Extend detector FindOverridableMethodCall to detect indirect cases
#1716
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
September 16, 2021 11:31
This new detector detects invocation of overridable method in constructors (`MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR`) and clone() method (`MC_OVERRIDABLE_METHOD_CALL_IN_CLONE`), according to SEI CERT rules [MET05-J. Ensure that constructors do not call overridable methods](https://wiki.sei.cmu.edu/confluence/display/java/MET05-J.+Ensure+that+constructors+do+not+call+overridable+methods) and [MET06-J. Do not invoke overridable methods in clone()](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487921)
An overridable method may be called indirectly from a constructor or from a `clone()` method. This patch extends the `FindOverridableMathodCall` to also these cases. (Only thos cases are detected where the non-overridable caller calls the overridable method (directrly or indirectly) on itself.
|
This is a PR over PR #1711. |
|
Only a few additional findings compared to the previous PR: Diff on SpotBugs itself, Jenkins, OpenGrok, MATSim, NanoHTTPD, Bt, Ttorrent |
ThrawnCA
requested changes
Sep 20, 2021
spotbugs/etc/messages.xml
Outdated
| <p>Detector for patterns where a constructor or a clone() method calls an overridable | ||
| method.</p> | ||
| <p> | ||
| Calling an overridalbe method from a constructor may result in the use of |
There was a problem hiding this comment.
Misspelled "overridable".
spotbugs/etc/messages.xml
Outdated
| <Details> | ||
| <
1 task
ThrawnCA
previously approved these changes
Sep 23, 2021
KengoTODA
requested changes
Nov 3, 2021
spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
Outdated
Show resolved
Hide resolved
spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
Outdated
Show resolved
Hide resolved
spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
Show resolved
Hide resolved
ThrawnCA
requested changes
Nov 5, 2021
| checkAndRecordCallFromConstructor(ctor.method, method, ctor.sourceLine); | ||
| } | ||
| } | ||
| if (clone != null) { |
There was a problem hiding this comment.
These two conditions could be combined.
| } | ||
| if (callers != null) { | ||
| for (XMethod caller : callers) { | ||
| if (!method.isPrivate() && !method.isFinal()) { |
There was a problem hiding this comment.
"if not...else" is a double negative, please refactor.
| if (cp.getClassIndex() != getThisClass().getClassNameIndex()) { | ||
| return; | ||
| } | ||
| ConstantNameAndType cnt = (ConstantNameAndType) getConstantPool() |
There was a problem hiding this comment.
Please change this variable name, it's too close to inappropriate.
| } | ||
| XMethod method = getXClass().findMethod(metOpt.get().getName(), metOpt.get().getSignature(), | ||
| metOpt.get().isStatic()); | ||
| if (ctor != null) { |
There was a problem hiding this comment.
These two conditions could be combined.
ThrawnCA
previously approved these changes
Nov 8, 2021
KengoTODA
approved these changes
Nov 8, 2021
ThrawnCA
approved these changes
Nov 10, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
An overridable method may be called indirectly from a constructor or from a
clone()method. This patch extends theFindOverridableMathodCallto also these cases. (Only thos cases are detected where the non-overridable caller calls the overridable method (directrly or indirectly) on itself.Make sure these boxes are checked before submitting your PR -- thank you!
CHANGELOG.mdif you have changed SpotBugs code