Merge pull request #39 from SpringKill-team/dev

Dev

Author: springkill

build.gradle.kts

@@ -23,7 +23,7 @@ dependencies {
 // Configure Gradle IntelliJ Plugin
 // Read more: https://plugins.jetbrains.com/docs/intellij/tools-gradle-intellij-plugin.html
 intellij {
-    version.set("2022.3")
+    version.set("2024.3")
     type.set("IU") // Target IDE Platform
 
 

src/main/kotlin/org/skgroup/securityinspector/actions/BuildCallGraphAction.kt

@@ -56,7 +56,7 @@ class BuildCallGraphAction : AnAction() {
             project,
             method,
             uiComponents.progressBar,
-            uiComponents.infoArea,
+            uiComponents,
             uiComponents.rootListModel,
         )
 

src/main/kotlin/org/skgroup/securityinspector/actions/SearchAsSinkAction.kt

@@ -18,7 +18,6 @@ import org.skgroup.securityinspector.ui.service.SecurityInspectorProjectService
  *
  * @author springkill
  * @version 1.0
- * @since 2025/3/9
  */
 class SearchAsSinkAction : AnAction() {
     override fun actionPerformed(e: AnActionEvent) {
@@ -57,7 +56,7 @@ class SearchAsSinkAction : AnAction() {
         CallGraphSearcher.search(
             uiComponents.sourceField,
             uiComponents.sinkField,
-            uiComponents.infoArea,
+//            uiComponents.infoArea,
             uiComponents.searchResultRootNode,
             uiComponents.searchResultTreeModel,
             project

src/main/kotlin/org/skgroup/securityinspector/analysis/ast/nodes/MethodNode.kt

@@ -1,6 +1,7 @@
 package org.skgroup.securityinspector.analysis.ast.nodes
 
 import org.skgroup.securityinspector.analysis.ast.SourceSpan
+import org.skgroup.securityinspector.enums.RefMode
 
 /**
  * Method node 是用于表示方法节点
@@ -19,9 +20,14 @@ data class MethodNode(
     val returnType: String,
     val parameters: List<ParameterNode>,
     val body: List<AstNode> = emptyList(),
+    val refMode: RefMode,
     override val sourceSpan: SourceSpan? = null
 ) : BaseAstNode(
     nodeType = "MethodDeclaration",
     children = body,
     sourceSpan = sourceSpan
-)
+){
+    override fun toString(): String {
+        return "MethodNode(className='$className', name='$name', returnType='$returnType', parameters=$parameters, body=$body, sourceSpan=$sourceSpan)"
+    }
+}

src/main/kotlin/org/skgroup/securityinspector/analysis/graphs/callgraph/CallGraphBuilder.kt

@@ -3,10 +3,13 @@ package org.skgroup.securityinspector.analysis.graphs.callgraph
 import com.intellij.openapi.application.ApplicationManager
 import com.intellij.openapi.project.Project
 import com.intellij.psi.*
+import com.intellij.psi.search.GlobalSearchScope
+import com.intellij.psi.search.searches.ClassInheritorsSearch
 import com.intellij.psi.search.searches.ReferencesSearch
 import com.intellij.psi.util.PsiTreeUtil
 import org.skgroup.securityinspector.analysis.ast.nodes.MethodNode
 import org.skgroup.securityinspector.analysis.di.DIProcessor
+import org.skgroup.securityinspector.enums.RefMode
 import org.skgroup.securityinspector.utils.GraphUtils
 import java.util.ArrayDeque
 
@@ -44,7 +47,8 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
 
         // 查找对该方法的所有引用，建立反向调用关系
         // TODO 这里的逻辑我自己也混乱了，可能会有问题，后面再看
-        ReferencesSearch.search(method, method.useScope).forEach { reference ->
+        val projectScope = GlobalSearchScope.projectScope(method.project)
+        ReferencesSearch.search(method, projectScope).forEach { reference ->
             val callerMethod = PsiTreeUtil.getParentOfType(reference.element, PsiMethod::class.java)
                 ?: return@forEach
 
@@ -74,26 +78,58 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
      * @param expression    方法调用表达式
      */
     override fun visitMethodCallExpression(expression: PsiMethodCallExpression) {
-        super.visitMethodCallExpression(expression)
-        if (currentMethodStack.isEmpty()) {
-            return
-        }
+        if (currentMethodStack.isEmpty()) return
+        expression.methodExpression.qualifierExpression?.accept(this)
 
