[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1037455: ITP: narcissus -- limited Java reflection library that bypasses security restrictions

Package: wnpp
Severity: wishlist
Owner: Joseph Nahmias <joe@nahmias.net>
X-Debbugs-Cc: debian-devel@lists.debian.org, debian-java@lists.debian.org, tool.factory.heads@gmail.com, joe@nahmias.net

* Package name    : narcissus
  Version         : 1.0.7
  Upstream Contact: ToolFactory <tool.factory.heads@gmail.com>
* URL             : https://github.com/toolfactory/narcissus
* License         : MIT
  Programming Lang: Java
  Description     : limited Java reflection library that bypasses security restrictions

Narcissus is a JNI native code library that provides a small subset of the Java
reflection API, while bypassing all of Java's access/visibility checks,
security manager restrictions, and module strong encapsulation enforcement, by
calling methods and accessing fields through the JNI API. This allows code that
relies on reflective access to non-public classes, fields, and methods to keep
working even now that strong encapsulation is being enforced in JDK 16+.

Narcissus works on JDK 7+, however it is most useful for suppressing reflective
access warnings in JDK 9-15, and for circumventing strong encapsulation for JDK
16+, in order to keep legacy software running (for example, when legacy
software depends upon setAccessible to access a needed private field of a class
in some library).
Reply to: