Skip to content

Commit

Permalink
#112: Add package support to the ObfuscationRequired rule
Browse files Browse the repository at this point in the history 
Fixed #112
  • Loading branch information
@dgroup
dgroup committed Feb 14, 2022
1 parent 2529809 commit 6d647ec
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 14 deletions.
15 changes: 11 additions & 4 deletions src/main/java/io/github/dgroup/arch4u/pmd/ObfuscationRequired.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,8 @@
/**
* A rule that prohibits the using methods of a particular class.
*
* @see <a href="https://github.com/dgroup/arch4u-pmd/issues/22">https://github.com/dgroup/arch4u-pmd/issues/22</a>
* @see
* <a href="https://github.com/dgroup/arch4u-pmd/issues/22">https://github.com/dgroup/arch4u-pmd/issues/22</a>
* @since 0.1.0
*/
@SuppressWarnings("PMD.StaticAccessToStaticFields")
Expand Down Expand Up @@ -117,9 +118,15 @@ public Object visit(final ASTVariableDeclaratorId vardecl, final Object data) {
* @return True if the type is logger.
*/
private boolean isLogger(final ASTType type) {
return this.getProperty(LOGGERS)
.stream()
.anyMatch(logger -> TypeIsFunction.typeIs(type, logger));
final boolean matches;
if (type != null) {
matches = false;
} else {
matches = this.getProperty(LOGGERS)
.stream()
.anyMatch(logger -> TypeIsFunction.typeIs(type, logger));
}
return matches;
}

/**
Expand Down
69 changes: 59 additions & 10 deletions src/test/resources/io/github/dgroup/arch4u/pmd/xml/ObfuscationRequired.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,15 @@
-->

<test-data
xmlns="http://pmd.sourceforge.net/rule-tests"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests https://pmd.sourceforge.io/rule-tests_1_0_0.xsd">
xmlns="http://pmd.sourceforge.net/rule-tests"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://pmd.sourceforge.net/rule-tests https://pmd.sourceforge.io/rule-tests_1_0_0.xsd">

<test-code>
<description>[BAD]: prohibited class with sensitive data is logged</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person
</rule-property>
<expected-problems>1</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
Expand All @@ -49,9 +50,9 @@ class Foo {
</test-code>

<test-code>
<description>[BAD]: direct `toString` invocation on sensitive data is logged</description>
<description>[BAD]: prohibited package</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person</rule-property>
<rule-property name="sensitivePackages">io.github.dgroup.arch4u.pmd.test_entity</rule-property>
<expected-problems>1</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
Expand All @@ -72,7 +73,8 @@ class Foo {
<test-code>
<description>[BAD]: classes are passed as method parameters</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person
</rule-property>
<expected-problems>1</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
Expand All @@ -88,7 +90,8 @@ class Foo {
<test-code>
<description>[OK]: no logged objects with sensitive data</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person
</rule-property>
<expected-problems>0</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
Expand All @@ -107,7 +110,8 @@ class Foo {
<test-code>
<description>[OK]: no logged objects with sensitive data</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person</rule-property>
<rule-property name="sensitiveClasses">io.github.dgroup.arch4u.pmd.test_entity.Person
</rule-property>
<expected-problems>0</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
Expand All @@ -127,7 +131,8 @@ class Foo {
<description>[BAD]: prohibited package and subpackage</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitiveClasses">java.lang.Integer</rule-property>
<rule-property name="sensitivePackages">io.github.dgroup.arch4u.pmd.test_entity.secret</rule-property>
<rule-property name="sensitivePackages">io.github.dgroup.arch4u.pmd.test_entity.secret
</rule-property>
<expected-problems>2</expected-problems>
<expected-linenumbers>10, 14</expected-linenumbers>
<code><![CDATA[
Expand All @@ -150,4 +155,48 @@ class Foo {
]]></code>
</test-code>

<test-code>
<description>[BAD]: prohibited package</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitivePackages">io.github.dgroup.arch4u.pmd.test_entity</rule-property>
<expected-problems>1</expected-problems>
<expected-linenumbers>11</expected-linenumbers>
<code><![CDATA[
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import io.github.dgroup.arch4u.pmd.test_entity.Person;
public class MyClass {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(MyClass.class);
private Func<Person, String> obfuscation = person -> person.getId().toString();
public void process(Person person) {
log.debug("Got {}", person); // violation
log.debug("Got {}", this.obfuscation.apply(person)); // ok
}
}
]]></code>
</test-code>

<test-code>
<description>[OK]: object obfuscated before logging</description>
<rule-property name="loggerClasses">org.slf4j.Logger</rule-property>
<rule-property name="sensitivePackages">io.github.dgroup.arch4u.pmd.test_entity</rule-property>
<expected-problems>0</expected-problems>
<code><![CDATA[
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import io.github.dgroup.arch4u.pmd.test_entity.Person;
public class MyClass {
private static final org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(MyClass.class);
private Func<Person, String> obfuscation = person -> person.getId().toString();
public void process(Person person) {
log.debug("Got {}", this.obfuscation.apply(person)); // ok
}
}
]]></code>
</test-code>
</test-data>

0 comments on commit 6d647ec

Please sign in to comment.