Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression #4449

Closed
mohui1999 opened this issue Apr 2, 2023 · 0 comments · Fixed by #4450
Closed

[java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression #4449

mohui1999 opened this issue Apr 2, 2023 · 0 comments · Fixed by #4450
Labels
a:false-positive PMD flags a piece of code that is not problematic
Milestone
7.0.0

Comments

@mohui1999
Copy link
Contributor

mohui1999 commented Apr 2, 2023
edited by adangel
Loading

Affects PMD Version: 7.0.0

Rule: AvoidAccessibilityAlteration

Description:

The AvoidAccessibilityAlteration rule might be reporting a false positive when using a Lambda expression instead of an anonymous class inside the AccessController.doPrivileged method. The violation is reported for the field.setAccessible(true); line within the Lambda expression.

Code Sample demonstrating the issue:
Maybe a false positive:

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;

public class Violation {

    private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
        Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
        // call to forbidden setAccessible
        constructor.setAccessible(true);
        Method privateMethod = this.getClass().getDeclaredMethod("aPrivateMethod");
        // call to forbidden setAccessible
        privateMethod.setAccessible(true);
        
        String privateField = AccessController.doPrivileged((PrivilegedAction<String>)() -> {
            try {
                Field field = Violation.class.getDeclaredField("aPrivateField");
                field.setAccessible(true);    // reort AvoidAccessibilityAlteration here, but should not report
                return (String) field.get(null);
            } catch (ReflectiveOperationException | SecurityException e) {
                throw new RuntimeException(e);
            }
        });
    }
}

Compliant code with anonymous class:

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;

public class Violation {
    private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
        Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
        // call to forbidden setAccessible
        constructor.setAccessible(true);

        Method privateMethod = this.getClass().getDeclaredMethod("aPrivateMethod");
        // call to forbidden setAccessible
        privateMethod.setAccessible(true);

        // deliberate accessibility alteration
        String privateField = AccessController.doPrivileged(new PrivilegedAction<String>() {
            @Override
            public String run() {
                try {
                    Field field = Violation.class.getDeclaredField("aPrivateField");
                    field.setAccessible(true);
                    return (String) field.get(null);
                } catch (ReflectiveOperationException | SecurityException e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }
}

Expected outcome:

PMD should not report a violation at the line field.setAccessible(true); within the Lambda expression since it's within the AccessController.doPrivileged method. This appears to be a false positive.

Running PMD through: [CLI]
@mohui1999 mohui1999 added the a:false-positive PMD flags a piece of code that is not problematic label Apr 2, 2023
@mohui1999 mohui1999 mentioned this issue Apr 2, 2023
Merged
4 tasks
@adangel adangel added this to the 7.0.0 milestone Apr 3, 2023
@adangel adangel changed the title [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression with PMD 7.0 [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression+ Apr 3, 2023
@adangel adangel changed the title [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression+ [java] AvoidAccessibilityAlteration: Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression Apr 3, 2023
adangel added a commit to adangel/pmd that referenced this issue Apr 3, 2023
@adangel
[java] Update rule test description (pmd#4449)
3052e0f
adangel added a commit to adangel/pmd that referenced this issue Apr 3, 2023
@adangel
[doc] Update release notes (pmd#4450, pmd#4449)
c71b3f5
@adangel adangel closed this as completed in 36efe64 Apr 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
a:false-positive PMD flags a piece of code that is not problematic
Projects
None yet
Milestone
7.0.0
2 participants
@adangel @mohui1999