plugins/InspectionGadgets/InspectionGadgetsAnalysis/src/com/siyeh/ig/security/DeserializableClassInSecureContextInspection.java - platform/tools/idea - Git at Google

 /*
  * Copyright 2003-2012 Dave Griffith, Bas Leijdekkers
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package com.siyeh.ig.security;

 import com.intellij.codeInspection.ui.SingleCheckboxOptionsPanel;
 import com.intellij.psi.PsiClass;
 import com.intellij.psi.PsiMethod;
 import com.intellij.psi.PsiTypeParameter;
 import com.intellij.psi.util.InheritanceUtil;
 import com.siyeh.InspectionGadgetsBundle;
 import com.siyeh.ig.BaseInspection;
 import com.siyeh.ig.BaseInspectionVisitor;
 import com.siyeh.ig.psiutils.ControlFlowUtils;
 import com.siyeh.ig.psiutils.SerializationUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;

 import javax.swing.*;

 public class DeserializableClassInSecureContextInspection extends BaseInspection {

   @SuppressWarnings("PublicField")
   public boolean ignoreThrowable = false;

   @Override
   @NotNull
   public String getDisplayName() {
     return InspectionGadgetsBundle.message("deserializable.class.in.secure.context.display.name");
   }

   @Override
   @NotNull
   protected String buildErrorString(Object... infos) {
     return InspectionGadgetsBundle.message("deserializable.class.in.secure.context.problem.descriptor");
   }

   @Nullable
   @Override
   public JComponent createOptionsPanel() {
     return new SingleCheckboxOptionsPanel(
       InspectionGadgetsBundle.message("ignore.classes.extending.throwable.option"), this, "ignoreThrowable");
   }

   @Override
   public BaseInspectionVisitor buildVisitor() {
     return new DeserializableClassInSecureContextVisitor();
   }

   private class DeserializableClassInSecureContextVisitor extends BaseInspectionVisitor {

     @Override
     public void visitClass(@NotNull PsiClass aClass) {
       if (aClass.isInterface() || aClass.isAnnotationType() || aClass.isEnum()) {
         return;
       }
       if (aClass instanceof PsiTypeParameter || !SerializationUtils.isSerializable(aClass)) {
         return;
       }
       final PsiMethod[] methods = aClass.getMethods();
       for (final PsiMethod method : methods) {
         if (!SerializationUtils.isReadObject(method)) {
           continue;
         }
         if (ControlFlowUtils.methodAlwaysThrowsException(method)) {
           return;
         }
         else {
           break;
         }
       }
       if (ignoreThrowable && InheritanceUtil.isInheritor(aClass, false, "java.lang.Throwable")) {
         return;
       }
       registerClassError(aClass);
     }
   }

   @Override
   public String getAlternativeID() {
     return "serial";
   }
 }
	/*
	* Copyright 2003-2012 Dave Griffith, Bas Leijdekkers
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package com.siyeh.ig.security;

	import com.intellij.codeInspection.ui.SingleCheckboxOptionsPanel;
	import com.intellij.psi.PsiClass;
	import com.intellij.psi.PsiMethod;
	import com.intellij.psi.PsiTypeParameter;
	import com.intellij.psi.util.InheritanceUtil;
	import com.siyeh.InspectionGadgetsBundle;
	import com.siyeh.ig.BaseInspection;
	import com.siyeh.ig.BaseInspectionVisitor;
	import com.siyeh.ig.psiutils.ControlFlowUtils;
	import com.siyeh.ig.psiutils.SerializationUtils;
	import org.jetbrains.annotations.NotNull;
	import org.jetbrains.annotations.Nullable;

	import javax.swing.*;

	public class DeserializableClassInSecureContextInspection extends BaseInspection {

	@SuppressWarnings("PublicField")
	public boolean ignoreThrowable = false;

	@Override
	@NotNull
	public String getDisplayName() {
	return InspectionGadgetsBundle.message("deserializable.class.in.secure.context.display.name");
	}

	@Override
	@NotNull
	protected String buildErrorString(Object... infos) {
	return InspectionGadgetsBundle.message("deserializable.class.in.secure.context.problem.descriptor");
	}

	@Nullable
	@Override
	public JComponent createOptionsPanel() {
	return new SingleCheckboxOptionsPanel(
	InspectionGadgetsBundle.message("ignore.classes.extending.throwable.option"), this, "ignoreThrowable");
	}

	@Override
	public BaseInspectionVisitor buildVisitor() {
	return new DeserializableClassInSecureContextVisitor();
	}

	private class DeserializableClassInSecureContextVisitor extends BaseInspectionVisitor {

	@Override
	public void visitClass(@NotNull PsiClass aClass) {
	if (aClass.isInterface() \|\| aClass.isAnnotationType() \|\| aClass.isEnum()) {
	return;
	}
	if (aClass instanceof PsiTypeParameter \|\| !SerializationUtils.isSerializable(aClass)) {
	return;
	}
	final PsiMethod[] methods = aClass.getMethods();
	for (final PsiMethod method : methods) {
	if (!SerializationUtils.isReadObject(method)) {
	continue;
	}
	if (ControlFlowUtils.methodAlwaysThrowsException(method)) {
	return;
	}
	else {
	break;
	}
	}
	if (ignoreThrowable && InheritanceUtil.isInheritor(aClass, false, "java.lang.Throwable")) {
	return;
	}
	registerClassError(aClass);
	}
	}

	@Override
	public String getAlternativeID() {
	return "serial";
	}
	}