Add autosynth examples (#56)

Add code examples for autosynthesized rules

Author: awsgaucho

build.gradle

@@ -41,6 +41,7 @@ dependencies {
     implementation("com.amazonaws:amazon-kinesis-client:1.6.3")
     implementation("com.amazonaws:aws-java-sdk-ssm:1.11.201")
     implementation("io.netty:netty-all:4.1.72.Final")
+    implementation("io.grpc:grpc-netty:1.44.0")
     implementation("org.springframework.security:spring-security-config:5.6.1")
     implementation("org.springframework:spring-web:5.3.14")
     implementation("org.springframework:spring-webmvc:5.3.14")
@@ -56,5 +57,5 @@ dependencies {
     implementation("com.android.support:support-annotations:27.1.1")
     implementation("com.google.code.findbugs:jsr305:3.0.2")
     implementation("com.amazonaws:aws-java-sdk-dynamodb:1.12.133")
+    implementation("com.google.android:android:4.1.1.4")
 }
-

src/java/detectors/inefficient_apis/InefficientApis.java

@@ -0,0 +1,49 @@
+package rules.inefficient_apis;
+
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import com.google.common.collect.Maps;
+import java.util.HashMap;
+import java.util.Map;
+
+class InefficientApis extends Activity {
+
+    // {fact rule=inefficient-apis@v1.0 defects=1}
+    Map<String, Object> copyMapNonCompliant(Map<String, Object> parameterMap) {
+        // Noncompliant: map will be rehashed after 75% of all keys have been added to the map.
+        Map<String, Object> map = new HashMap<String, Object>(parameterMap.size());
+        for (Map.Entry<String, Object> entry : parameterMap.entrySet()) {
+            map.put(entry.getKey(), entry.getValue());
+        }
+        return map;
+    }
+    // {/fact}
+
+    // {fact rule=inefficient-apis@v1.0 defects=0}
+    Map<String, Object> copyMapCompliant(Map<String, Object> parameterMap) {
+        // Compliant: map will not be rehashed because its expected size is provided.
+        Map<String, Object> map = Maps.newHashMapWithExpectedSize(parameterMap.size());
+        for (Map.Entry<String, Object> entry : parameterMap.entrySet()) {
+            map.put(entry.getKey(), entry.getValue());
+        }
+        return map;
+    }
+    // {/fact}
+
+    // {fact rule=inefficient-apis@v1.0 defects=1}
+    public String getMessageNonCompliant(Bundle savedInstanceState) {
+        Intent intent = getIntent();
+        // Noncompliant: using Serializable to pass data between different Android components.
+        return (String) intent.getSerializableExtra("message");
+    }
+    // {/fact}
+
+    // {fact rule=inefficient-apis@v1.0 defects=0}
+    public String getMessageCompliant(Bundle savedInstanceState) {
+        Intent intent = getIntent();
+        // Compliant: using Parcelable to pass data between different Android components.
+        return intent.getParcelableExtra("message");
+    }
+    // {/fact}
+}

src/java/detectors/missing_check_on_android_startactivity/MissingCheckOnAndroidStartActivity.java

@@ -0,0 +1,25 @@
+package rules.missing_check_on_android_startactivity;
+
+import android.content.Context;
+import android.content.Intent;
+
+class MissingCheckOnAndroidStartActivity {
+
+    // {fact rule=missing-check-on-android-startactivity@v1.0 defects=1}
+    public void startActivityNonCompliant(Context context, Intent shareIntent) {
+        // Noncompliant: there might be no application on the device to receive the implicit intent.
+        context.startActivity(shareIntent);
+    }
+    // {/fact}
+
+    // {fact rule=missing-check-on-android-startactivity@v1.0 defects=0}
+    public boolean startActivityCompliant(Context context, Intent shareIntent) {
+        if (shareIntent.resolveActivity(context.getPackageManager()) != null) {
+            // Compliant: called only if there is an application on the device to receive the implicit intent.
+            context.startActivity(shareIntent);
+            return true;
+        }
+        return false;
+    }
+    // {/fact}
+}

src/java/detectors/missing_check_on_createnewfile/MissingCheckOnCreateNewFile.java

