SONARJAVA-1416 - Generalization of unclosed opened resources

Author: DidierBesset

its/ruling/src/test/resources/sonar-server/squid-S2095.json

@@ -0,0 +1,8 @@
+{
+'org.codehaus.sonar:sonar-server:src/main/java/org/sonar/server/platform/BackendCleanup.java':[
+67,
+114,
+142,
+152,
+],
+}

java-squid/src/main/java/org/sonar/java/se/ExplodedGraphWalker.java

@@ -523,13 +523,15 @@ private void executeIdentifier(IdentifierTree tree) {
   }
 
   private void executeMemberSelect(MemberSelectExpressionTree mse) {
-    if (!"class".equals(mse.identifier().name())) {
+    if (!mse.parent().is(Tree.Kind.METHOD_INVOCATION)) {
+      if (!"class".equals(mse.identifier().name())) {
 
-      ProgramState.Pop unstackMSE = programState.unstackValue(1);
-      programState = unstackMSE.state;
+        ProgramState.Pop unstackMSE = programState.unstackValue(1);
+        programState = unstackMSE.state;
+      }
+      SymbolicValue mseValue = constraintManager.createSymbolicValue(mse);
+      programState = programState.stackValue(mseValue);
     }
-    SymbolicValue mseValue = constraintManager.createSymbolicValue(mse);
-    programState = programState.stackValue(mseValue);
   }
 
   public void clearStack(Tree tree) {

java-squid/src/main/java/org/sonar/java/se/ProgramState.java

@@ -29,6 +29,7 @@
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nullable;
+
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Deque;
@@ -42,11 +43,22 @@
 
 public class ProgramState {
 
+  public static class ConstrainedValue {
+
+    public final SymbolicValue value;
+    public final ObjectConstraint constraint;
+
+    ConstrainedValue(SymbolicValue value, ObjectConstraint constraint) {
+      this.value = value;
+      this.constraint = constraint;
+    }
+  }
+
   public static class Pop {
 
     public final ProgramState state;
-
     public final List<SymbolicValue> values;
+
     public Pop(ProgramState programState, List<SymbolicValue> result) {
       state = programState;
       values = result;
@@ -329,6 +341,38 @@ public SymbolicValue getValue(Symbol symbol) {
     return values.get(symbol);
   }
 
+  public List<ObjectConstraint> getConstraints(final Object state) {
+    final List<ObjectConstraint> result = new ArrayList<>();
+    constraints.forEach(new PMap.Consumer<SymbolicValue, Object>() {
+      @Override
+      public void accept(SymbolicValue value, Object valueConstraint) {
+        if (valueConstraint instanceof ObjectConstraint) {
+          ObjectConstraint constraint = (ObjectConstraint) valueConstraint;
+          if (constraint.hasStatus(state)) {
+            result.add(constraint);
+          }
+        }
+      }
+    });
+    return result;
+  }
+
+  public List<ConstrainedValue> getValuesWithConstraints(final Object state) {
+    final List<ConstrainedValue> result = new ArrayList<>();
+    constraints.forEach(new PMap.Consumer<SymbolicValue, Object>() {
+      @Override
+      public void accept(SymbolicValue value, Object valueConstraint) {
+        if (valueConstraint instanceof ObjectConstraint) {
+          ObjectConstraint constraint = (ObjectConstraint) valueConstraint;
+          if (constraint.hasStatus(state)) {
+            result.add(new ConstrainedValue(value, constraint));
+          }
+        }
+      }
+    });
+    return result;
+  }
+
   public List<ObjectConstraint> getFieldConstraints(final Object state) {
     final Set<SymbolicValue> valuesAssignedToFields = getFieldValues();
     final List<ObjectConstraint> result = new ArrayList<>();

java-squid/src/main/java/org/sonar/java/se/checks/UnclosedResourcesCheck.java

@@ -28,6 +28,7 @@
 import org.sonar.java.se.ConstraintManager;
 import org.sonar.java.se.ObjectConstraint;
 import org.sonar.java.se.ProgramState;
+import org.sonar.java.se.ProgramState.ConstrainedValue;
 import org.sonar.java.se.SymbolicValue;
 import org.sonar.java.se.SymbolicValueFactory;
 import org.sonar.plugins.java.api.JavaFileScanner;
@@ -43,10 +44,14 @@
 import org.sonar.plugins.java.api.tree.NewClassTree;
 import org.sonar.plugins.java.api.tree.ReturnStatementTree;
 import org.sonar.plugins.java.api.tree.Tree;
+import org.sonar.plugins.java.api.tree.TryStatementTree;
+import org.sonar.plugins.java.api.tree.VariableTree;
 import org.sonar.squidbridge.annotations.ActivatedByDefault;
 import org.sonar.squidbridge.annotations.SqaleConstantRemediation;
 import org.sonar.squidbridge.annotations.SqaleSubCharacteristic;
 
