Java: Detecting annotations on called library 3rd party #139
-
Can CodeQL introspect on third party library code to detect if a method being called has an annotation on it? For example, Google Guava has the I can see that there is information on checking for the |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
I would think that such annotations are extracted and put in the database, but I didn't know off-hand, so I wrote a query to find out: import java
from Annotation ann, Method m
where ann.getTarget() = m and not m.fromSource()
select m.getDeclaringType().getQualifiedName(), m, ann, ann.getType().getQualifiedName() Indeed, this query has results, so it should just work 🎉 |
Beta Was this translation helpful? Give feedback.
-
Yes, this works. The only thing that will obviously not work is the case of source annotation, i.e., |
Beta Was this translation helpful? Give feedback.
Yes, this works.
See here for the exact case you asked for.
The only thing that will obviously not work is the case of source annotation, i.e.,
@Retention(RetentionPolicy.SOURCE)
because they will be discarded by the compiler.