Does PlantUML access the network / send data over network

Question

Dear Forum Participants,

I heard rumors that recent versions of PlantUML are connecting to the network, possibly even sending diagram data to network servers.  Is this true?  This would make using PlantUML at work strictly impossible for me.

I did not find any statement about this on the PlantUML site.  I also started PlantUML on my private Debian Linux with strace -f and could not find any suspicious call.

However, on my Debian Linux the "/usr/bin/plantuml" script runs the JVM in the following way:
     $JAVA -jar -Djava.net.useSystemProxies=true /usr/share/plantuml/plantuml.jar ${@}
Which seems to indicate that PlantUML is doing something with the network...

Any answer is highly appreciated.

Thanks a lot and kind regards,
Dirk

Answer 1

> I heard rumors that recent versions of PlantUML are connecting to the network,
> possibly even sending diagram data to network servers. 
> Is this true?  This would make using PlantUML at work strictly impossible for me.

No, it's not true.
The PlantUML core library itself does not send any data to Internet.
Since the source code is open, it's possible to double-check this. Searching for "java.net" (which is the package needed by Java for connection) in the source code would prove this.
If it helps, we could write a more technical article where we explain exactly where we used this package and why: this is because users can include ressources from Internet using the !include directive. But once again, we only *read* from Internet in that case, we *never* send data.

> I did not find any statement about this on the PlantUML site.  I also started PlantUML on my private Debian Linux with strace -f and could not find any suspicious call.

That's fine and normal.
Just make another try with some !include and you will see some external call to.

> However, on my Debian Linux the "/usr/bin/plantuml" script runs the JVM in the following way:
>      $JAVA -jar -Djava.net.useSystemProxies=true /usr/share/plantuml/plantuml.jar ${@}
> Which seems to indicate that PlantUML is doing something with the network...
>

I think this need for -Djava.net.useSystemProxies=true is because users *may* !include ressource from outside, so in that case PlantUML need to access to Internet.
But you can safely remove this if your users don't need !include. BTW, this is not completely related, but you may found this article about security interesting.

Speaking about the initial rumor, when we talk about "PlantUML", it is very likely that people get confused between the core library itself and the numerous plugins that are using the core library. What I mean is that many plugins are indeed using https://www.plantuml.com/plantuml/ to generate theirs diagrams. So those plugins are connecting to the network. But the core library does not.

Feel free to react if some points are not clear!

Comments

Thanks a lot for the answer.  I am very happy about the outcome.

In the meantime I could also clarify the background of the rumors I have mentioned: There are certain tool plugins (like, for certain IDEs), which do contact PlantUML servers to do the rendering.  The server accesses, unfortunately, got attributed to PlantUML rather than to the specific tool plugin.