Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

hungarian-checker

An example of enforcing Hungarian Notation in Java using the Checker Framework.

System Requirements

  1. The Checker Framework
  2. Java 8, or the JSR 308 annotation tools (available on the Checker Framework website)

How it Works

The checker defines two type annotations @Safe and @Unsafe that specify whether or not an expression contains has been encoded/escaped.

The checker enforces that expressions with type @Unsafe are not used where a value with type @Safe is expected.

By default, the checker assumes everything is @Unsafe. The developer can write a @Safe annotation on a type to denote that the expression is encoded/escaped. The checker also supports Hungarian Notation: variables and parameters that start with the "s" prefix are automatically given the @Safe annotation.

Running the Checker

To run the checker, use javac with the -processor com.toddschiller.checker.HungarianChecker option. Remember to include the Hungarian Checker and the Checker Framework on the Java classpath (e.g., using the -cp flag).

javac -processor com.toddschiller.checker.HungarianChecker MyFile.java

The run the checker in debug mode, use the -Alint=debugSpew flag.

Example Output

Example source:

public @Safe String encode(String str){ ... }
public @Unsafe String getUserInput(String str){ ... }

// The sQuery parameter is given the @Safe annotation because of the prefix "s"
public void executeSqlQuery(String sQuery){ ... }

public void shouldWarn() {
  String user = getUserInput();

  // WARNING: user is known to be @Unsafe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
 
  user = encode(user);

  // SAFE: user is known to be @Safe
  executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
}

The corresponding checker output:

HungarianExample.java:26: error: [argument.type.incompatible] incompatible types in argument.
        executeSqlQuery("SELECT * FROM table WHERE user='" + user + "'");
                                                                  ^
  found   : @Unsafe String
  required: @Safe String

About

Hungarian Notation checker for Java

Resources

License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.