access-modifier-annotation/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <artifactId>access-modifier</artifactId>
     <groupId>org.kohsuke</groupId>
-    <version>1.14</version>
+    <version>1.16</version>
   </parent>
   <artifactId>access-modifier-annotation</artifactId>
 
@@ -14,7 +14,7 @@
     <dependency>
       <groupId>org.jenkins-ci</groupId>
       <artifactId>annotation-indexer</artifactId>
-      <version>1.4</version>
+      <version>1.12</version>
     </dependency>
     <dependency>
       <groupId>org.ow2.asm</groupId>

access-modifier-annotation/src/main/java/org/kohsuke/accmod/AccessRestriction.java

@@ -38,7 +38,7 @@ import org.kohsuke.accmod.restrictions.None;
  * <p>
  * Single execution of the enforcement check would create at most one instance
  * of a given {@link AccessRestriction} type, so instance fields can be used to store
- * heavy-weight objects or other indicies that you might need for implementing
+ * heavy-weight objects or other indices that you might need for implementing
  * access control checks. 
  *
  * @author Kohsuke Kawaguchi

access-modifier-checker/pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <artifactId>access-modifier</artifactId>
     <groupId>org.kohsuke</groupId>
-    <version>1.14</version>
+    <version>1.16</version>
   </parent>
   <artifactId>access-modifier-checker</artifactId>
   <packaging>maven-plugin</packaging>
@@ -22,6 +22,11 @@
       <artifactId>access-modifier-annotation</artifactId>
       <version>${project.version}</version>
     </dependency>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>access-modifier-suppressions</artifactId>
+      <version>${project.version}</version>
+    </dependency>
     <dependency>
       <groupId>org.ow2.asm</groupId>
       <artifactId>asm-debug-all</artifactId>

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/api/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>disable-restrictions-wrong-annotation</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>api</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>org.kohsuke</groupId>
+            <artifactId>access-modifier-annotation</artifactId>
+            <version>@project.version@</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/api/src/main/java/api/ApiWithRestrictedMethodAndField.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+public class ApiWithRestrictedMethodAndField {
+
+    @Restricted(NoExternalUse.class)
+    public String field;
+
+    @Restricted(NoExternalUse.class)
+    public static void notReallyPublic() {}
+}

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/api/src/main/java/api/RestrictedApi.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+@Restricted(NoExternalUse.class)
+public class RestrictedApi {
+
+    public String field;
+
+    public void doNotUse() {}
+}

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/api/src/main/java/api/RestrictedInterface.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+@Restricted(NoExternalUse.class)
+public interface RestrictedInterface {
+}

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/caller/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>disable-restrictions-wrong-annotation</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>caller</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.kohsuke</groupId>
+                <artifactId>access-modifier-checker</artifactId>
+                <version>@project.version@</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                    </execution>
+                </executions>
+           </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/caller/src/main/java/caller/Caller.java

+package caller;
+
+import api.ApiWithRestrictedMethodAndField;
+
+public class Caller {
+
+    @WrongAnnotation(ApiWithRestrictedMethodAndField.class)
+    public Caller() {
+        ApiWithRestrictedMethodAndField.notReallyPublic(); // illegal
+    }
+}

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/caller/src/main/java/caller/CallerDisabledAtClassLevel.java

+package caller;
+
+import api.ApiWithRestrictedMethodAndField;
+
+@WrongAnnotation(ApiWithRestrictedMethodAndField.class)
+public class CallerDisabledAtClassLevel {
+    public CallerDisabledAtClassLevel() {
+        ApiWithRestrictedMethodAndField.notReallyPublic(); // illegal
+    }
+}
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/caller/src/main/java/caller/WrongAnnotation.java

+/*
+ * The MIT License
+ *
+ * Copyright (c) 2018, Steve Arch
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package caller;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+@Retention(RUNTIME)
+@Documented
+@Target({ElementType.METHOD, ElementType.CONSTRUCTOR, ElementType.TYPE})
+public @interface WrongAnnotation {
+    Class<?>[] value();
+}

