Given a Java source folder I'd like to declare that all the code required to execute the program is contained in the source folder or instead declare the source folder "suspect" if this cannot be definitively shown. Simply compiling the folder is not enough because there could be some code like:
Class<?> clazz = Class.forName("Foo");
clazz.newInstance();
Where Foo.java is not present in the source folder. But what if I search the codebase and show Class.forName is never used. Is that sufficient to show all dependencies are present if the folder compiles? Or are there other reflective techniques I need to search for as well? I'm fine with just assuming a dependency is not present if code like
`Class.forName(SOME_MYSTERY_STRING_COMPUTED_AT_RUNTIME)`
is found. I don't care about discovering if the argument to forName(...) is represented by the source folder or not. I'm fine with just assuming it is not and declaring the folder suspect. I'm also fine with similarly declaring the folder suspect if any set of reflective operations are used without having to deeply analyze them. I just need to know what that list of operations are in general.
Aucun commentaire:
Enregistrer un commentaire