图片。左边是 find-sec-bugs,右边是 jclasslib
如图所示。我想使用 find-sec-bugs 访问 BootstrapMethod edu.umd.cs.findbugs.bcel.OpcodeStackDetector,但我找不到它。
我用 mybatisplus 写代码时的一个 bug
public class UserService {
private final UserMapper userMapper;
public UserService(UserMapper userMapper) {
this.userMapper = userMapper;
}
public void test() {
Integer count = userMapper.selectCount(Wrappers.<User>lambdaQuery()
.eq(User::getName, getVal())
// id is type of Long, second param is type of string
// when mysql compare params. Two params will be converted to double
// so. something unexpect occour!!!
// i will access type of the two param and detect if the are the same type
.eq(User::getId, "12345")
);
}
private String getVal() {
return "a";
}
}
我尝试过的
public class MybatisPlusTypeConversionDetector extends OpcodeStackDetector {
private static final String MYBATIS_DECODER = "MYBATIS_DECODER";
private static final InvokeMatcherBuilder MYBATIS_DECODER_METHOD = invokeInstruction().atClass("com/baomidou/mybatisplus/core/conditions/query/LambdaQueryWrapper").atMethod("eq");
private BugReporter bugReporter;
public MybatisPlusTypeConversionDetector(BugReporter bugReporter) {
this.bugReporter = bugReporter;
}
@Override
public void sawOpcode(int seen) {
if (seen == Const.INVOKEVIRTUAL && MYBATIS_DECODER_METHOD.matches(this)){
OpcodeStack.Item item = stack.getStackItem(0);
// debug at here
System.out.println(item);
}
}
}
全部一,我如何访问User::getId并eq(User::getId, "12345")获取User::getId. 使用查找秒错误。
我的 github 存储库中的所有代码:
https://github.com/just-a-stone/find-sec-bugs.git分支my-test
重要文件列表:
- com.h3xstream.findsecbugs.xml.MybatisPlusTypeConversionDetector
- testcode.mybatis.service.UserService
- com.h3xstream.findsecbugs.mybatis.MybatisPlusTypeConversionDetectorTest (junit here!!!)
谢谢。