Merge branch 'main' of https://github.com/policeman-tools/forbidden-apis into scanjar

Author: uschindler

build.xml

@@ -71,6 +71,7 @@
       <equals arg1="${-cleaned.specification.version}" arg2="21"/>
       <equals arg1="${-cleaned.specification.version}" arg2="22"/>
       <equals arg1="${-cleaned.specification.version}" arg2="23"/>
+      <equals arg1="${-cleaned.specification.version}" arg2="24"/>
     </or>
   </condition>
 

ivy.xml

@@ -18,7 +18,7 @@
   <!ENTITY maven.api.version "3.1.0">
   <!ENTITY aether.api.version "0.9.0.M2">
   <!ENTITY gradle.version "3.4">
-  <!ENTITY asm.version "9.7.1">
+  <!ENTITY asm.version "9.8">
   <!ENTITY jarjar.asm.version "5.2">
 ]>
 <ivy-module version="2.0">

src/main/docs/ant-task.html

@@ -73,6 +73,20 @@ <h2>Parameters</h2>
   <td>Name of a <a href="bundled-signatures.html">built-in signatures</a> file.</td>
 </tr>
 
+<tr>
+  <td>signaturesWithSeveritySuppress</td>
+  <td><code>String</code></td>
+  <td></td>
+  <td>A forbidden API signature for which violations should not be reported at all (i.e. neither fail the build nor appear in the logs). This takes precedence over<code>failOnViolation</code> and <code>signaturesWithSeverityWarn</code>.</td>
+</tr>
+
+<tr>
+  <td>signaturesWithSeverityWarn</td>
+  <td><code>String</code></td>
+  <td></td>
+  <td>A forbidden API signature for which violations should be reported as warnings (i.e. not fail the build). This takes precedence over<code>failOnViolation</code>.</td>
+</tr>
+
 <tr>
   <td>classpath</td>
   <td><code>Path</code></td>
@@ -184,7 +198,7 @@ <h2>Parameters specified as nested elements</h2>
 
 <p>This task supports all <a href="https://ant.apache.org/manual/Types/resources.html">Ant resource</a> types
 (<code>fileset</code>, <code>filelist</code>, <code>file</code>, <code>tarfileset</code>, <code>zipfileset</code>,...)
-and uses all class files from them. It automatically adds an implcit filter to file names ending in <code>'.class'</code>,
+and uses all class files from them. It automatically adds an implicit filter to file names ending in <code>'.class'</code>,
 so you don't need to add this as include attribute to those collections.</p>
 
 <p>You can also pass one or multiple <code>classpath</code> elements to form a classpath. Ideally use the same configuration like the <code>javac</code> task.</p>

src/main/docs/bundled-signatures.html

@@ -29,14 +29,14 @@ <h1>Bundled Signatures Documentation</h1>
 <li><strong><tt>jdk-unsafe-*</tt>:</strong> Signatures
 of &quot;unsafe&quot; methods that use default charset, default locale, or default timezone. For server applications it is very
 stupid to call those methods, as the results will definitely not what the user wants
-(for Java <tt>*</tt> = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version).</li>
+(for Java <tt>*</tt> = 1.7, 1.8, 9,..., 24; Ant / Maven / Gradle automatically add the compile Java version).</li>
 
 <li><strong><tt>jdk-deprecated-*</tt>:</strong> This disallows all deprecated
-methods from the JDK (for Java <tt>*</tt> = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version).</li>
+methods from the JDK (for Java <tt>*</tt> = 1.7, 1.8, 9,..., 24; Ant / Maven / Gradle automatically add the compile Java version).</li>
 
 <li><strong><tt>jdk-internal-*</tt>:</strong> Lists all internal packages of the JDK as of <code>Security.getProperty(&quot;package.access&quot;)</code>.
 Calling those methods will always trigger security manager and is completely forbidden from Java 9 on
-(for Java <tt>*</tt> = 1.7, 1.8, 9,..., 23; Ant / Maven / Gradle automatically add the compile Java version, <em>since forbiddenapis v2.1</em>).</li>
+(for Java <tt>*</tt> = 1.7, 1.8, 9,..., 24; Ant / Maven / Gradle automatically add the compile Java version, <em>since forbiddenapis v2.1</em>).</li>
 
