Merge pull request #38 from SpringKill-team/feature/mergesink

feature: Update Gradle version to 2024.3 and enhance method reference…

Author: springkill

build.gradle.kts

@@ -23,7 +23,7 @@ dependencies {
 // Configure Gradle IntelliJ Plugin
 // Read more: https://plugins.jetbrains.com/docs/intellij/tools-gradle-intellij-plugin.html
 intellij {
-    version.set("2022.3")
+    version.set("2024.3")
     type.set("IU") // Target IDE Platform
 
 

src/main/kotlin/org/skgroup/securityinspector/actions/SearchAsSinkAction.kt

@@ -18,7 +18,6 @@ import org.skgroup.securityinspector.ui.service.SecurityInspectorProjectService
  *
  * @author springkill
  * @version 1.0
- * @since 2025/3/9
  */
 class SearchAsSinkAction : AnAction() {
     override fun actionPerformed(e: AnActionEvent) {

src/main/kotlin/org/skgroup/securityinspector/analysis/graphs/callgraph/CallGraphBuilder.kt

@@ -4,6 +4,7 @@ import com.intellij.openapi.application.ApplicationManager
 import com.intellij.openapi.project.Project
 import com.intellij.psi.*
 import com.intellij.psi.search.GlobalSearchScope
+import com.intellij.psi.search.searches.ClassInheritorsSearch
 import com.intellij.psi.search.searches.ReferencesSearch
 import com.intellij.psi.util.PsiTreeUtil
 import org.skgroup.securityinspector.analysis.ast.nodes.MethodNode
@@ -46,8 +47,8 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
 
         // 查找对该方法的所有引用，建立反向调用关系
         // TODO 这里的逻辑我自己也混乱了，可能会有问题，后面再看
-        val scope = GlobalSearchScope.projectScope(method.project)
-        ReferencesSearch.search(method, scope).forEach { reference ->
+        val projectScope = GlobalSearchScope.projectScope(method.project)
+        ReferencesSearch.search(method, projectScope).forEach { reference ->
             val callerMethod = PsiTreeUtil.getParentOfType(reference.element, PsiMethod::class.java)
                 ?: return@forEach
 