+import javax.annotation.Nullable;
+
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -61,20 +66,23 @@
 @SqaleConstantRemediation("5min")
 public class UnclosedResourcesCheck extends SECheck implements JavaFileScanner {
 
-  private enum States {
+  private enum Status {
     OPENED, CLOSED;
   }
 
+  private static final String JAVA_IO_AUTO_CLOSEABLE = "java.lang.AutoCloseable";
   private static final String JAVA_IO_CLOSEABLE = "java.io.Closeable";
   private static final String[] IGNORED_CLOSEABLE_SUBTYPES = {
     "java.io.ByteArrayOutputStream",
     "java.io.ByteArrayInputStream",
-    "java.io.StringReader",
-    "java.io.StringWriter",
     "java.io.CharArrayReader",
     "java.io.CharArrayWriter",
+    "java.io.StringReader",
+    "java.io.StringWriter",
     "com.sun.org.apache.xml.internal.security.utils.UnsyncByteArrayOutputStream"
   };
+  private static final String JAVA_SQL_STATEMENT = "java.sql.Statement";
+  private static final String[] JDBC_RESOURCE_CREATIONS = {"java.sql.Connection", JAVA_SQL_STATEMENT};
 
   static boolean needsClosing(Type type) {
     for (String ignoredTypes : IGNORED_CLOSEABLE_SUBTYPES) {
@@ -86,7 +94,7 @@ static boolean needsClosing(Type type) {
   }
 
   static boolean isCloseable(Type type) {
-    return type.isSubtypeOf(JAVA_IO_CLOSEABLE);
+    return type.isSubtypeOf(JAVA_IO_AUTO_CLOSEABLE) || type.isSubtypeOf(JAVA_IO_CLOSEABLE);
   }
 
   static boolean isOpeningResource(NewClassTree syntaxNode) {
@@ -97,18 +105,33 @@ static boolean isOpeningResource(NewClassTree syntaxNode) {
     return needsClosing(type);
   }
 
-  static boolean isWithinTryHeader(NewClassTree syntaxNode) {
+  static boolean isWithinTryHeader(Tree syntaxNode) {
     final Tree parent = syntaxNode.parent();
-    if (parent != null) {
-      final Tree grandParent = parent.parent();
-      if (grandParent != null) {
-        final Tree greatGrandParent = grandParent.parent();
-        return greatGrandParent != null && greatGrandParent.is(Tree.Kind.TRY_STATEMENT);
-      }
+    if (parent.is(Tree.Kind.VARIABLE)) {
+      return isTryStatementResource((VariableTree) parent);
     }
     return false;
   }
 
+  static boolean isTryStatementResource(VariableTree variable) {
+    final TryStatementTree tryStatement = getEnclosingTryStatement(variable);
+    if (tryStatement != null) {
+      return tryStatement.resources().contains(variable);
+    }
+    return false;
+  }
+
+  private static TryStatementTree getEnclosingTryStatement(Tree syntaxNode) {
+    Tree parent = syntaxNode.parent();
+    while (parent != null) {
+      if (parent.is(Tree.Kind.TRY_STATEMENT)) {
+        return (TryStatementTree) parent;
+      }
+      parent = parent.parent();
+    }
+    return null;
+  }
+
   private static class PostStatementVisitor extends CheckerTreeNodeVisitor {
 
