lint/libs/lint-checks/src/main/java/com/android/tools/lint/checks/CheckPermissionDetector.java - platform/tools/base - Git at Google

 /*
  * Copyright (C) 2013 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.tools.lint.checks;

 import static com.android.tools.lint.client.api.JavaParser.ResolvedClass;
 import static com.android.tools.lint.client.api.JavaParser.ResolvedMethod;
 import static com.android.tools.lint.client.api.JavaParser.ResolvedNode;

 import com.android.annotations.NonNull;
 import com.android.annotations.Nullable;
 import com.android.tools.lint.detector.api.Category;
 import com.android.tools.lint.detector.api.Detector;
 import com.android.tools.lint.detector.api.Implementation;
 import com.android.tools.lint.detector.api.Issue;
 import com.android.tools.lint.detector.api.JavaContext;
 import com.android.tools.lint.detector.api.Scope;
 import com.android.tools.lint.detector.api.Severity;

 import java.util.Arrays;
 import java.util.List;

 import lombok.ast.AstVisitor;
 import lombok.ast.ExpressionStatement;
 import lombok.ast.MethodInvocation;

 /**
  * Ensures that calls to check permission use the result (otherwise they probably meant to call the
  * <b>enforce</b> permission methods instead)
  */
 public class CheckPermissionDetector extends Detector implements Detector.JavaScanner {
     /** Main issue checked by this detector */
     public static final Issue ISSUE = Issue.create("UseCheckPermission", //$NON-NLS-1$
         "Using the result of check permission calls",
         "Ensures that the return value of check permission calls are used",

         "You normally want to use the result of checking a permission; these methods " +
         "return whether the permission is held; they do not throw an error if the permission " +
         "is not granted. Code which does not do anything with the return value probably " +
         "meant to be calling the enforce methods instead, e.g. rather than " +
         "`Context#checkCallingPermission` it should call `Context#enforceCallingPermission`.",

         Category.SECURITY, 6, Severity.WARNING,
         new Implementation(CheckPermissionDetector.class, Scope.JAVA_FILE_SCOPE));

     private static final String CHECK_PERMISSION = "checkPermission";

     /**
      * Constructs a new {@link com.android.tools.lint.checks.CheckPermissionDetector} check
      */
     public CheckPermissionDetector() {
     }

     // ---- Implements JavaScanner ----

     @Override
     public void visitMethod(@NonNull JavaContext context, @Nullable AstVisitor visitor,
             @NonNull MethodInvocation node) {
         if (node.getParent() instanceof ExpressionStatement) {
             String check = node.astName().astValue();
             if (CHECK_PERMISSION.equals(check)) {
                 if (!ensureContextMethod(context, node)) {
                     return;
                 }
             }
             assert check.startsWith("check") : check;
             String enforce = "enforce" + check.substring("check".length());
             context.report(ISSUE, node, context.getLocation(node),
                     String.format(
                             "The result of %1$s is not used; did you mean to call %2$s?",
                             check, enforce), null);
         }
     }

     private static boolean ensureContextMethod(
             @NonNull JavaContext context,
             @NonNull MethodInvocation node) {
         // Method name used in many other contexts where it doesn't have the
         // same semantics; only use this one if we can resolve types
         // and we're certain this is the Context method
         ResolvedNode resolved = context.resolve(node);
         if (resolved instanceof ResolvedMethod) {
             ResolvedMethod method = (ResolvedMethod) resolved;
             ResolvedClass containingClass = method.getContainingClass();
             if (containingClass.isSubclassOf("android.content.Context", false)) {
                 return true;
             }
         }
         return false;
     }

     @Override
     public List<String> getApplicableMethodNames() {
         return Arrays.asList(
                 CHECK_PERMISSION,
                 "checkUriPermission",
                 "checkCallingOrSelfPermission",
                 "checkCallingPermission",
                 "checkCallingUriPermission",
                 "checkCallingOrSelfUriPermission"
         );
     }
 }
	/*
	* Copyright (C) 2013 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.tools.lint.checks;

	import static com.android.tools.lint.client.api.JavaParser.ResolvedClass;
	import static com.android.tools.lint.client.api.JavaParser.ResolvedMethod;
	import static com.android.tools.lint.client.api.JavaParser.ResolvedNode;

	import com.android.annotations.NonNull;
	import com.android.annotations.Nullable;
	import com.android.tools.lint.detector.api.Category;
	import com.android.tools.lint.detector.api.Detector;
	import com.android.tools.lint.detector.api.Implementation;
	import com.android.tools.lint.detector.api.Issue;
	import com.android.tools.lint.detector.api.JavaContext;
	import com.android.tools.lint.detector.api.Scope;
	import com.android.tools.lint.detector.api.Severity;

	import java.util.Arrays;
	import java.util.List;

	import lombok.ast.AstVisitor;
	import lombok.ast.ExpressionStatement;
	import lombok.ast.MethodInvocation;

	/**
	* Ensures that calls to check permission use the result (otherwise they probably meant to call the
	* <b>enforce</b> permission methods instead)
	*/
	public class CheckPermissionDetector extends Detector implements Detector.JavaScanner {
	/** Main issue checked by this detector */
	public static final Issue ISSUE = Issue.create("UseCheckPermission", //$NON-NLS-1$
	"Using the result of check permission calls",
	"Ensures that the return value of check permission calls are used",

	"You normally want to use the result of checking a permission; these methods " +
	"return whether the permission is held; they do not throw an error if the permission " +
	"is not granted. Code which does not do anything with the return value probably " +
	"meant to be calling the enforce methods instead, e.g. rather than " +
	"`Context#checkCallingPermission` it should call `Context#enforceCallingPermission`.",

	Category.SECURITY, 6, Severity.WARNING,
	new Implementation(CheckPermissionDetector.class, Scope.JAVA_FILE_SCOPE));

	private static final String CHECK_PERMISSION = "checkPermission";

	/**
	* Constructs a new {@link com.android.tools.lint.checks.CheckPermissionDetector} check
	*/
	public CheckPermissionDetector() {
	}

	// ---- Implements JavaScanner ----

	@Override
	public void visitMethod(@NonNull JavaContext context, @Nullable AstVisitor visitor,
	@NonNull MethodInvocation node) {
	if (node.getParent() instanceof ExpressionStatement) {
	String check = node.astName().astValue();
	if (CHECK_PERMISSION.equals(check)) {
	if (!ensureContextMethod(context, node)) {
	return;
	}
	}
	assert check.startsWith("check") : check;
	String enforce = "enforce" + check.substring("check".length());
	context.report(ISSUE, node, context.getLocation(node),
	String.format(
	"The result of %1$s is not used; did you mean to call %2$s?",
	check, enforce), null);
	}
	}

	private static boolean ensureContextMethod(
	@NonNull JavaContext context,
	@NonNull MethodInvocation node) {
	// Method name used in many other contexts where it doesn't have the
	// same semantics; only use this one if we can resolve types
	// and we're certain this is the Context method
	ResolvedNode resolved = context.resolve(node);
	if (resolved instanceof ResolvedMethod) {
	ResolvedMethod method = (ResolvedMethod) resolved;
	ResolvedClass containingClass = method.getContainingClass();
	if (containingClass.isSubclassOf("android.content.Context", false)) {
	return true;
	}
	}
	return false;
	}

	@Override
	public List<String> getApplicableMethodNames() {
	return Arrays.asList(
	CHECK_PERMISSION,
	"checkUriPermission",
	"checkCallingOrSelfPermission",
	"checkCallingPermission",
	"checkCallingUriPermission",
	"checkCallingOrSelfUriPermission"
	);
	}
	}