-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Java: Added new query java/visible-for-testing-abuse
#20178
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Napalys
wants to merge
14
commits into
github:main
Choose a base branch
from
Napalys:java/visible-for-testing-abuse
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 3 commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
69e9815
Java: Added new query `java/visible-for-testing-abuse`
Napalys 87ff5e9
Java: Added inline test expectations for `java/visible-for-testing-ab…
Napalys 9670941
Java: Promoted `java/visible-for-testing-abuse` to quality
Napalys 6844b78
Java: Expanded test suite of `java/visible-for-testing-abuse`
Napalys fdb60bf
Java: enchanced check if it is within same package
Napalys d3e0182
Java: Enchanced `isWithinType` to also include lambdas, inner classes…
Napalys 2042883
Java: Fix Predicate QLDoc style.
Napalys 9c5a794
Java: Test @VisibleForTesting method accessing @VisibleForTesting mem…
Napalys cce3365
Java: Resolve spurious VisibleForTestingAbuse alerts for inner class …
Napalys 8c0678f
Java: Exclude @VisibleForTesting-to-@VisibleForTesting access from Vi…
Napalys a0b3aa6
Java: Refactor VisibleForTestingAbuse query to reduce complexity
Napalys cc497be
Java: Fix VisibleForTestingAbuse false positives in annotations
Napalys 66482b6
Java: updated `visible-for-testing-abuse` meta data and docs.
Napalys 8708130
Update java/ql/src/Violations of Best Practice/Implementation Hiding/…
Napalys File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
...src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| # J-T-003: Accessing any method, field or class annotated with `@VisibleForTesting` from production code is discouraged | ||
|
|
||
| Accessing class members annotated with `@VisibleForTesting` from production code goes against the intention of the annotation and may indicate programmer error. | ||
|
|
||
| ## Overview | ||
|
|
||
| The `@VisibleForTesting` serves to increase visibility of methods, fields or classes for the purposes of testing. Accessing methods, fields or classes that are annotated with `@VisibleForTesting` in production code (not test code) abuses the intention of the annotation. | ||
|
|
||
| ## Recommendation | ||
|
|
||
| Only access methods, fields or classes annotated with `@VisibleForTesting` from test code. If the visibility of the methods, fields or classes should generally be relaxed, use Java language access modifiers. | ||
|
|
||
| ## Example | ||
|
|
||
| ```java | ||
| public class Annotated { | ||
| @VisibleForTesting static int f(){} | ||
| } | ||
|
|
||
| /* src/test/java/Test.java */ | ||
| int i = Annotated.f(); // COMPLIANT | ||
|
|
||
| /* src/main/Source.java */ | ||
| int i = Annotated.f(); // NON_COMPLIANT | ||
|
|
||
| ``` | ||
|
|
||
| ## Implementation notes | ||
|
|
||
| This rule alerts on any implementation of the annotation `VisibleForTesting`, regardless of where it is provided from. | ||
|
|
||
| The rule also uses the following logic to determine what an abuse of the annotation is: | ||
|
|
||
| 1) If public or protected member/type is annotated with `VisibleForTesting`, it's assumed that package-private access is enough for production code. Therefore the rule alerts when a public or protected member/type annotated with `VisibleForTesting` is used outside of its declaring package. | ||
| 2) If package-private member/type is annotated with `VisibleForTesting`, it's assumed that private access is enough for production code. Therefore the rule alerts when a package-private member/type annotated with `VisibleForTesting` is used outside its declaring class. | ||
|
|
||
| ## References | ||
| - Example Specific Implementation of a VisibleForTesting Annotation: [AssertJ VisibleForTesting](https://javadoc.io/doc/org.assertj/assertj-core/latest/org/assertj/core/util/VisibleForTesting.html) | ||
| - Assumptions of what level of access is permittable for each access modifier and the annotation: [JetBrains VisibleForTesting](https://javadoc.io/doc/org.jetbrains/annotations/22.0.0/org/jetbrains/annotations/VisibleForTesting.html) |
129 changes: 129 additions & 0 deletions
129
java/ql/src/Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| /** | ||
| * @id java/visible-for-testing-abuse | ||
| * @name Accessing any method, field or class annotated with `@VisibleForTesting` from production code is discouraged | ||
| * @description Accessing any method, field or class annotated with `@VisibleForTesting` from | ||
| * production code goes against the intention of the annotation and may indicate | ||
