Let's investigate installed apps with which version of JDK compatibility was built



Nowadays, we see Java releases starting to be faster, which was motivated by Oracle. Maybe it's good for new systems, maybe bad for "blood" ;) Enterprise.

It is mostly funny research of installed plugins in our Jira installation.  

JVM is going forward, but what about the Bytecode? Is this updated by app vendor? What about dependencies?

As we know a few things about Java: 

1. A Jar file can be unpacked

2. Java class file has the magic number in the first 4 bytes block of file "0xCAFEBABE". The story you can read here https://www.artima.com/insidejvm/whyCAFEBABE.html

3. And 6th and 7th bytes reserved for the major and minor version number of the class file format being used.  https://en.wikipedia.org/wiki/Java_class_file


Let's investigate just for fun: 

1. Just prepare files from production a latest snapshot of installed plugins
tar -czvf apps.tgz {jira_home}/plugins/installed-plugins
scp apps.tgz localpc:/tmp/
2. And let's extract exist jar files into different directories. For small routine thing I used that script
tar -xzvf apps.tgz
cd installed-plugins

for f in *.jar
echo "Make dir - $f"
mkdir -p $f.dir
mv $f $f.dir/
cd $f.dir/
jar xf $f
rm $f
cd ..
python java_class_stats.py > results.txt
3. And small python script for exclude routine related detection of exist major version. Please, save under name java_class_stats.py for compatibility with previous one
#!/usr/bin/env python
import os


def read_block_size_check_java_version(filename, block_size):
with open(filename, "rb") as file_name:
block = file_name.read(block_size)
output = ""
if not (ord(block[0]) == 0xCA and
ord(block[1]) == 0xFE and
ord(block[2]) == 0xBA and
ord(block[3]) == 0xBE):
return ""

major_version_byte = ord(block[7])
if major_version_byte == 0x39:
output = "Java SE 13"
elif major_version_byte == 0x38:
output = "Java SE 12"
elif major_version_byte == 0x37:
output = "Java SE 11"
elif major_version_byte == 0x36:
output = "Java SE 10"
elif major_version_byte == 0x35:
output = "Java SE 9"
elif major_version_byte == 0x34:
output = "Java SE 8"
elif major_version_byte == 0x33:
output = "Java SE 7"
elif major_version_byte == 0x32:
output = "Java SE 6.0"
elif major_version_byte == 0x31:
output = "Java SE 5.0"
elif major_version_byte == 0x30:
output = "JDK 1.4"
elif major_version_byte == 0x2F:
output = "JDK 1.3"
elif major_version_byte == 0x2E:
output = "JDK 1.2"
elif major_version_byte == 0x2D:
output = "JDK 1.1"
return output

def run_walker():
for r, s, f in os.walk("."):
for i in f:
if i.endswith(JAVA_CLASS_EXTENSION):
path_to_file = os.path.join(r, i)
built_java_version = read_block_size_check_java_version(path_to_file, BLOCK_SIZE)
if len(built_java_version) > 0 and built_java_version != EXCLUDE_JAVA_VERSION:
print(built_java_version + '\t' + path_to_file)

if __name__ == '__main__':
4. run scripts
bash runner.sh
5. Check stats
gonchik.tsymzhitov$ cat results.txt | cut -f1 | sort | uniq -c | sort -n

2263 JDK 1.2
6213 JDK 1.3
9602 JDK 1.1
10865 JDK 1.4
14252 Java SE 7
18833 Java SE 6.0
21192 Java SE 5.0

I have excluded Java SE 8 from stats, because it was not interesting to me. That stats based from 93 installed apps on Jira 7.6.12. Where all apps are compatibility with Jira. 



1. To me it was curious, to understand why old  dependency still in app e.g. https://mvnrepository.com/artifact/xerces/xercesimage.png

1.1. Old Struts lib is still in popular app

1.2. Some apps used still that lib http://www.xmlpull.org/

2. Also, find synchronous axis lib

But in first level of pom.xml everything was good scope related things, but, only 2 apps have exclusions.


3. Most of apps preferred don't use provided scope. 


I hope that off-topic article was funny for you :) 





Gonchik Tsymzhitov


Popular posts from this blog

Let's check installed apps dependency to be compliant for OWASP Dependency-Check

Jira: Housekeeping or continuous cleanup of the Agile activity artifacts

Atlassian Community, let's collaborate and provide stats to vendors about our SQL index usage