         val caller = currentMethodStack.peek()
-
         // 解析被调用的方法
-        val resolvedMethod = expression.resolveMethod() ?: return
-        val calleeMethodNode = GraphUtils.getMethodNode(resolvedMethod, expression)
-
-        // 将 callee 加入节点集合
-        callGraph.nodes.add(calleeMethodNode)
-
-        // 在 callGraph 中记录调用关系 (caller -> callee)
-        callGraph.edges
-            .getOrPut(caller) { mutableSetOf() }
-            .add(calleeMethodNode)
-
-        handleIoCContainerCall(expression, caller, calleeMethodNode)
+        val resolvedMethod = expression.resolveMethod()
+        // 调试日志
+        if (resolvedMethod == null) {
+            println("method call expression $expression can not be resolve.")
+            return
+        }
+        if (resolvedMethod.hasModifierProperty(PsiModifier.ABSTRACT) || resolvedMethod.containingClass?.isInterface == true) {
+            findConcreteImplementations(resolvedMethod).forEach { implMethod ->
+                val implNode = GraphUtils.getMethodNode(implMethod, expression)
+                callGraph.edges.getOrPut(caller) { mutableSetOf() }.add(implNode)
+            }
+        }
+//        val clazz: PsiClass? = resolvedMethod.containingClass
+        expression.reference?.let {
+            val calleeMethodNode = GraphUtils.getMethodNode(resolvedMethod, it)
+            // 将 callee 加入节点集合
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录调用关系 (caller -> callee)
+            callGraph.edges
+                .getOrPut(caller) { mutableSetOf() }
+                .add(calleeMethodNode)
+            handleIoCContainerCall(expression, caller, calleeMethodNode)
+        } ?: run {
+//            if (clazz != null) {
+//                if (clazz.isInterface) {
+//                    println("$clazz is an interface")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
+//                    println("$clazz is an abstract class")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//            }
+            if (PsiTreeUtil.getParentOfType(expression, PsiLambdaExpression::class.java) != null) {
+                println("in lambda method call expression $expression can not resolve reference.")
+            } else {
+                println("unknown method call expression $expression can not resolve reference.")
+            }
+            val calleeMethodNode = GraphUtils.getMethodNode(resolvedMethod, expression)
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录调用关系 (caller -> callee)
+            callGraph.edges
+                .getOrPut(caller) { mutableSetOf() }
+                .add(calleeMethodNode)
+            handleIoCContainerCall(expression, caller, calleeMethodNode)
+        }
+        super.visitMethodCallExpression(expression)
     }
 
     /**
@@ -102,24 +138,51 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
      * @param expression
      */
     override fun visitNewExpression(expression: PsiNewExpression) {
-        super.visitNewExpression(expression)
-        if (currentMethodStack.isEmpty()) {
-            return
-        }
-        val callerMethodNode = currentMethodStack.peek()
+        if (currentMethodStack.isEmpty()) return
+//        expression.methodNewExpression.qualifierExpression?.accept(this)
 
+        val callerMethodNode = currentMethodStack.peek()
         // 解析构造方法
-        val constructor = expression.resolveConstructor() ?: return
-        val calleeMethodNode = GraphUtils.getMethodNode(constructor, expression)
-
-        // 将 callee 加入节点集合
-        callGraph.nodes.add(calleeMethodNode)
-
-        // 在 callGraph 中记录 (caller -> callee构造方法)
-        callGraph
-            .edges
-            .getOrPut(callerMethodNode) { mutableSetOf() }
-            .add(calleeMethodNode)
+        val constructor = expression.resolveConstructor()
+        // 调试日志
+        if (constructor == null) {
+            println("new expression $constructor can not be resolve.")
+            return
+        }
+//        val clazz: PsiClass? = constructor.containingClass
+        expression.reference?.let {
+            val calleeMethodNode = GraphUtils.getMethodNode(constructor, it)
+            // 将 callee 加入节点集合
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录 (caller -> callee构造方法)
+            callGraph.edges
+                .getOrPut(callerMethodNode) { mutableSetOf() }
+                .add(calleeMethodNode)
+            println("expression $expression resolve reference success.")
+        } ?: run {
+//            if (clazz != null) {
+//                if (clazz.isInterface) {
+//                    println("$clazz is an interface")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
+//                    println("$clazz is an abstract class")
+//                    println("and the method call expression $expression can not resolve referencee.")
+//                }
+//            }
+            if (PsiTreeUtil.getParentOfType(expression, PsiLambdaExpression::class.java) != null) {
+                println("in lambda method call expression $expression can not resolve reference.")
+            } else {
+                println("unknown new expression $constructor can not resolve reference.")
+            }
+            val calleeMethodNode = GraphUtils.getMethodNode(constructor, expression)
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录调用关系 (caller -> callee)
+            callGraph.edges
+                .getOrPut(callerMethodNode) { mutableSetOf() }
+                .add(calleeMethodNode)
+        }
+        super.visitNewExpression(expression)
     }
 
