Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added resource leak transform and general codemod #339

Merged
merged 8 commits into from
Apr 12, 2024
Merged

Added resource leak transform and general codemod #339

merged 8 commits into from
Apr 12, 2024

Conversation

andrecsilva
Copy link
Contributor

Added a new resource leak transform and general codemod

  • Removed CodeQL dependency for ResourceLeakFixer and left it available as a general transform.
  • Added new resource leak codemod independent of CodeQL. This may conflict with the resource leak codemods if both are available, producing more changes than necessary.
  • Added ResourceLeakFixer transform to PreventFileWriterLeakWithFilesCodemod. Closes BufferedWriter migration codemod text has incorrect claims #304.

You may notice the changes to the PreventFileWriterLeakWithFilesCodemod test files. This is due to a newly discovered issue. Refer to #338.

@andrecsilva andrecsilva marked this pull request as ready for review April 9, 2024 13:22
@andrecsilva andrecsilva requested a review from nahsra April 9, 2024 13:22
nahsra
nahsra requested changes Apr 9, 2024
View reviewed changes
Copy link
Contributor

@nahsra nahsra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How do you like this plan:

  • Take the new codemod out of DefaultCodemods
  • Create tickets for the various improvements discussed here
  • Ship this PR
  • Work follow-on tickets
  • Add back to DefaultCodemods

That way, we get to keep moving forward, improve incrementally, and don't have to give our users changes they may have formatting objections towards.

core-codemods/src/intTest/java/io/codemodder/integration/WebGoat822Test.java Outdated
@@ -117,6 +117,7 @@ void it_transforms_webgoat_with_codeql() throws Exception {
outputFile.getPath(),
"--sarif",
"src/test/resources/webgoat_v8.2.2_codeql.sarif",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be solved by making the CodeQL one run with CodemodExecutionPriority.LOW, maybe?

core-codemods/src/main/java/io/codemodder/codemods/ResourceLeakCodemod.java Show resolved Hide resolved
core-codemods/src/main/java/io/codemodder/codemods/ResourceLeakFixer.java Show resolved Hide resolved
core-codemods/src/main/java/io/codemodder/codemods/ResourceLeakFixer.java Show resolved Hide resolved
core-codemods/src/test/resources/resource-leak/Test.java.before Show resolved Hide resolved
core-codemods/src/test/resources/resource-leak/Test.java.after Show resolved Hide resolved
core-codemods/src/test/resources/prevent-filewriter-leak-with-nio/Test.java.after Show resolved Hide resolved
@nahsra
Copy link
Contributor

nahsra commented Apr 9, 2024

Also, this PR and the changes are awesome!

nahsra
nahsra reviewed Apr 9, 2024
View reviewed changes
core-codemods/src/main/java/io/codemodder/codemods/ResourceLeakCodemod.java

@Override
public CodemodFileScanningResult visit(
final CodemodInvocationContext context, final CompilationUnit cu) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be an extremely expensive codemod to execute as it will force every file to be visited, and every Expression to be evaluated.

I think we need a Semgrep pattern to detect reasonable starting points that can be confirmed more thoroughly by AST-inspecting code.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a guess, but I think it's not that much to test. Again, maybe we should add it to another ticket, and make sure we check that ticket off before we add to DefaultCodemods.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only reason it visits Expression is that we cannot express sum types easily. Notice that the first thing it does is test if the given expression is ObjectCreationExpression or MethodCallExpression. After that the first check is if it is a AutoCloseable type. I think those two check are fast and restrictive enough to nip most visits without spending much.

@andrecsilva
Removed ResourceLeak codemod from DefaultCodemods
845a2ca 
- Small changes to method names in test.
- Changed the way resource generation methods in Files are detected.
@andrecsilva andrecsilva requested a review from nahsra April 10, 2024 13:35
@andrecsilva andrecsilva enabled auto-merge (squash) April 12, 2024 18:30
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Apr 12, 2024

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@andrecsilva andrecsilva merged commit 7620608 into main Apr 12, 2024
4 checks passed
@andrecsilva andrecsilva deleted the rleak-in-bw branch April 12, 2024 18:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nahsra nahsra nahsra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BufferedWriter migration codemod text has incorrect claims
2 participants
@andrecsilva @nahsra