@@ -88,10 +89,15 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
             println("method call expression $expression can not be resolve.")
             return
         }
-        val clazz: PsiClass? = resolvedMethod.containingClass
+        if (resolvedMethod.hasModifierProperty(PsiModifier.ABSTRACT) || resolvedMethod.containingClass?.isInterface == true) {
+            findConcreteImplementations(resolvedMethod).forEach { implMethod ->
+                val implNode = GraphUtils.getMethodNode(implMethod, expression)
+                callGraph.edges.getOrPut(caller) { mutableSetOf() }.add(implNode)
+            }
+        }
+//        val clazz: PsiClass? = resolvedMethod.containingClass
         expression.reference?.let {
             val calleeMethodNode = GraphUtils.getMethodNode(resolvedMethod, it)
-            println("expression $expression resolve reference success.")
             // 将 callee 加入节点集合
             callGraph.nodes.add(calleeMethodNode)
             // 在 callGraph 中记录调用关系 (caller -> callee)
@@ -100,21 +106,28 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
                 .add(calleeMethodNode)
             handleIoCContainerCall(expression, caller, calleeMethodNode)
         } ?: run {
-            if (clazz != null) {
-                if (clazz.isInterface) {
-                    println("$clazz is an interface")
-                    println("and the method call expression $expression can not resolve reference.")
-                }
-                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
-                    println("$clazz is an abstract class")
-                    println("and the method call expression $expression can not resolve reference.")
-                }
-            }
+//            if (clazz != null) {
+//                if (clazz.isInterface) {
+//                    println("$clazz is an interface")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
+//                    println("$clazz is an abstract class")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//            }
             if (PsiTreeUtil.getParentOfType(expression, PsiLambdaExpression::class.java) != null) {
                 println("in lambda method call expression $expression can not resolve reference.")
             } else {
                 println("unknown method call expression $expression can not resolve reference.")
             }
+            val calleeMethodNode = GraphUtils.getMethodNode(resolvedMethod, expression)
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录调用关系 (caller -> callee)
+            callGraph.edges
+                .getOrPut(caller) { mutableSetOf() }
+                .add(calleeMethodNode)
+            handleIoCContainerCall(expression, caller, calleeMethodNode)
         }
         super.visitMethodCallExpression(expression)
     }
@@ -136,7 +149,7 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
             println("new expression $constructor can not be resolve.")
             return
         }
-        val clazz: PsiClass? = constructor.containingClass
+//        val clazz: PsiClass? = constructor.containingClass
         expression.reference?.let {
             val calleeMethodNode = GraphUtils.getMethodNode(constructor, it)
             // 将 callee 加入节点集合
@@ -147,21 +160,27 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
                 .add(calleeMethodNode)
             println("expression $expression resolve reference success.")
         } ?: run {
-            if (clazz != null) {
-                if (clazz.isInterface) {
-                    println("$clazz is an interface")
-                    println("and the method call expression $expression can not resolve reference.")
-                }
-                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
-                    println("$clazz is an abstract class")
-                    println("and the method call expression $expression can not resolve referencee.")
-                }
-            }
+//            if (clazz != null) {
+//                if (clazz.isInterface) {
+//                    println("$clazz is an interface")
+//                    println("and the method call expression $expression can not resolve reference.")
+//                }
+//                if (clazz.hasModifierProperty(PsiModifier.ABSTRACT)) {
+//                    println("$clazz is an abstract class")
+//                    println("and the method call expression $expression can not resolve referencee.")
+//                }
+//            }
             if (PsiTreeUtil.getParentOfType(expression, PsiLambdaExpression::class.java) != null) {
                 println("in lambda method call expression $expression can not resolve reference.")
             } else {
                 println("unknown new expression $constructor can not resolve reference.")
             }
+            val calleeMethodNode = GraphUtils.getMethodNode(constructor, expression)
+            callGraph.nodes.add(calleeMethodNode)
+            // 在 callGraph 中记录调用关系 (caller -> callee)
+            callGraph.edges
+                .getOrPut(callerMethodNode) { mutableSetOf() }
+                .add(calleeMethodNode)
         }
         super.visitNewExpression(expression)
     }
@@ -310,4 +329,26 @@ class CallGraphBuilder : JavaRecursiveElementVisitor() {
         return callGraph
     }
 
+    private fun findConcreteImplementations(abstractMethod: PsiMethod): List<PsiMethod> {
+        val implementations = mutableListOf<PsiMethod>()
+        val containingClass = abstractMethod.containingClass ?: return emptyList()
+
+        // 查找所有子类或实现类
+        val inheritors = if (containingClass.isInterface) {
+            ClassInheritorsSearch.search(containingClass, abstractMethod.useScope, true).toList()
+        } else {
+            ClassInheritorsSearch.search(containingClass).toList()
+        }
+
+        inheritors.forEach { implClass ->
+            implClass.findMethodBySignature(abstractMethod, true)?.let {
+                if (!it.hasModifierProperty(PsiModifier.ABSTRACT)) {
+                    implementations.add(it)
+                }
+            }
+        }
+
+        return implementations
+    }
+
 }

src/main/kotlin/org/skgroup/securityinspector/ui/renderer/ResultTreeRenderer.kt

@@ -35,12 +35,16 @@ class ResultTreeRenderer : DefaultTreeCellRenderer() {
                         RefMode.NEW -> icon = IconUtil.newIcon
                         else -> {}
                     }
-                    "$refMode : ${userObject.name}"
+                    "$refMode : ${
+                        userObject.className.substring(userObject.className.lastIndexOf(".") + 1)
+                    } #${userObject.name}"
                 }
-                is String ->{
+
+                is String -> {
                     icon = IconUtil.pathIcon
                     userObject
                 }
+
                 else -> userObject.toString()
             }
         }

src/main/kotlin/org/skgroup/securityinspector/ui/service/CallGraphGenerator.kt

@@ -7,6 +7,7 @@ import com.intellij.openapi.progress.ProgressManager
 import com.intellij.openapi.progress.Task
 import com.intellij.openapi.project.Project
 import com.intellij.openapi.ui.ComboBox
+import com.intellij.openapi.vfs.VirtualFile
 import com.intellij.psi.*
 import com.intellij.psi.search.GlobalSearchScope
 import com.intellij.psi.search.ProjectScope
@@ -25,6 +26,10 @@ import java.util.concurrent.CompletableFuture
 import javax.swing.*
 
 object CallGraphGenerator {
+    // 全局唯一已检测方法set
+    private val processedMethods = mutableSetOf<String>()
+    private val processedFiles = mutableSetOf<PsiFile>()
+
     fun generate(
         project: Project,
         progressBar: JProgressBar,
@@ -92,7 +97,9 @@ object CallGraphGenerator {
 
