ossf
:sparkles: Update unsafeblock probe to detect use of Java's Unsafe classes
What kind of change does this PR introduce?
This PR is adding Java support to the probe introduced by #4499. It looks for references to the classes sun.misc.Unsafe or jdk.internal.misc.Unsafe classes which can bypass the JVM's memory safety features (garbage collection, checks against out-of-bound read and write, etc.).
Note that the PR includes a Java source code parser generated with Antlr4 that can be reused to add more Java probes and checks in the future.
- [x] PR title follows the guidelines defined in our pull request documentation
What is the current behavior?
The probe looks for unsafe patterns in go and c# code.
What is the new behavior (if this is a feature change)?
The probe also looks for unsafe patterns in Java code.
- [x] Tests for the changes have been added (for bug fixes/features)
Which issue(s) this PR fixes
Contributes to #3736.
Special notes for your reviewer
Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the release-note
(In particular, describe what changes users might need to make in their application as a result of this pull request.)
Added Java support to probe for non-memory safe practices by detecting references to the sun.misc.Unsafe and jdk.internal.misc.Unsafe classes.
This pull request has been marked stale because it has been open for 10 days with no activity
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This pull request has been marked stale because it has been open for 10 days with no activity