 <li><strong><tt>jdk-non-portable</tt>:</strong> Signatures of all non-portable (like <code>com.sun.management.HotSpotDiagnosticMXBean</code>)
 or internal runtime APIs (like <code>sun.misc.Unsafe</code>). This is a superset of <tt>jdk-internal</tt>.<br>
@@ -53,7 +53,7 @@ <h1>Bundled Signatures Documentation</h1>
 
 <li><strong><tt>commons-io-unsafe-*</tt>:</strong> If your application uses the famous <i>Apache Common-IO</i> library,
 this adds signatures of all methods that depend on default charset
-(for versions <tt>*</tt> = 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.15.1, 2.16.0, 2.16.1, 2.17.0).</li>
+(for versions <tt>*</tt> = 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8.0, 2.9.0, 2.10.0, 2.11.0, 2.12.0, 2.13.0, 2.14.0, 2.15.0, 2.15.1, 2.16.0, 2.16.1, 2.17.0, 2.18.0).</li>
 
 </ul>
 

src/main/java/de/thetaphi/forbiddenapis/Checker.java

@@ -30,6 +30,7 @@
 import java.net.URL;
 import java.net.URLConnection;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
@@ -58,6 +59,10 @@ public static enum Option {
     DISABLE_CLASSLOADING_CACHE
   }
 
+  public enum ViolationSeverity {
+      ERROR, WARNING, INFO, DEBUG, SUPPRESS
+  }
+
   public final boolean isSupportedJDK;
 
   private final long start;
@@ -360,6 +365,11 @@ public boolean noSignaturesFilesParsed() {
     return forbiddenSignatures.noSignaturesFilesParsed();
   }
 
+  /** Adjusts the severity of a specific signature. */
+  public void setSignaturesSeverity(Collection<String> signatures, ViolationSeverity severity) throws ParseException, IOException {
+    forbiddenSignatures.setSignaturesSeverity(signatures, severity);
+  }
+  
   /** Parses and adds a class from the given stream to the list of classes to check. Closes the stream when parsed (on Exception, too)! Does not log anything. */
   public void addClassToCheck(final InputStream in, String name) throws IOException {
     final ClassReader reader;
@@ -417,7 +427,7 @@ public void addSuppressAnnotation(String annoName) {
   /** Parses a class and checks for valid method invocations */
   private int checkClass(ClassMetadata c, Pattern suppressAnnotationsPattern) throws ForbiddenApiException {
     final String className = c.getBinaryClassName();
-    final ClassScanner scanner = new ClassScanner(c, this, forbiddenSignatures, suppressAnnotationsPattern); 
+    final ClassScanner scanner = new ClassScanner(c, this, forbiddenSignatures, suppressAnnotationsPattern, options.contains(Option.FAIL_ON_VIOLATION)); 
     try {
       c.getReader().accept(scanner, ClassReader.SKIP_FRAMES);
     } catch (RelatedClassLoadingException rcle) {
@@ -452,12 +462,31 @@ private int checkClass(ClassMetadata c, Pattern suppressAnnotationsPattern) thro
     }
     final List<ForbiddenViolation> violations = scanner.getSortedViolations();
     final Pattern splitter = Pattern.compile(Pattern.quote(ForbiddenViolation.SEPARATOR));
+    int numErrors = 0;
     for (final ForbiddenViolation v : violations) {
+      if (v.severity == ViolationSeverity.ERROR) {
+        numErrors++;
+      }
       for (final String line : splitter.split(v.format(className, scanner.getSourceFile()))) {
-        logger.error(line);
+        switch (v.severity) {
+        case DEBUG:
+          logger.debug(line);
+          break;
+        case INFO:
+          logger.info(line);
+          break;
+        case WARNING:
+          logger.warn(line);
+          break;
+        case ERROR:
+          logger.error(line);
+          break;
+        default:
+          break;
+        }
       }
     }
-    return violations.size();
+    return numErrors;
   }
 
   public void run() throws ForbiddenApiException {
@@ -483,5 +512,4 @@ public void run() throws ForbiddenApiException {
       logger.info(message);
     }
   }
-  
 }