                     ApplicationManager.getApplication().runReadAction {
                         if (psiFile is PsiJavaFile) {
-                            psiFile.accept(builder)
+                            if (processedFiles.add(psiFile)) {
+                                psiFile.accept(builder)
+                            }
                         }
                     }
 
@@ -150,6 +157,9 @@ object CallGraphGenerator {
         uiComponents: CallGraphUIComponents,
         rootListModel: DefaultListModel<MethodNode>,
     ) {
+        val signature =
+            "${method.containingClass?.qualifiedName}" + "#" + method.name + "(${method.parameterList.parameters.joinToString { it.type.presentableText }})"
+        if (!processedMethods.add(signature)) return
         progressBar.apply {
             isVisible = true
             isIndeterminate = true
@@ -173,22 +183,28 @@ object CallGraphGenerator {
                 indicator.text = "Analyzing ${method.name}"
 
                 val builder = CallGraphBuilder()
-                ReferencesSearch.search(method, GlobalSearchScope.projectScope(project)).forEach { reference ->
-                    var callerMethod: PsiMethod = method
-                    ApplicationManager.getApplication().runReadAction {
-                        callerMethod = PsiTreeUtil.getParentOfType(reference.element, PsiMethod::class.java)
-                            ?: return@runReadAction
+                ApplicationManager.getApplication().runReadAction {
+                    ReferencesSearch.search(method, method.resolveScope).forEach { reference ->
+                        var callerMethod: PsiMethod = method
+                        ApplicationManager.getApplication().runReadAction {
+//                            callerMethod = reference.resolve() as PsiMethod
+                            callerMethod = PsiTreeUtil.getParentOfType(reference.element, PsiMethod::class.java)
+                                ?: return@runReadAction
+                        }
+                        val callee =
+                            "${callerMethod.containingClass?.qualifiedName}" + "#" + callerMethod.name + "(${callerMethod.parameterList.parameters.joinToString { it.type.presentableText }})"
+                        if (callerMethod != method && !processedMethods.contains(callee)) {
+                            generate(project, callerMethod, progressBar, uiComponents, rootListModel)
+                        }
                     }
-                    if (callerMethod != method) {
-                        generate(project, callerMethod, progressBar, uiComponents, rootListModel)
+                    if (method.containingFile.virtualFile.path.contains("src/test")) return@runReadAction
+                    ApplicationManager.getApplication().runReadAction {
+                        method.accept(builder)
                     }
-                }
-                ApplicationManager.getApplication().runReadAction {
-                    method.accept(builder)
-                }
-                progressBar.string = "Building CallGraph for method ${method.name}"
+                    progressBar.string = "Building CallGraph for method ${method.name}"
 
-                tempGraph = builder.getCallGraph(project)
+                    tempGraph = builder.getCallGraph(project)
+                }
             }
 
             override fun onSuccess() {

src/main/kotlin/org/skgroup/securityinspector/utils/GraphUtils.kt

@@ -49,7 +49,7 @@ object GraphUtils {
      * @param methodNode 传入一个 MethodNode 对象
      * @return  返回一个字符串，表示方法的签名
      */
-    fun getMethodSignature(methodNode: MethodNode): String {
+    private fun getMethodSignature(methodNode: MethodNode): String {
         val className = methodNode.className
         val methodName = methodNode.name
 
@@ -200,7 +200,7 @@ object GraphUtils {
         val path = mutableListOf<MethodNode>()
 
         fun isMatch(n1: MethodNode, n2: MethodNode): Boolean {
-            return n1.className == n2.className && n1.name == n2.name
+            return n1 == n2
         }
 
         fun dfs(cur: MethodNode): Boolean {