     public PostStatementVisitor(CheckerContext context) {
@@ -120,10 +143,30 @@ public void visitNewClass(NewClassTree syntaxNode) {
       if (isOpeningResource(syntaxNode)) {
         final SymbolicValue instanceValue = programState.peekValue();
         if (!(instanceValue instanceof ResourceWrapperSymbolicValue)) {
-          programState = programState.addConstraint(instanceValue, new ObjectConstraint(false, false, syntaxNode, States.OPENED));
+          programState = programState.addConstraint(instanceValue, new ObjectConstraint(false, false, syntaxNode, Status.OPENED));
         }
       }
     }
+
+    @Override
+    public void visitMethodInvocation(MethodInvocationTree syntaxNode) {
+      if (syntaxNode.methodSelect().is(Tree.Kind.MEMBER_SELECT) && needsClosing(syntaxNode.symbolType())) {
+        final ExpressionTree targetExpression = ((MemberSelectExpressionTree) syntaxNode.methodSelect()).expression();
+        if (targetExpression.is(Tree.Kind.IDENTIFIER) && !isWithinTryHeader(syntaxNode)
+          && (syntaxNode.symbol().isStatic() || isJdbcResourceCreation(targetExpression))) {
+          programState = programState.addConstraint(programState.peekValue(), new ObjectConstraint(false, false, syntaxNode, Status.OPENED));
+        }
+      }
+    }
+
+    private static boolean isJdbcResourceCreation(ExpressionTree targetExpression) {
+      for (String creator : JDBC_RESOURCE_CREATIONS) {
+        if (targetExpression.symbolType().is(creator)) {
+          return true;
+        }
+      }
+      return false;
+    }
   }
 
   public static class ResourceWrapperSymbolicValue extends SymbolicValue {
@@ -135,11 +178,6 @@ public ResourceWrapperSymbolicValue(int id, SymbolicValue dependent) {
       this.dependent = dependent;
     }
 
-    @Override
-    public boolean references(SymbolicValue other) {
-      return dependent.equals(other) || dependent.references(other);
-    }
-
     @Override
     public SymbolicValue wrappedValue() {
       return dependent.wrappedValue();
@@ -163,6 +201,8 @@ public SymbolicValue createSymbolicValue(int counter, Tree syntaxNode) {
   static class PreStatementVisitor extends CheckerTreeNodeVisitor {
 
     private static final String CLOSE_METHOD_NAME = "close";
+    private static final String GET_MORE_RESULTS_METHOD_NAME = "getMoreResults";
+    private static final String GET_RESULT_SET = "getResultSet";
 
     private final ConstraintManager constraintManager;
 
@@ -221,23 +261,54 @@ public void visitAssignmentExpression(AssignmentExpressionTree syntaxNode) {
 
     @Override
     public void visitMethodInvocation(MethodInvocationTree syntaxNode) {
+      final ExpressionTree methodSelect = syntaxNode.methodSelect();
       if (isClosingResource(syntaxNode.symbol())) {
-        ExpressionTree methodSelect = syntaxNode.methodSelect();
         if (methodSelect.is(Tree.Kind.MEMBER_SELECT)) {
           final ExpressionTree targetExpression = ((MemberSelectExpressionTree) methodSelect).expression();
           if (targetExpression.is(Tree.Kind.IDENTIFIER)) {
             final IdentifierTree identifier = (IdentifierTree) targetExpression;
-            final SymbolicValue target = programState.getValue(identifier.symbol());
-            programState = closeResource(programState, target);
+            programState = closeResource(programState, programState.getValue(identifier.symbol()));
           } else {
             programState = closeResource(programState, programState.peekValue());
           }
         }
+      } else if (syntaxNode.methodSelect().is(Tree.Kind.MEMBER_SELECT) && isOpeningResultSet(syntaxNode.symbol())) {
+        final SymbolicValue value = getTargetValue(syntaxNode);
+        constraintManager.setValueFactory(new WrappedValueFactory(value));
+      } else if (isClosingResultSets(syntaxNode.symbol())) {
+        if (methodSelect.is(Tree.Kind.MEMBER_SELECT)) {
+          final SymbolicValue value = getTargetValue(syntaxNode);
+          closeResultSetsRelatedTo(value);
+        }
       } else {
         closeArguments(syntaxNode.arguments(), 1);
       }
     }
 
