-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathGetClassGetResource.ql
More file actions
29 lines (27 loc) · 930 Bytes
/
GetClassGetResource.ql
File metadata and controls
29 lines (27 loc) · 930 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
/**
* @name Unsafe use of getResource
* @description Calling 'this.getClass().getResource()' may yield unexpected results if called from a
* subclass in another package.
* @kind problem
* @problem.severity warning
* @precision medium
* @id java/unsafe-get-resource
* @tags quality
* reliability
* correctness
*/
import java
from Class c, MethodCall getResource, MethodCall getClass
where
getResource.getNumArgument() = 1 and
(
getResource.getMethod().hasName("getResource") or
getResource.getMethod().hasName("getResourceAsStream")
) and
getResource.getQualifier() = getClass and
getClass.isOwnMethodCall() and
getClass.getNumArgument() = 0 and
getClass.getMethod().hasName("getClass") and
getResource.getEnclosingCallable().getDeclaringType() = c and
c.isPublic()
select getResource, "The idiom getClass().getResource() is unsafe for classes that may be extended."