     /**
@@ -141,15 +204,20 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
                 super.visitMethodCallExpression(lambdaCall)
                 val caller = currentMethodStack.peek()
                 val resolvedMethod = lambdaCall.resolveMethod() ?: return
-                val calleeMethodNode = GraphUtils.getLambdaMethodNode(resolvedMethod)
-
-                // 将 callee 加入图
-                callGraph.nodes.add(calleeMethodNode)
-
-                // 在 callGraph 中记录调用关系 (caller -> callee)
-                callGraph.edges
-                    .getOrPut(caller) { mutableSetOf() }
-                    .add(calleeMethodNode)
+                lambdaCall.children.forEach { child ->
+                    val calleeMethodNode = child.reference?.let {
+                        GraphUtils.getMethodNode(resolvedMethod, it)
+                    } ?: run {
+                        GraphUtils.getLambdaMethodNode(resolvedMethod)
+                    }
+                    callGraph.nodes.add(caller)
+                    calleeMethodNode?.let {
+                        callGraph.nodes.add(it)
+                        callGraph.edges
+                            .getOrPut(caller) { mutableSetOf() }
+                            .add(it)
+                    }
+                }
             }
 
             override fun visitMethodReferenceExpression(expression: PsiMethodReferenceExpression) {
@@ -205,7 +273,8 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
             // 其他的慢慢加吧
             ) {
                 // 如果是构造方法或者带有此注解的方法，可能被框架在运行时调用
-                val containerMethodNode = MethodNode("Container", "Container", "Framework", emptyList(), emptyList())
+                val containerMethodNode =
+                    MethodNode("Container", "Container", "Framework", emptyList(), emptyList(), RefMode.CALL)
                 callGraph.nodes.add(containerMethodNode)
 
                 callGraph.edges
@@ -232,7 +301,7 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
         if (qualifierExpression != null && methodName == "getBean") {
             // 将容器节点与被调用方法或类做额外的链接
             val containerMethodNode =
-                MethodNode("ApplicationContext", "ApplicationContext", "Spring", emptyList(), emptyList())
+                MethodNode("ApplicationContext", "ApplicationContext", "Spring", emptyList(), emptyList(), RefMode.CALL)
             callGraph.nodes.add(containerMethodNode)
             // caller -> container
             callGraph.edges
@@ -260,4 +329,26 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
         return callGraph
     }
 
+    private fun findConcreteImplementations(abstractMethod: PsiMethod): List<PsiMethod> {
+        val implementations = mutableListOf<PsiMethod>()
+        val containingClass = abstractMethod.containingClass ?: return emptyList()
+
+        // 查找所有子类或实现类
+        val inheritors = if (containingClass.isInterface) {
+            ClassInheritorsSearch.search(containingClass, abstractMethod.useScope, true).toList()
+        } else {
+            ClassInheritorsSearch.search(containingClass).toList()
+        }
+
+        inheritors.forEach { implClass ->
+            implClass.findMethodBySignature(abstractMethod, true)?.let {
+                if (!it.hasModifierProperty(PsiModifier.ABSTRACT)) {
+                    implementations.add(it)
+                }
+            }
+        }
+
+        return implementations
+    }
+
 }

src/main/kotlin/org/skgroup/securityinspector/analysis/graphs/processor/DIProcessor.kt

@@ -4,10 +4,10 @@ import com.intellij.openapi.project.Project
 import com.intellij.psi.*
 import com.intellij.psi.search.GlobalSearchScope
 import com.intellij.psi.search.searches.AnnotatedElementsSearch
-import com.intellij.psi.search.searches.ClassInheritorsSearch
 import com.intellij.psi.util.PsiUtil
 import org.skgroup.securityinspector.analysis.ast.nodes.MethodNode
 import org.skgroup.securityinspector.analysis.graphs.callgraph.CallGraph
+import org.skgroup.securityinspector.enums.RefMode
 import org.skgroup.securityinspector.utils.GraphUtils
 import java.util.*
 
@@ -123,7 +123,7 @@ class DIProcessor(
                     if (injectionAnnotations.contains(annotation.qualifiedName)) {
                         // 将容器 -> constructor 关系入图
                         val constructorNode = GraphUtils.getMethodNode(constructor)
-                        val containerMethodNode = MethodNode("Container","Container", "Framework", emptyList(), emptyList())
+                        val containerMethodNode = MethodNode("Container","Container", "Framework", emptyList(), emptyList(), RefMode.CALL)
                         callGraph.nodes.add(constructorNode)
                         callGraph.nodes.add(containerMethodNode)
 
@@ -217,7 +217,7 @@ class DIProcessor(
             GraphUtils.getMethodNode(psiClass)
         } else {
             // 找不到对应类，做一个兜底处理
-            MethodNode(type.canonicalText ?: "UnknownType",type.canonicalText ?: "UnknownType", "DI", emptyList(), emptyList())
+            MethodNode(type.canonicalText ?: "UnknownType",type.canonicalText ?: "UnknownType", "DI", emptyList(), emptyList(),RefMode.CALL)
         }
     }
 

src/main/kotlin/org/skgroup/securityinspector/enums/RefMode.kt

@@ -0,0 +1,14 @@
+package org.skgroup.securityinspector.enums
+
+/**
+ * 枚举描述：RefMode 枚举用于。
+ *
+ * @author springkill
+ * @version 1.0
+ */
+enum class RefMode(val value: String) {
+    CALL("call"),
+    DECLARATION("declaration"),
+    IMPLEMENTATION("implementation"),
+    NEW("new"),
+}