+    private SymbolicValue getTargetValue(MethodInvocationTree syntaxNode) {
+      final ExpressionTree targetExpression = ((MemberSelectExpressionTree) syntaxNode.methodSelect()).expression();
+      final SymbolicValue value;
+      if (targetExpression.is(Tree.Kind.IDENTIFIER)) {
+        final IdentifierTree identifier = (IdentifierTree) targetExpression;
+        value = programState.getValue(identifier.symbol());
+      } else {
+        value = programState.peekValue();
+      }
+      return value;
+    }
+
+    private void closeResultSetsRelatedTo(SymbolicValue value) {
+      final List<ConstrainedValue> constrainedValues = programState.getValuesWithConstraints(Status.OPENED);
+      for (ConstrainedValue constrainedValue : constrainedValues) {
+        if (constrainedValue.value instanceof ResourceWrapperSymbolicValue) {
+          ResourceWrapperSymbolicValue rValue = (ResourceWrapperSymbolicValue) constrainedValue.value;
+          if (value.equals(rValue.dependent)) {
+            programState = programState.addConstraint(rValue, constrainedValue.constraint.withStatus(Status.CLOSED));
+          }
+        }
+      }
+    }
+
     private void closeArguments(final Arguments arguments, int stackOffset) {
       final List<SymbolicValue> values = programState.peekValues(arguments.size() + stackOffset);
       final List<SymbolicValue> argumentValues = values.subList(stackOffset, values.size());
@@ -246,11 +317,11 @@ private void closeArguments(final Arguments arguments, int stackOffset) {
       }
     }
 
-    private static ProgramState closeResource(ProgramState programState, final SymbolicValue target) {
+    private static ProgramState closeResource(ProgramState programState, @Nullable final SymbolicValue target) {
       if (target != null) {
         ObjectConstraint oConstraint = openedConstraint(programState, target);
         if (oConstraint != null) {
-          return programState.addConstraint(target.wrappedValue(), oConstraint.withStatus(States.CLOSED));
+          return programState.addConstraint(target.wrappedValue(), oConstraint.withStatus(Status.CLOSED));
         }
       }
       return programState;
@@ -260,7 +331,7 @@ private static ObjectConstraint openedConstraint(ProgramState programState, Symb
       final Object constraint = programState.getConstraint(value.wrappedValue());
       if (constraint instanceof ObjectConstraint) {
         ObjectConstraint oConstraint = (ObjectConstraint) constraint;
-        if (oConstraint.hasStatus(States.OPENED)) {
+        if (oConstraint.hasStatus(Status.OPENED)) {
           return oConstraint;
         }
       }
@@ -270,6 +341,14 @@ private static ObjectConstraint openedConstraint(ProgramState programState, Symb
     private static boolean isClosingResource(Symbol methodInvocationSymbol) {
       return methodInvocationSymbol.isMethodSymbol() && CLOSE_METHOD_NAME.equals(methodInvocationSymbol.name());
     }
+
+    private static boolean isClosingResultSets(Symbol methodInvocationSymbol) {
+      return methodInvocationSymbol.isMethodSymbol() && GET_MORE_RESULTS_METHOD_NAME.equals(methodInvocationSymbol.name());
+    }
+
+    private static boolean isOpeningResultSet(Symbol methodInvocationSymbol) {
+      return methodInvocationSymbol.isMethodSymbol() && GET_RESULT_SET.equals(methodInvocationSymbol.name());
+    }
   }
 
   @Override
@@ -296,12 +375,18 @@ public ProgramState checkPostStatement(CheckerContext context, Tree syntaxNode)
 
   @Override
   public void checkEndOfExecutionPath(CheckerContext context, ConstraintManager constraintManager) {
-    final List<ObjectConstraint> constraints = context.getState().getFieldConstraints(States.OPENED);
+    final List<ObjectConstraint> constraints = context.getState().getFieldConstraints(Status.OPENED);
     for (ObjectConstraint constraint : constraints) {
       Tree syntaxNode = constraint.syntaxNode();
-      if (syntaxNode instanceof NewClassTree) {
+      if (syntaxNode.is(Tree.Kind.NEW_CLASS)) {
         context.reportIssue(syntaxNode, this, "Close this \"" + ((NewClassTree) syntaxNode).identifier() + "\".");
+      } else if (syntaxNode.is(Tree.Kind.METHOD_INVOCATION)) {
+        context.reportIssue(syntaxNode, this, "Close this \"" + toString((MethodInvocationTree) syntaxNode) + "\".");
       }
     }
   }
+
+  private static String toString(MethodInvocationTree syntaxNode) {
+    return syntaxNode.symbolType().name();
+  }
 }