Allow to set severity per signature

[kwin]

This closes #252 and #219

[kwin]

@uschindler I don't know enough about Gradle to add that functionality there as well. Is it acceptable to only allow that parametrisation from Maven for now?

[uschindler]

I have not checked this at all. You also need to add the command line settings. Gradle is as simple as Maven. Just add getters and setters like in Maven or Ant.

[kwin]

@uschindler Any chance to include this in a release?

[uschindler]

Oh haven't seen that you updated it for Gradle.... Will need to review

[uschindler]

This looks good. I like that we now have finally a SuppressionResult. All the methods returning String was a bit of desaster. I wanted to change this since long time, but it was too much work. But you took care of it. Thanks!
There is a small incompatibility with Java 7 (the current minimum version), I will fix it! (Map#getOrDefault() is missing).

[uschindler]

getOrDefault does not exist in Java 7, which is still minimum version. Will fix this later.

[uschindler]

This is the compile failure with Java 7:

compile:
    [mkdir] Created dir: C:\Users\Uwe Schindler\Projects\lucene\forbidden-apis\forbidden-apis\build\main
     [copy] Copying 87 files to C:\Users\Uwe Schindler\Projects\lucene\forbidden-apis\forbidden-apis\build\main
    [javac] Compiling 29 source files to C:\Users\Uwe Schindler\Projects\lucene\forbidden-apis\forbidden-apis\build\main
    [javac] C:\Users\Uwe Schindler\Projects\lucene\forbidden-apis\forbidden-apis\src\main\java\de\thetaphi\forbiddenapis\Signatures.java:451: error: cannot find symbol
    [javac]     return severityPerSignature.getOrDefault(key, failOnViolation ? ViolationSeverity.ERROR : ViolationSeverity.WARNING);
    [javac]                                ^
    [javac]   symbol:   method getOrDefault(String,ViolationSeverity)
    [javac]   location: variable severityPerSignature of type Map<String,ViolationSeverity>
    [javac] 1 error

[uschindler]

This commit fixes the Java 7 problem: 2a91113

I will do some further checks and adjust. This is a good first step. Thanks!

[uschindler]

I have to fix the ant task because it only allows to set supressed signature one (via attribute), but to set multiple ones.

For it to work there needs to be a subelement for this, e.g. look at this: https://github.com/policeman-tools/forbidden-apis/blob/main/src/main/java/de/thetaphi/forbiddenapis/ant/BundledSignaturesType.java

Of course documentation needs update, too.

[uschindler]

Hi @kwin,
can you look at PR #262. It fixes the problems with Ant configuration. Unfortunately, the Maven project config format is the worst for developing plugins like this as the types allowed in the maven config are just key/multi-values with fixed types only. Theres no real structure possible.

Ant was changed to add the severityOverride using subelements:

    <forbiddenapis classpathref="path.all" targetVersion="${jdk.version}">
      <fileset refid="main.classes"/>
      <bundledSignatures name="jdk-unsafe"/>
      java.util.Locale#ENGLISH @ We are speaking chinese here!
      java.lang.** @ You are crazy that you disallow all java.lang
      java.io.** @ You are crazy that you disallow all java.io
      <severityOverride severity="warning">java.util.Locale#ENGLISH</severityOverride>
      <severityOverride severity="debug">
        java.lang.**
        java.io.**
      </severityOverride>
    </forbiddenapis>

I will have a separate look at Gradle, too. Gradle is also more flexible, so it might be better to set the priority using a "map" like structure there, too. Gradle is not limited to simple setters, you can call all the methods provided by the task. So separating into the 2 lists of sigantures is not ideal.

If I do not have a better idea, I'd like to release 3.9 soon. People are waiting already.

Can you just have a quick look on the PR?

[uschindler]

I marked the new API/setting with @Incubating in the Gradle task.