Hungarian Notation checker for Java
Switch branches/tags
Nothing to show
Clone or download

README.md

hungarian-checker

An example of enforcing Hungarian Notation in Java using the Checker Framework.

System Requirements

  1. The Checker Framework
  2. Java 8, or the JSR 308 annotation tools (available on the Checker Framework website)

How it Works

The checker defines two type annotations @Safe and @Unsafe that specify whether or not an expression contains has been encoded/escaped.

The checker enforces that expressions with type @Unsafe are not used where a value with type @Safe is expected.

By default, the checker assumes everything is @Unsafe. The developer can write a @Safe annotation on a type to denote that the expression is encoded/escaped. The checker also supports Hungarian Notation: variables and parameters that start with the "s" prefix are automatically given the @Safe annotation.

Running the Checker

To run the checker, use javac with the -processor com.toddschiller.checker.HungarianChecker option. Remember to include the Hungarian Checker and the Checker Framework on the Java classpath (e.g., using the -cp flag).

javac -processor com.toddschiller.checker.HungarianChecker MyFile.java

The run the checker in debug mode, use the -Alint=debugSpew flag.

Example Output

Example source:

public @Safe String encode(String str){ ... }
public @Unsafe String getUserInput(String str){ ... }

// The sQuery parameter is given the @Safe annotation because of the prefix "s"
public void executeSqlQuery(String sQuery){ ... }

public void shouldWarn() {
  String user = getUserInput();

  // WARNING: user is known to be @Unsafe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
 
  user = encode(user);

  // SAFE: user is known to be @Safe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
}

The corresponding checker output:

HungarianExample.java:26: error: [argument.type.incompatible] incompatible types in argument.
        executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
                                                                  ^
  found   : @Unsafe String
  required: @Safe String