By default, prevent BugCheckers from introducing new dependencies
#308
Conversation
| * the given context. | ||
| * | ||
| * @param state The context under consideration. | ||
| * @return {@code true} iff if it is okay to assume or create a dependency on this library. |
There was a problem hiding this comment.
| * @return {@code true} iff if it is okay to assume or create a dependency on this library. | |
| * @return {@code true} iff it is okay to assume or create a dependency on this library. |
...r-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/ThirdPartyLibrary.java
Show resolved
Hide resolved
| @@ -48,7 +49,8 @@ public final class ScheduledTransactionTrace extends BugChecker implements Metho | |||
|
|
|||
| @Override | |||
| public Description matchMethod(MethodTree tree, VisitorState state) { | |||
| if (!IS_SCHEDULED.matches(tree, state)) { | |||
| if (!ThirdPartyLibrary.NEW_RELIC_AGENT_API.canUse(state) | |||
There was a problem hiding this comment.
Do we want to add ThirdPartyLibary to StaticImport#STATIC_IMPORT_EXEMPTED_MEMBERS?
There was a problem hiding this comment.
I see a +1, so will do.
| @@ -48,7 +49,8 @@ public final class ScheduledTransactionTrace extends BugChecker implements Metho | |||
|
|
|||
| @Override | |||
| public Description matchMethod(MethodTree tree, VisitorState state) { | |||
| if (!IS_SCHEDULED.matches(tree, state)) { | |||
| if (!ThirdPartyLibrary.NEW_RELIC_AGENT_API.canUse(state) | |||
...r-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/ThirdPartyLibrary.java
Show resolved
Hide resolved
| * @param state The context under consideration. | ||
| * @return {@code true} iff it is okay to assume or create a dependency on this library. | ||
| */ | ||
| public boolean canUse(VisitorState state) { |
There was a problem hiding this comment.
Note to self: ponder a better name. I didn't select isSupported because it doesn't seem to jive with IGNORE_CLASSPATH_COMPAT_FLAG, but perhaps we should use that name anyway. Or perhaps something else?
There was a problem hiding this comment.
I think canUse is fine, especially if we plan to add more fine-grained control.
In this case I think canUse makes more sense than isSupported (or isAvailable) as the library might be available on the classpath, but like the XXX mentions new usages could be undesirable.
There was a problem hiding this comment.
Yeah I was also thinking about this.
isAllowedToUse (is allowed might a bit more "accurate" as shouldIgnoreClasspath is part of that check, although it is very similar to canUse)?
There was a problem hiding this comment.
I like "allowed". How about isIntroductionAllowed? (Will push, but feel free to challenge.)
There was a problem hiding this comment.
Read the Javadocs and goal of the class again.
Have three other options: isUsageAllowed, isReferencingAllowed, isReferenceAllowed.
To me, the ThirdPartyLibrary#isIntroductionAllowed sounds a bit like the question: Is it okay if we introduce this third party library (at all)? The name of the method does not 100% match with the Javadoc of the class, as it mentions "introducing references". So I'd say that isReferencingAllowed could make the whole intent of the class even clearer (and is for that reason the one I like most). WDYT?
There was a problem hiding this comment.
We discussed this offline for a while.
@Stephan202 explained his reasoning behind isIntroductionAllowed. I see where you are coming from and it is a good reasoning. He gave the example that one might use Guava but wishes to migrate away from it and therefore using / introducing new usages is not allowed. I'm fine with following the proposed change but, to be honest, I'm not 100% convinced yet and feel isUsingAllowed or isIntroducingUsageAllowed would be the clearest option 🤔. Don't have additional arguments besides the ones already mentioned, sorry.
| .errorProneOptions() | ||
| .getFlags() | ||
| .getBoolean(IGNORE_CLASSPATH_COMPAT_FLAG) | ||
| .orElse(Boolean.FALSE); |
There was a problem hiding this comment.
| .orElse(Boolean.FALSE); | |
| .orElse(false); |
What's the reason for using Boolean.FALSE over just false 🤔
There was a problem hiding this comment.
Because the getBoolean expects a Boolean and otherwise there would be an implicit cast from the boxed false variant.
error-prone-contrib/pom.xml
Outdated
| <dependency> | ||
| <groupId>org.springframework</groupId> | ||
| <artifactId>spring-context</artifactId> | ||
| <scope>provided</scope> |
There was a problem hiding this comment.
| <scope>provided</scope> | |
| <scope>test</scope> |
Considering org.springframework.scheduling.annotation.Scheduled is only explicitly used in ScheduledTransactionTraceTest shouldn't using <scope>test</scope> be enough?
| @SuppressWarnings("ImmutableEnumChecker" /* Supplier is deterministic. */) | ||
| private final Supplier<Boolean> canUse; | ||
|
|
||
| ThirdPartyLibrary(String witnessFqcn) { |
There was a problem hiding this comment.
