Task to check if a set of class files contains calls to forbidden APIs from a given classpath and list of API signatures (either inline or as pointer to files). In contrast to other ANT tasks, this tool does only visit the given classpath and the system classloader, not ANT's class loader.
| Name | Type | Default | Description |
|---|---|---|---|
| dir | File |
Directory to scan for class files. This directory is automatically converted to a FileSet with **/*.class as include pattern. |
|
| signaturesFile | File |
A single signatures file. | |
| bundledSignatures | String |
Name of a built-in signatures file. | |
| classpath | Path |
Classpath in ANT format. Should be identical to classpath used for compiling the class files. | |
| classpathref | Reference |
Reference to a path defined anywhere else. Should be identical to classpath used for compiling the class files. |
|
| failOnUnsupportedJava | boolean |
false |
Fail the build, if the bundled ASM library cannot read the class file format of the runtime library or the runtime library cannot be discovered. |
| failOnMissingClasses | boolean |
true |
Fail the build, if a referenced class is missing. This requires that you pass the whole classpath including all dependencies. If you don't have all classes in the filesets, the application classes must be reachable through this classpath, too. |
| failOnUnresolvableSignatures | boolean |
true |
Fail the build if a signature is not resolving. If this parameter is set to to false, then such signatures are silently ignored. |
| internalRuntimeForbidden | boolean |
false |
Forbids calls to classes from the internal java runtime (like sun.misc.Unsafe). |
| restrictClassFilename | boolean |
true |
Automatically restrict resource names included to files with a name ending in '.class'. This makes filesets easier, as the includes="**/*.class" is not needed. |
| ignoreEmptyFileset | boolean |
false |
Ignore empty fileset/resource collection and print a warning instead. |
| suppressAnnotation | class name |
Class name of a custom Java annotation that are used in the checked
code to suppress errors. This annotation must have at least
RetentionPolicy#CLASS. It can be applied to classes, their methods,
or fields. By default, @de.thetaphi.forbiddenapis.SuppressForbidden
can always be used, but needs the forbidden-apis.jar file in classpath
of compiled project, which may not be wanted. Instead of a full class name, a glob
pattern may be used (e.g., **.SuppressForbidden). |
This task supports all resource collections Ant provides (fileset, filelist,
file, tarfileset, zipfileset,...)
and uses all class files from them. It automatically adds an implcit filter to file names ending in '.class',
so you don't need to add this as include attribute to those collections.
You can also pass one or multiple classpath elements to form a classpath. Ideally use the same configuration like the javac task.
To pass in signatures, you have 3 possibilities:
bundledSignatures element to pass a built-in signatures file, e.g. <bundledsignatures name="jdk-unsafe-1.7"/>signaturesFileSet, signaturesFileList, signaturesFile elements to pass in collections of signatures files. Those elements behave like the corresponding standard Ant types.forbiddenapis element.You can include multiple <suppressAnnotation classname="..."> elements to specify class names of custom Java annotations that are used in the checked
code to suppress errors. Those annotations must have at least
RetentionPolicy#CLASS. They can be applied to classes, their methods, or fields. By default, @de.thetaphi.forbiddenapis.SuppressForbidden
can always be used, but needs the forbidden-apis.jar file in classpath of compiled project, which may not be wanted. Instead of a full class name, a glob
pattern may be used (e.g., **.SuppressForbidden).