Don't silently skip methods with private params

Throw an exception instead Fixes quarkusio#19177
stuartwdouglas · Nov 22, 2021 · 9a968a8 · 9a968a8
1 parent 84bdd79
commit 9a968a8
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java b/independent-projects/arc/processor/src/main/java/io/quarkus/arc/processor/Methods.java
@@ -541,7 +541,15 @@ public boolean test(MethodInfo method) {
                         continue; // hope for the best
                     }
                     if (Modifier.isPrivate(parameterClassInfo.flags())) {
-                        return true; // parameters whose class is private can not be loaded, as we would end up with IllegalAccessError when trying to access the use the load the class
+                        if (Modifier.isPrivate(method.flags())) {
+                            return true;
+                        }
+                        //non private method with private param type
+                        //this is really dangerous, as interceptors won't be applied but other things may work as normal
+                        //this can result in skipped security checks
+                        //just error out
+                        throw new RuntimeException("Method " + method + " on class " + method.declaringClass().name()
+                                + " has a private parameter on a non-private class. This will prevent it from being intercepted. Please either make the method private, or change the parameter type to be non-private.");
                     }
                     if (!Modifier.isPublic(parameterClassInfo.flags())) {
                         // parameters whose class is package-private and the package is not the same as the package of the method for which we are checking can not be loaded,