All Downloads are FREE. Search and download functionalities are using the official Maven repository.

resources.report.rules.pmd.AvoidAccessibilityAlteration.html Maven / Gradle / Ivy

Go to download

Sanity4J was created to simplify running multiple static code analysis tools on the Java projects. It provides a single entry point to run all the selected tools and produce a consolidated report, which presents all findings in an easily accessible manner.

There is a newer version: 1.1.1
Show newest version


AvoidAccessibilityAlteration


AvoidAccessibilityAlteration

Methods such as getDeclaredConstructors(), getDeclaredConstructor(Class[]) and setAccessible(), as the interface PrivilegedAction, allow to alter, at runtime, the visilibilty of variable, classes, or methods, even if they are private. Obviously, no one should do so, as such behavior is against everything encapsulation principal stands for.

This rule is defined by the following XPath expression:

                   
                        //PrimaryExpression[
                        (
                        (PrimarySuffix[
                                ends-with(@Image,'getDeclaredConstructors')
                                        or
                                ends-with(@Image,'getDeclaredConstructor')
                                        or
                                ends-with(@Image,'setAccessible')
                                ])
                        or
                        (PrimaryPrefix/Name[
                                ends-with(@Image,'getDeclaredConstructor')
                                or
                                ends-with(@Image,'getDeclaredConstructors')
                                or
                                starts-with(@Image,'AccessibleObject.setAccessible')
                                ])
                        )
                        and
                        (//ImportDeclaration/Name[
                                contains(@Image,'java.security.PrivilegedAction')])
                ]
                
                

Example:

                
            

			import java.lang.reflect.AccessibleObject;
			import java.lang.reflect.Method;
			import java.security.PrivilegedAction;

			public class Violation {
				public void invalidCallsInMethod() throws SecurityException, NoSuchMethodException {
					// Possible call to forbidden getDeclaredConstructors
					Class[] arrayOfClass = new Class[1];
					this.getClass().getDeclaredConstructors();
					this.getClass().getDeclaredConstructor(arrayOfClass);
					Class clazz = this.getClass();
					clazz.getDeclaredConstructor(arrayOfClass);
					clazz.getDeclaredConstructors();

					// Possible call to forbidden setAccessible
					clazz.getMethod("", arrayOfClass).setAccessible(false);
					AccessibleObject.setAccessible(null, false);
					Method.setAccessible(null, false);
					Method[] methodsArray = clazz.getMethods();
					int nbMethod;
					for ( nbMethod = 0; nbMethod < methodsArray.length; nbMethod++ ) {
						methodsArray[nbMethod].setAccessible(false);
					}

					// Possible call to forbidden PrivilegedAction
					PrivilegedAction priv = (PrivilegedAction) new Object(); priv.run();
				}
			}
					
			
            




© 2015 - 2024 Weber Informatics LLC | Privacy Policy