@@ -0,0 +1,31 @@
+package rules.missing_check_on_createnewfile;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Optional;
+import lombok.extern.log4j.Log4j;
+
+@Log4j
+class MissingCheckOnCreateNewFile {
+
+    // {fact rule=missing-check-on-createnewfile@v1.0 defects=1}
+    public File createFileNonCompliant(File outputFolder, final String fileName) throws IOException {
+        File file = new File(outputFolder, fileName);
+        // Noncompliant: does not check if createNewFile succeeded or failed.
+        file.createNewFile();
+        return file;
+    }
+    // {/fact}
+
+    // {fact rule=missing-check-on-createnewfile@v1.0 defects=0}
+    public Optional<File> createFileCompliant(File outputFolder, final String fileName) throws IOException {
+        File file = new File(outputFolder, fileName);
+        // Compliant: handles the case when createNewFile fails.
+        if (!file.createNewFile()) {
+            log.debug("File already exists, using existing file " + file.getAbsolutePath() + ".");
+            return Optional.empty();
+        }
+        return Optional.of(file);
+    }
+    // {/fact}
+}

src/java/detectors/missing_check_on_method_output/MissingCheckOnMethodOutput.java

@@ -0,0 +1,49 @@
+package rules.missing_check_on_method_output;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import lombok.extern.log4j.Log4j;
+
+@Log4j
+class MissingCheckOnMethodOutput {
+
+    // {fact rule=missing-check-on-method-output@v1.0 defects=1}
+    private void writeMessageNonCompliant(String dirName, String fileName, String message) {
+        try {
+            File dir = new File(dirName);
+            if (!dir.exists()) {
+                // Noncompliant: code does not handle the case when mkdirs fails.
+                dir.mkdirs();
+            }
+            try (FileOutputStream fos = new FileOutputStream(new File(dir, fileName))) {
+                fos.write(message.getBytes());
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+    // {/fact}
+
+    // {fact rule=missing-check-on-method-output@v1.0 defects=0}
+    private void writeMessageCompliant(String dirName, String fileName, String message) {
+        try {
+            File dir = new File(dirName);
+            boolean ok = true;
+            if (!dir.exists()) {
+                // Compliant: code handles the case when mkdirs fails.
+                ok = dir.mkdirs();
+            }
+            if (ok) {
+                try (FileOutputStream fos = new FileOutputStream(new File(dir, fileName))) {
+                    fos.write(message.getBytes());
+                }
+            } else {
+                log.warn("output directory not created");
+            }
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+    // {/fact}
+}

src/java/detectors/missing_getcause_on_invocationtargetexception/MissingGetCauseOnInvocationTargetException.java

@@ -0,0 +1,26 @@
+package rules.missing_getcause_on_invocationtargetexception;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+class MissingGetCauseOnInvocationTargetException {
+
+    // {fact rule=missing-getcause-on-invocationtargetexception@v1.0 defects=1}
+    public Object invokeMethodNonCompliant(Method method, Object[] args) throws Throwable {
+        // Noncompliant: InvocationTargetException is not caught.
+        return method.invoke(args);
+    }
+    // {/fact}
+
+    // {fact rule=missing-getcause-on-invocationtargetexception@v1.0 defects=0}
+    public Object invokeMethodCompliant(Object proxy, Method method, Object[] args) throws Throwable {
+        try {
+            // Compliant: InvocationTargetException is caught and e.getCause() is propagated further.
+            Object returnValue = method.invoke(args);
+            return returnValue;
+        } catch (InvocationTargetException e) {
+            throw e.getTargetException();
+        }
+    }
+    // {/fact}
+}

src/java/detectors/missing_timeout_check_on_awaittermination/MissingTimeoutCheckOnAwaitTermination.java

@@ -0,0 +1,35 @@
+package rules.missing_timeout_check_on_awaittermination;
+
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.TimeUnit;
+import lombok.extern.log4j.Log4j;
+
+@Log4j
+class MissingTimeoutCheckOnAwaitTermination {
+
+    // {fact rule=missing-timeout-check-on-awaittermination@v1.0 defects=1}
+    public void shutdownNonCompliant(ExecutorService executor) {
+        executor.shutdown();
+        try {
+            // Noncompliant: awaitTermination might silently time out before all threads finish their execution.
+            executor.awaitTermination(10, TimeUnit.SECONDS);
+        } catch (InterruptedException e) {
+            log.warn("Failed to wait for all tasks to finish", e);
+        }
+    }
+    // {/fact}
+
+    // {fact rule=missing-timeout-check-on-awaittermination@v1.0 defects=0}
+    public void shutdownCompliant(ExecutorService executor) {
+        executor.shutdown();
+        try {
+            // Compliant: code handles the case when awaitTermination times out.
+            if (!executor.awaitTermination(10, TimeUnit.SECONDS)) {
+                log.warn("Failed to terminate executor");
+            }
+        } catch (InterruptedException e) {
+            log.warn("Failed to wait for all tasks to finish", e);
+        }
+    }
+    // {/fact}
+}

src/java/detectors/missing_timeout_check_on_latch_await/MissingTimeoutCheckOnLatchAwait.java

