Merge pull request #4450 from mohui1999:master

[java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios #4450

.all-contributorsrc

@@ -7135,6 +7135,16 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "mohui1999",
+      "name": "Seren",
+      "avatar_url": "https://avatars.githubusercontent.com/u/46819179?v=4",
+      "profile": "https://github.com/mohui1999",
+      "contributions": [
+        "bug",
+        "code"
+      ]
     }
   ],
   "contributorsPerLine": 7,

docs/pages/release_notes.md

@@ -42,6 +42,8 @@ The remaining section describe the complete release notes for 7.0.0.
 Fixed Issues:
 * java-codestyle
   * [#4273](https://github.com/pmd/pmd/issues/4273): \[java] CommentDefaultAccessModifier ignoredAnnotations should include "org.junit.jupiter.api.extension.RegisterExtension" by default
+* java-errorprone
+  * [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
 
 ### 🚀 Major Features and Enhancements
 
@@ -364,6 +366,7 @@ Language specific fixes:
     * [#3351](https://github.com/pmd/pmd/issues/3351): \[java] ConstructorCallsOverridableMethod ignores abstract methods
     * [#3400](https://github.com/pmd/pmd/issues/3400): \[java] AvoidUsingOctalValues FN with underscores
     * [#4356](https://github.com/pmd/pmd/pull/4356):   \[java] Fix NPE in CloseResourceRule
+    * [#4449](https://github.com/pmd/pmd/issues/4449): \[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression
 * java-multithreading
     * [#2537](https://github.com/pmd/pmd/issues/2537): \[java] DontCallThreadRun can't detect the case that call run() in `this.run()`
     * [#2538](https://github.com/pmd/pmd/issues/2538): \[java] DontCallThreadRun can't detect the case that call run() in `foo.bar.run()`
@@ -395,6 +398,7 @@ Language specific fixes:
 * [#4412](https://github.com/pmd/pmd/pull/4412): \[doc] Added new error msg to ConstantsInInterface - [David Ljunggren](https://github.com/dague1) (@dague1)
 * [#4428](https://github.com/pmd/pmd/pull/4428): \[apex] ApexBadCrypto bug fix for #4427 - inline detection of hard coded values - [Steven Stearns](https://github.com/sfdcsteve) (@sfdcsteve)
 * [#4444](https://github.com/pmd/pmd/pull/4444): \[java] CommentDefaultAccessModifier - ignore org.junit.jupiter.api.extension.RegisterExtension by default - [Nirvik Patel](https://github.com/nirvikpatel) (@nirvikpatel)
+* [#4450](https://github.com/pmd/pmd/pull/4450): \[java] Fix #4449 AvoidAccessibilityAlteration: Correctly handle Lambda expressions in PrivilegedAction scenarios - [Seren](https://github.com/mohui1999) (@mohui1999)
 
 ### 📈 Stats
 * 4416 commits

pmd-java/src/main/resources/category/java/errorprone.xml

@@ -87,6 +87,8 @@ suppression methods (e.g. by using `@SuppressWarnings` annotation).
     [not(ancestor::ConstructorCall[1][pmd-java:typeIs('java.security.PrivilegedAction')]/AnonymousClassDeclaration)]
     (: exclude inner privileged action classes :)
     [not(ancestor::ClassOrInterfaceDeclaration[1][pmd-java:typeIs('java.security.PrivilegedAction')])]
+    (: exclude privileged action lambdas :)
+    [not(ancestor::LambdaExpression[pmd-java:typeIs('java.security.PrivilegedAction')])]
 ]]>
                 </value>
             </property>

pmd-java/src/test/resources/net/sourceforge/pmd/lang/java/rule/errorprone/xml/AvoidAccessibilityAlteration.xml

@@ -184,4 +184,39 @@ public class Violation {
 }
         ]]></code>
     </test-code>
-</test-data>
+
+    <test-code>
+        <description>#4449 setAccessible is ok in LambdaExpression</description>
+        <expected-problems>0</expected-problems>
+        <code><![CDATA[
+
+        import java.lang.reflect.Constructor;
+        import java.lang.reflect.Field;
+        import java.lang.reflect.Method;
+        import java.security.AccessController;
+        import java.security.PrivilegedAction;
+
+        public class Violation {
+
+            private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
+                Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
+                
+                // deliberate accessibility alteration
+                String privateField = AccessController.doPrivileged((PrivilegedAction<String>)() -> {
+                    try {
+                        Field field = Violation.class.getDeclaredField("aPrivateField");
+                        field.setAccessible(true);    //no violation
+                        return (String) field.get(null);
+                    } catch (ReflectiveOperationException | SecurityException e) {
+                        throw new RuntimeException(e);
+                    }
+                });
+            }
+        }
+
+        ]]></code>
+    </test-code>
+
+
+
+</test-data>