#20: Implemented Security Rule Y2 (#35)

moritzLanger · web-flow · commit dc118707f425 · 2023-03-17T10:19:09.000+01:00
diff --git a/src/test/java/com/devonfw/sample/archunit/SecurityTest.java b/src/test/java/com/devonfw/sample/archunit/SecurityTest.java
@@ -1,5 +1,8 @@
 package com.devonfw.sample.archunit;
 
+import com.tngtech.archunit.base.DescribedPredicate;
+import com.tngtech.archunit.core.domain.JavaMethodCall;
+import com.tngtech.archunit.core.domain.JavaType;
 import com.tngtech.archunit.core.importer.ImportOption;
 import com.tngtech.archunit.junit.AnalyzeClasses;
 import com.tngtech.archunit.junit.ArchTest;
@@ -9,7 +12,10 @@
 import javax.annotation.security.PermitAll;
 import javax.annotation.security.RolesAllowed;
 
+import java.util.List;
+
 import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.methods;
+import static com.tngtech.archunit.lang.syntax.ArchRuleDefinition.noClasses;
 
 /**
  * JUnit test that validates the security rules of this application.
@@ -31,4 +37,28 @@ public class SecurityTest {
                     .orShould().beAnnotatedWith(DenyAll.class)
                     .because("All Use-Case implementation methods must be annotated with a security " +
                             "constraint from javax.annotation.security");
+
+    /**
+     * Checks if these methods are being used
+     * Query createQuery(String qlString)
+     * <T> TypedQuery<T> createQuery(String qlString, Class<T> resultClass)
+     * Query createNativeQuery(String sqlString)
+     * Query createNativeQuery(String sqlString, Class resultClass)
+     * Query createNativeQuery(String sqlString, String resultSetMapping)
+     */
+    @ArchTest
+    private static final ArchRule shouldnTUseCreateQuery = noClasses().should().callMethodWhere(new DescribedPredicate<JavaMethodCall>("test whether CreateQuery or CreateNativQuery is used") {
+            @Override
+            public boolean test(JavaMethodCall javaMethod) {
+                        if(javaMethod.getName().equals("createQuery")){
+                                return parameterCheck(javaMethod.getTarget().getParameterTypes());
+                        }else if(javaMethod.getName().equals("createNativeQuery")){
+                                return parameterCheck(javaMethod.getTarget().getParameterTypes());
+                        }                        
+                return false;                        
+            }
+            public boolean parameterCheck(List<JavaType> parameters){
+                return(!parameters.isEmpty() &&
+                        parameters.get(0).getName().equals(String.class.getName()));}
+        });            
 }
