A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/pmd/pmd/issues/4449 below:

Possible false positive in AvoidAccessibilityAlteration rule when using Lambda expression · Issue #4449 · pmd/pmd · GitHub

Affects PMD Version: 7.0.0

Rule: AvoidAccessibilityAlteration

Description:

The AvoidAccessibilityAlteration rule might be reporting a false positive when using a Lambda expression instead of an anonymous class inside the AccessController.doPrivileged method. The violation is reported for the field.setAccessible(true); line within the Lambda expression.

Code Sample demonstrating the issue:
Maybe a false positive:

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;

public class Violation {

    private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
        Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
        // call to forbidden setAccessible
        constructor.setAccessible(true);
        Method privateMethod = this.getClass().getDeclaredMethod("aPrivateMethod");
        // call to forbidden setAccessible
        privateMethod.setAccessible(true);
        
        String privateField = AccessController.doPrivileged((PrivilegedAction<String>)() -> {
            try {
                Field field = Violation.class.getDeclaredField("aPrivateField");
                field.setAccessible(true);    // reort AvoidAccessibilityAlteration here, but should not report
                return (String) field.get(null);
            } catch (ReflectiveOperationException | SecurityException e) {
                throw new RuntimeException(e);
            }
        });
    }
}

Compliant code with anonymous class:

import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;

public class Violation {
    private void invalidSetAccessCalls() throws NoSuchMethodException, SecurityException {
        Constructor<?> constructor = this.getClass().getDeclaredConstructor(String.class);
        // call to forbidden setAccessible
        constructor.setAccessible(true);

        Method privateMethod = this.getClass().getDeclaredMethod("aPrivateMethod");
        // call to forbidden setAccessible
        privateMethod.setAccessible(true);

        // deliberate accessibility alteration
        String privateField = AccessController.doPrivileged(new PrivilegedAction<String>() {
            @Override
            public String run() {
                try {
                    Field field = Violation.class.getDeclaredField("aPrivateField");
                    field.setAccessible(true);
                    return (String) field.get(null);
                } catch (ReflectiveOperationException | SecurityException e) {
                    throw new RuntimeException(e);
                }
            }
        });
    }
}

Expected outcome:

PMD should not report a violation at the line field.setAccessible(true); within the Lambda expression since it's within the AccessController.doPrivileged method. This appears to be a false positive.

Running PMD through: [CLI]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4