public void commonAssignmentCheck()

in src/main/java/com/amazon/checkerframework/cryptopolicy/CryptoPolicyComplianceVisitor.java [61:112]

• 40 lines of code
• 11 McCabe index (conditional complexity)

    public void commonAssignmentCheck(final AnnotatedTypeMirror lhsType,
                                      final ExpressionTree rhsTree,
                                      final String errorKey) {

        final List<String> stringValAnnotations = getLowerCasedStringValAnnotations(rhsTree);
        final AnnotationMirror whiteListAnno = lhsType.getAnnotation(CryptoWhiteListed.class);
        final AnnotationMirror blackListAnno = lhsType.getAnnotation(CryptoBlackListed.class);

        // If the lhs isn't a Crypto Policy whitelist or blacklist, or if the rhs does not have
        // any StringVal annotations then there is nothing to do.
        if ((whiteListAnno == null && blackListAnno == null)) {
            super.commonAssignmentCheck(lhsType, rhsTree, errorKey);
            return;
        }
        // If we cannot determine what algorithm is used we fail the build as well to avoid false negatives.
        if (stringValAnnotations == null || stringValAnnotations.isEmpty()) {
            checker.report(Result.failure(UNKNOWN_ALGORITHM_KEY), rhsTree);
            return;
        }

        final Set<String> disallowedCiphers = new HashSet<>();
        final Set<String> warningCiphers = new HashSet<>();
        if (whiteListAnno != null) {
            List<String> regexList = AnnotationUtils.getElementValueArray(whiteListAnno, "value", String.class, true);
            disallowedCiphers.addAll(matchCiphersFromAnnotation(regexList, stringValAnnotations, false));

            List<String> warnList = AnnotationUtils.getElementValueArray(whiteListAnno, "warnOn", String.class, true);
            warningCiphers.addAll(matchCiphersFromAnnotation(warnList, stringValAnnotations, true));
        }

        if (blackListAnno != null) {
            List<String> regexList = AnnotationUtils.getElementValueArray(blackListAnno, "value", String.class, true);
            disallowedCiphers.addAll(matchCiphersFromAnnotation(regexList, stringValAnnotations, true));
        }

        // remove all disallowedCiphers from the warningCiphers because we report an error about those already.
        warningCiphers.removeAll(disallowedCiphers);
        if (!warningCiphers.isEmpty()) {
            final String messageString = String.join(", ", warningCiphers).toUpperCase();
            if (!shouldSuppressWarnings(rhsTree, messageString)) {
                checker.report(Result.warning(CRYPTO_COMPLIANCE_WARNING_KEY, messageString), rhsTree);
            }
        }

        // if none of the regex checks returned false, then we can skip the rest of the CAC
        if (!disallowedCiphers.isEmpty()) {
            final String messageString = String.join(", ", disallowedCiphers).toUpperCase();
            if (!shouldSuppressWarnings(rhsTree, messageString)) {
                checker.report(Result.failure(CRYPTO_COMPLIANCE_ERROR_KEY, messageString), rhsTree);
            }
        }
    }