish range.
I would look into the following:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.