IMO it would be nice to add some Javadoc here. I understand what witnessFqcn is in this context, but might be nice to add some explanation here as well.
| * @param state The context under consideration. | ||
| * @return {@code true} iff it is okay to assume or create a dependency on this library. | ||
| */ | ||
| public boolean canUse(VisitorState state) { |
There was a problem hiding this comment.
Yeah I was also thinking about this.
isAllowedToUse (is allowed might a bit more "accurate" as shouldIgnoreClasspath is part of that check, although it is very similar to canUse)?
| .errorProneOptions() | ||
| .getFlags() | ||
| .getBoolean(IGNORE_CLASSPATH_COMPAT_FLAG) | ||
| .orElse(Boolean.FALSE); |
There was a problem hiding this comment.
Because the getBoolean expects a Boolean and otherwise there would be an implicit cast from the boxed false variant.
...r-prone-contrib/src/main/java/tech/picnic/errorprone/bugpatterns/util/ThirdPartyLibrary.java
Show resolved
Hide resolved
|
Thanks for the review and fix @oxkitsune and @rickie! I'll circle back to this PR ~later today (many meetings; let's see :D). |
Stephan202
force-pushed
the
sschroevers/better-classpath-awareness
branch
from
f64bf4d to
13c862b
Compare
| * @param state The context under consideration. | ||
| * @return {@code true} iff it is okay to assume or create a dependency on this library. | ||
| */ | ||
| public boolean canUse(VisitorState state) { |
There was a problem hiding this comment.
I like "allowed". How about isIntroductionAllowed? (Will push, but feel free to challenge.)
| @@ -48,7 +49,8 @@ public final class ScheduledTransactionTrace extends BugChecker implements Metho | |||
|
|
|||
| @Override | |||
| public Description matchMethod(MethodTree tree, VisitorState state) { | |||
| if (!IS_SCHEDULED.matches(tree, state)) { | |||
| if (!ThirdPartyLibrary.NEW_RELIC_AGENT_API.canUse(state) | |||
There was a problem hiding this comment.
I see a +1, so will do.
| @@ -102,7 +102,8 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa | |||
| "org.springframework.http.MediaType", | |||
| "org.testng.Assert", | |||
| "reactor.function.TupleUtils", | |||
| "tech.picnic.errorprone.bugpatterns.util.MoreTypes"); | |||
| "tech.picnic.errorprone.bugpatterns.util.MoreTypes", | |||
| "tech.picnic.errorprone.bugpatterns.util.ThirdPartyLibrary"); | |||
There was a problem hiding this comment.
This doesn't cause the enum values to be statically imported. Need to investigate before merging this PR.
| @@ -189,7 +190,8 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa | |||
| "INSTANCE", | |||
| "newBuilder", | |||
| "of", | |||
| "valueOf"); | |||
| "valueOf", | |||
| "values"); | |||
There was a problem hiding this comment.
... but ThirdPartyLibrary.values(), would be statically imported, which is not something we want.
There was a problem hiding this comment.
This should also be reverted.
|
Note that I mention in this comment that I want to add it to the
This is not true right? It would be prevented in the So I want to propose that I add a commit to move it. Which means that we defer looking into the issue with not importing 🤔. WDYT? |
|
I see that we currently only allow to exempt specific members using |
Stephan202
force-pushed
the
sschroevers/better-classpath-awareness
branch
from
b8fd499 to
fec8d52
Compare
There was a problem hiding this comment.
Rebased and added a commit. As discussed offline: will merge once built.
Note that I mention in this comment that I want to add it to the
STATIC_IMPORT_EXEMPTED_MEMBERSbecause I don't like statically importing this one. Primarily as it would mean loosing some context.
Okay, I misread that (but find it rather surprising; I don't see any issue with statically importing these, as long as it'd be done consistently 🤷).
... but ThirdPartyLibrary.values(), would be statically imported, which is not something we want.
This is not true right? It would be prevented in the
isCandidatemethod because it sees thatvaluesis inSTATIC_IMPORT_EXEMPTED_IDENTIFIERS.
Yes, because I added values in the context of this PR after making this observation...
| @@ -189,7 +190,8 @@ public final class StaticImport extends BugChecker implements MemberSelectTreeMa | |||
| "INSTANCE", | |||
| "newBuilder", | |||
| "of", | |||
| "valueOf"); | |||
| "valueOf", | |||
| "values"); | |||
There was a problem hiding this comment.
This should also be reverted.
I think it is a bit less clear 🤷🏻.
Ahh I missed that change 😂, that's why I didn't revert it haha. Thanks for fixing that 😉. |
As-is, this is especially relevant for users who do not use Guava or the New Relic Agent API, as mentioned here. Note that most
BugCheckers don't need to be modified, since any third-party references in their suggestions must already be present if the check is to trigger at all.Suggested commit message:
We should implement something similar for Refaster, but that will look quite different (and is out of scope for this PR).