| * programmer error. | ||
| * @kind problem | ||
| * @precision high | ||
| * @problem.severity warning | ||
| * @tags quality | ||
| * maintainability | ||
| * readability | ||
| */ | ||
|
|
||
| import java | ||
|
|
||
| /** | ||
| * A `Callable` is within some `RefType` | ||
| */ | ||
| predicate isWithinType(Callable c, RefType t) { c.getDeclaringType() = t } | ||
|
|
||
| /** | ||
| * A `Callable` is within same package as the `RefType` | ||
| */ | ||
|
||
| predicate isWithinPackage(Callable c, RefType t) { | ||
| c.getDeclaringType().getPackage() = t.getPackage() | ||
| } | ||
|
|
||
| predicate withinStaticContext(NestedClass c) { | ||
| c.isStatic() or | ||
| c.(AnonymousClass).getClassInstanceExpr().getEnclosingCallable().isStatic() // JLS 15.9.2 | ||
| } | ||
|
|
||
| RefType enclosingInstanceType(Class inner) { | ||
| not withinStaticContext(inner) and | ||
| result = inner.(NestedClass).getEnclosingType() | ||
| } | ||
|
|
||
| class OuterClass extends Class { | ||
| OuterClass() { this = enclosingInstanceType+(_) } | ||
| } | ||
|
|
||
| /** | ||
| * An innerclass is accessed outside of its outerclass | ||
| * and also outside of its fellow inner parallel classes | ||
| */ | ||
|
||
| predicate isWithinDirectOuterClassOrSiblingInner( | ||
| Callable classInstanceEnclosing, RefType typeBeingConstructed | ||
| ) { | ||
| exists(NestedClass inner, OuterClass outer | | ||
| outer = enclosingInstanceType(inner) and | ||
| typeBeingConstructed = inner and | ||
| // where the inner is called from the outer class | ||
| classInstanceEnclosing.getDeclaringType() = outer | ||
| ) | ||
| or | ||
| // and inner is called from the a parallel inner | ||
| exists(NestedClass inner, OuterClass outer, NestedClass otherinner | | ||
| typeBeingConstructed = inner and | ||
| outer = enclosingInstanceType(otherinner) and | ||
| outer = enclosingInstanceType(inner) and | ||
| classInstanceEnclosing.getDeclaringType() = otherinner | ||
| ) | ||
| } | ||
|
|
||
| from Annotatable annotated, Annotation annotation, Expr e | ||
| where | ||
| annotation.getType().hasName("VisibleForTesting") and | ||
| annotated.getAnAnnotation() = annotation and | ||
| ( | ||
| // field access | ||
| exists(FieldAccess v | | ||
| v = e and | ||
| v.getField() = annotated and | ||
| // depending on the visiblity of the field, using the annotation to abuse the visibility may/may not be occurring | ||
Napalys marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ( | ||
| // if its package protected report when its used outside its class bc it should have been private (class only permitted) | ||
| v.getField().isPackageProtected() and | ||
| not isWithinType(v.getEnclosingCallable(), v.getField().getDeclaringType()) | ||
| or | ||
| // if public or protected report when its used outside its package because package protected should have been enough (package only permitted) | ||
| (v.getField().isPublic() or v.getField().isProtected()) and | ||
| not isWithinPackage(v.getEnclosingCallable(), v.getField().getDeclaringType()) | ||
| ) | ||
| ) | ||
| or | ||
| // class instantiation | ||
| exists(ClassInstanceExpr c | | ||
| c = e and | ||
| c.getConstructedType() = annotated and | ||
| // depending on the visiblity of the class, using the annotation to abuse the visibility may/may not be occurring | ||
| // if public report when its used outside its package because package protected should have been enough (package only permitted) | ||
| ( | ||
| c.getConstructedType().isPublic() and | ||
| not isWithinPackage(c.getEnclosingCallable(), c.getConstructedType()) | ||
| or | ||
| // if its package protected report when its used outside its outer class bc it should have been private (outer class only permitted) | ||
| c.getConstructedType().hasNoModifier() and | ||
| // and the class is an innerclass, because otherwise recommending a lower accessibility makes no sense (only inner classes can be private) | ||
| exists(enclosingInstanceType(c.getConstructedType())) and | ||
| not isWithinDirectOuterClassOrSiblingInner(c.getEnclosingCallable(), c.getConstructedType()) | ||
| ) | ||
| ) | ||
| or | ||
| // method access | ||
| exists(MethodCall c | | ||
| c = e and | ||
| c.getMethod() = annotated and | ||
| // depending on the visiblity of the method, using the annotation to abuse the visibility may/may not be occurring | ||
Napalys marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| ( | ||
| // if its package protected report when its used outside its class bc it should have been private (class only permitted) | ||