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/invoker.properties

+invoker.goals=clean package
+invoker.buildResult = failure

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>test</groupId>
+  <artifactId>disable-restrictions-wrong-annotation</artifactId>
+  <version>1.0-SNAPSHOT</version>
+  <packaging>pom</packaging>
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+  <modules>
+    <module>api</module>
+    <module>caller</module>
+  </modules>
+</project>
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions-wrong-annotation/postbuild.groovy

+assert new File(basedir, 'build.log').text.contains('[ERROR] caller/Caller:9 api/ApiWithRestrictedMethodAndField.notReallyPublic()V must not be used')
+assert new File(basedir, 'build.log').text.contains('[ERROR] caller/CallerDisabledAtClassLevel:8 api/ApiWithRestrictedMethodAndField.notReallyPublic()V must not be used')

access-modifier-checker/src/it/disable-restrictions/api/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>disable-restrictions</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>api</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>org.kohsuke</groupId>
+            <artifactId>access-modifier-annotation</artifactId>
+            <version>@project.version@</version>
+        </dependency>
+    </dependencies>
+</project>
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions/api/src/main/java/api/ApiWithRestrictedMethodAndField.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+public class ApiWithRestrictedMethodAndField {
+
+    @Restricted(NoExternalUse.class)
+    public String field;
+
+    @Restricted(NoExternalUse.class)
+    public static void notReallyPublic() {}
+}

access-modifier-checker/src/it/disable-restrictions/api/src/main/java/api/RestrictedApi.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+@Restricted(NoExternalUse.class)
+public class RestrictedApi {
+
+    public String field;
+
+    public void doNotUse() {}
+}

access-modifier-checker/src/it/disable-restrictions/api/src/main/java/api/RestrictedInterface.java

+package api;
+
+import org.kohsuke.accmod.Restricted;
+import org.kohsuke.accmod.restrictions.NoExternalUse;
+
+@Restricted(NoExternalUse.class)
+public interface RestrictedInterface {
+}

access-modifier-checker/src/it/disable-restrictions/caller/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>disable-restrictions</artifactId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <artifactId>caller</artifactId>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.kohsuke</groupId>
+            <artifactId>access-modifier-suppressions</artifactId>
+            <version>@project.version@</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.kohsuke</groupId>
+                <artifactId>access-modifier-checker</artifactId>
+                <version>@project.version@</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>enforce</goal>
+                        </goals>
+                    </execution>
+                </executions>
+           </plugin>
+        </plugins>
+    </build>
+</project>
\ No newline at end of file

access-modifier-checker/src/it/disable-restrictions/caller/src/main/java/caller/Caller.java

+package caller;
+
+import api.ApiWithRestrictedMethodAndField;
+import api.RestrictedApi;
+import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings;
+
+public class Caller extends ApiWithRestrictedMethodAndField { // This is fine, ApiWithRestrictedMethodAndField itself is not restricted
+
+    private RestrictedApi restrictedApi;
+
+    @SuppressRestrictedWarnings(ApiWithRestrictedMethodAndField.class)
+    public Caller() {
+        ApiWithRestrictedMethodAndField.notReallyPublic(); // illegal but check disabled at the method level
+    }
+
+    @SuppressRestrictedWarnings({RestrictedApi.class, ApiWithRestrictedMethodAndField.class})
+    private void invalidFieldUse() {
+        restrictedApi.field = null;
+        super.field = null;
+    }
+
+    @SuppressRestrictedWarnings(ApiWithRestrictedMethodAndField.class)
+    public void callerMethod() {
+        ApiWithRestrictedMethodAndField.notReallyPublic(); // illegal but check disabled at the method level
+    }
+
+    @SuppressRestrictedWarnings(RestrictedApi.class)
+    public void methodWithRestrictedParameter(RestrictedApi api) {
+        api.doNotUse(); // illegal but check disabled at the method level
+    }
+
+    @SuppressRestrictedWarnings(RestrictedApi.class)
+    public RestrictedApi getRestrictedApi() {
+        return new RestrictedApi(); // illegal but check disabled at the method level
+    }
+}