Merge pull request #4450 from mohui1999:master

[java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios #4450
This commit is contained in:
Andreas Dangel
2023-04-03 20:17:12 +02:00
5 changed files with 93 additions and 41 deletions

View File

@ -7135,6 +7135,16 @@
"contributions": [
"code"
]
},
{
"login": "mohui1999",
"name": "Seren",
"avatar_url": "https://avatars.githubusercontent.com/u/46819179?v=4",
"profile": "https://github.com/mohui1999",
"contributions": [
"bug",
"code"
]
}
],
"contributorsPerLine": 7,

File diff suppressed because it is too large Load Diff

View File

@ -42,6 +42,8 @@ The remaining section describe the complete release notes for 7.0.0.
Fixed Issues:
* java-codestyle
* [#4273](https://github.com/pmd/pmd/issues/4273): \[java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
* java-errorprone
* [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
### 🚀 Major Features and Enhancements
@ -364,6 +366,7 @@ Language specific fixes:
* [#3351](https://github.com/pmd/pmd/issues/3351): \[java] ConstructorCallsOverridableMethod ignores abstract methods
* [#3400](https://github.com/pmd/pmd/issues/3400): \[java] AvoidUsingOctalValues FN with underscores
* [#4356](https://github.com/pmd/pmd/pull/4356): \[java] Fix NPE in CloseResourceRule
* [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
* java-multithreading
* [#2537](https://github.com/pmd/pmd/issues/2537): \[java] DontCallThreadRun can't detect the case that call run() in `this.run()`
* [#2538](https://github.com/pmd/pmd/issues/2538): \[java] DontCallThreadRun can't detect the case that call run() in `foo.bar.run()`
@ -395,6 +398,7 @@ Language specific fixes:
* [#4412](https://github.com/pmd/pmd/pull/4412): \[doc] Added new error msg to ConstantsInInterface - [David Ljunggren](https://github.com/dague1) (@dague1)
* [#4428](https://github.com/pmd/pmd/pull/4428): \[apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - [Steven Stearns](https://github.com/sfdcsteve) (@sfdcsteve)
* [#4444](https://github.com/pmd/pmd/pull/4444): \[java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - [Nirvik Patel](https://github.com/nirvikpatel) (@nirvikpatel)
* [#4450](https://github.com/pmd/pmd/pull/4450): \[java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - [Seren](https://github.com/mohui1999) (@mohui1999)
### 📈 Stats
* 4416 commits

View File

@ -87,6 +87,8 @@ suppression methods (e.g. by using `@SuppressWarnings` annotation).
[not(ancestor::ConstructorCall[1][pmd-java:typeIs('java.security.PrivilegedAction')]/AnonymousClassDeclaration)]
(: exclude inner privileged action classes :)
[not(ancestor::ClassOrInterfaceDeclaration[1][pmd-java:typeIs('java.security.PrivilegedAction')])]
(: exclude privileged action lambdas :)
[not(ancestor::LambdaExpression[pmd-java:typeIs('java.security.PrivilegedAction')])]
]]>
</value>
</property>

View File

@ -184,4 +184,39 @@ public class Violation {
}
]]></code>
</test-code>
<test-code>
<description>#4449 setAccessible is ok in LambdaExpression</description>
<expected-problems>0</expected-problems>
<code><![CDATA[
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
public class Violation {
private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
// deliberate accessibility alteration
String privateField = AccessController.doPrivileged((PrivilegedAction<String>)() -> {
try {
Field field = Violation.class.getDeclaredField("aPrivateField");
field.setAccessible(true); //no violation
return (String) field.get(null);
} catch (ReflectiveOperationException | SecurityException e) {
throw new RuntimeException(e);
}
});
}
}
]]></code>
</test-code>
</test-data>