| c.getMethod().isPackageProtected() and | ||
| not isWithinType(c.getEnclosingCallable(), c.getMethod().getDeclaringType()) | ||
| or | ||
| // if public or protected report when its used outside its package because package protected should have been enough (package only permitted) | ||
| (c.getMethod().isPublic() or c.getMethod().isProtected()) and | ||
| not isWithinPackage(c.getEnclosingCallable(), c.getMethod().getDeclaringType()) | ||
| ) | ||
| ) | ||
| ) and | ||
| // not in a test where use is appropriate | ||
| not e.getEnclosingCallable() instanceof LikelyTestMethod and | ||
| // also omit our own ql unit test where it is acceptable | ||
| not e.getEnclosingCallable() | ||
| .getFile() | ||
| .getAbsolutePath() | ||
| .matches("%java/ql/test/query-tests/%Test.java") | ||
| select e, "Access of $@ annotated with VisibleForTesting found in production code.", annotated, | ||
| "element" | ||
4 changes: 4 additions & 0 deletions
4
java/ql/test/query-tests/VisibleForTestingAbuse/VisibleForTestingAbuse.expected
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| | packageone/SourcePackage.java:8:21:8:32 | Annotated.m1 | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:9:29:9:30 | m1 | element | | ||
| | packagetwo/Source.java:7:17:7:29 | f(...) | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:12:16:12:16 | f | element | | ||
| | packagetwo/Source.java:8:20:8:30 | Annotated.m | Access of $@ annotated with VisibleForTesting found in production code. | packagetwo/Annotated.java:7:19:7:19 | m | element | | ||
| | packagetwo/Source.java:9:28:9:47 | new AnnotatedClass(...) | Access of $@ annotated with VisibleForTesting found in production code. | packageone/AnnotatedClass.java:4:14:4:27 | AnnotatedClass | element | |
2 changes: 2 additions & 0 deletions
2
java/ql/test/query-tests/VisibleForTestingAbuse/VisibleForTestingAbuse.qlref
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| query: Violations of Best Practice/Implementation Hiding/VisibleForTestingAbuse.ql | ||
| postprocess: utils/test/InlineExpectationsTestQuery.ql |
6 changes: 6 additions & 0 deletions
6
java/ql/test/query-tests/VisibleForTestingAbuse/packageone/AnnotatedClass.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| package packageone; | ||
|
|
||
| @VisibleForTesting | ||
| public class AnnotatedClass { | ||
| public AnnotatedClass() {} | ||
| } |
10 changes: 10 additions & 0 deletions
10
java/ql/test/query-tests/VisibleForTestingAbuse/packageone/SourcePackage.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| package packageone; | ||
|
|
||
| import packagetwo.Annotated; | ||
|
|
||
| public class SourcePackage extends Annotated { | ||
| void f() { | ||
| AnnotatedClass a = new AnnotatedClass(); // COMPLIANT - same package | ||
| String s1 = Annotated.m1; // $ Alert | ||
| } | ||
| } |
4 changes: 4 additions & 0 deletions
4
java/ql/test/query-tests/VisibleForTestingAbuse/packageone/VisibleForTesting.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| package packageone; | ||
|
|
||
| public @interface VisibleForTesting { | ||
| } |
15 changes: 15 additions & 0 deletions
15
java/ql/test/query-tests/VisibleForTestingAbuse/packagetwo/Annotated.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| package packagetwo; | ||
|
|
||
| import packageone.*; | ||
|
|
||
| public class Annotated { | ||
| @VisibleForTesting | ||
| static String m; | ||
| @VisibleForTesting | ||
| static protected String m1; | ||
|
|
||
| @VisibleForTesting | ||
| static int f() { | ||
| return 1; | ||
| } | ||
| } |
12 changes: 12 additions & 0 deletions
12
java/ql/test/query-tests/VisibleForTestingAbuse/packagetwo/Source.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| package packagetwo; | ||
|
|
||
| import packageone.*; | ||
|
|
||
| public class Source { | ||
| void f() { | ||
| int i = Annotated.f(); // $ Alert | ||
| String s = Annotated.m; // $ Alert | ||
| AnnotatedClass a = new AnnotatedClass(); // $ Alert | ||
| String s1 = Annotated.m1; // COMPLIANT - same package | ||
| } | ||
| } |
12 changes: 12 additions & 0 deletions
12
java/ql/test/query-tests/VisibleForTestingAbuse/packagetwo/Test.java
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| package packagetwo; | ||
|
|
||
| import packageone.*; | ||
|
|
||
| public class Test { | ||
| void f() { | ||
| int i = Annotated.f(); // COMPLIANT | ||
| String s = Annotated.m; // COMPLIANT | ||
| AnnotatedClass a = new AnnotatedClass(); // COMPLIANT | ||
| String s1 = Annotated.m1; // COMPLIANT | ||
| } | ||
| } |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.