@@ -0,0 +1,34 @@
+package rules.missing_timeout_check_on_latch_await;
+
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.TimeoutException;
+
+class MissingTimeoutCheckOnLatchAwait {
+
+    private volatile Object result = null;
+    private CountDownLatch completionLatch = new CountDownLatch(1);
+
+    // {fact rule=missing-timeout-check-on-latch-await@v1.0 defects=1}
+    public Object getResultNonCompliant(long timeout, TimeUnit unit)
+        throws InterruptedException, ExecutionException, TimeoutException {
+
+        // Noncompliant: code does not check if await timed out or the latch counted down to zero.
+        completionLatch.await(timeout, unit);
+        return result;
+    }
+    // {/fact}
+
+    // {fact rule=missing-timeout-check-on-latch-await@v1.0 defects=0}
+    public Object getResultCompliant(long timeout, TimeUnit unit)
+        throws InterruptedException, ExecutionException, TimeoutException {
+
+        // Compliant: code handles the case when await times out.
+        if (!completionLatch.await(timeout, unit)) {
+            throw new TimeoutException();
+        }
+        return result;
+    }
+    // {/fact}
+}

src/java/detectors/old_android_features/OldAndroidFeatures.java

@@ -0,0 +1,32 @@
+package rules.old_android_features;
+
+import android.app.Activity;
+import android.content.Context;
+import android.view.LayoutInflater;
+import android.view.View;
+import android.view.ViewGroup;
+import android.widget.TextView;
+
+import stubs.ViewHolder;
+
+class OldAndroidFeatures extends Activity {
+
+    int layoutResourceId = 0;
+
+    // {fact rule=old-android-features@v1.0 defects=1}
+    public ViewHolder onCreateViewHolderNonCompliant(ViewGroup parent, int viewType) {
+        // Noncompliant: layout is created programmatically in code, without using the LayoutInflater.
+        return new ViewHolder(new TextView(parent.getContext()));
+    }
+    // {/fact}
+
+    // {fact rule=old-android-features@v1.0 defects=0}
+    public ViewHolder onCreateViewHolderCompliant(ViewGroup parent, int viewType) {
+        final Context context = parent.getContext();
+        // Compliant: LayoutInflater is used to inflate views.
+        LayoutInflater inflater = LayoutInflater.from(context);
+        View itemView = inflater.inflate(layoutResourceId, parent, false);
+        return new ViewHolder(itemView);
+    }
+    // {/fact}
+}

src/java/detectors/output_ignored_on_movetofirst_operation/OutputIgnoredOnMoveToFirstOperation.java

@@ -0,0 +1,32 @@
+package rules.output_ignored_on_movetofirst_operation;
+
+import android.content.Context;
+import android.database.Cursor;
+import android.net.Uri;
+
+class OutputIgnoredOnMoveToFirstOperation {
+
+    // {fact rule=output-ignored-on-movetofirst-operation@v1.0 defects=1}
+    public static String getDataFromURINonCompliant(Context context, Uri uri) {
+        String[] columns = { "name", "address" };
+        try (Cursor cursor = context.getContentResolver().query(uri, columns, null, null, null)) {
+            // Noncompliant: code does not check if the cursor is empty.
+            cursor.moveToFirst();
+            return cursor.getString(0);
+        }
+    }
+    // {/fact}
+
+    // {fact rule=output-ignored-on-movetofirst-operation@v1.0 defects=0}
+    public static String getDataFromURICompliant(Context context, Uri uri) {
+        String[] columns = { "name", "address" };
+        try (Cursor cursor = context.getContentResolver().query(uri, columns, null, null, null)) {
+            // Compliant: code handles the case when the cursor is empty.
+            if (!cursor.moveToFirst()) {
+                return null;
+            }
+            return cursor.getString(0);
+        }
+    }
+    // {/fact}
+}