lint-checks/src/main/java/androidx/build/lint/MetadataTagInsideApplicationTagDetector.kt - platform/frameworks/support - Git at Google

 /*
  * Copyright 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 @file:Suppress("UnstableApiUsage")

 package androidx.build.lint

 import com.android.SdkConstants.TAG_META_DATA
 import com.android.tools.lint.detector.api.Category
 import com.android.tools.lint.detector.api.Detector
 import com.android.tools.lint.detector.api.Implementation
 import com.android.tools.lint.detector.api.Incident
 import com.android.tools.lint.detector.api.Issue
 import com.android.tools.lint.detector.api.Scope
 import com.android.tools.lint.detector.api.Severity
 import com.android.tools.lint.detector.api.XmlContext
 import com.android.xml.AndroidManifest.NODE_APPLICATION

 import org.w3c.dom.Element

 class MetadataTagInsideApplicationTagDetector : Detector(), Detector.XmlScanner {

     override fun getApplicableElements(): Collection<String> {
         return listOf(TAG_META_DATA)
     }

     override fun visitElement(context: XmlContext, element: Element) {
         if (element.parentNode.nodeName == NODE_APPLICATION) {
             val incident = Incident(context)
                 .issue(ISSUE)
                 .location(context.getLocation(element))
                 .message("Detected <application>-level meta-data tag.")
                 .scope(element)

             context.report(incident)
         }
     }

     companion object {
         val ISSUE = Issue.create(
             "MetadataTagInsideApplicationTag",
             "Detected <application>-level <meta-data> tag in library manifest",
             "Developers should not add <application>-level <meta-data> tags to library manifests" +
                 " because doing so may inadvertently cause denial-of-service attacks against" +
                 " other apps. Instead, developers may consider adding <metadata> nested " +
                 "inside of placeholder <service> tags.",
             Category.CORRECTNESS, 5, Severity.ERROR,
             Implementation(
                 MetadataTagInsideApplicationTagDetector::class.java,
                 Scope.MANIFEST_SCOPE
             )
         )
     }
 }
	/*
	* Copyright 2020 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	@file:Suppress("UnstableApiUsage")

	package androidx.build.lint

	import com.android.SdkConstants.TAG_META_DATA
	import com.android.tools.lint.detector.api.Category
	import com.android.tools.lint.detector.api.Detector
	import com.android.tools.lint.detector.api.Implementation
	import com.android.tools.lint.detector.api.Incident
	import com.android.tools.lint.detector.api.Issue
	import com.android.tools.lint.detector.api.Scope
	import com.android.tools.lint.detector.api.Severity
	import com.android.tools.lint.detector.api.XmlContext
	import com.android.xml.AndroidManifest.NODE_APPLICATION

	import org.w3c.dom.Element

	class MetadataTagInsideApplicationTagDetector : Detector(), Detector.XmlScanner {

	override fun getApplicableElements(): Collection<String> {
	return listOf(TAG_META_DATA)
	}

	override fun visitElement(context: XmlContext, element: Element) {
	if (element.parentNode.nodeName == NODE_APPLICATION) {
	val incident = Incident(context)
	.issue(ISSUE)
	.location(context.getLocation(element))
	.message("Detected <application>-level meta-data tag.")
	.scope(element)

	context.report(incident)
	}
	}

	companion object {
	val ISSUE = Issue.create(
	"MetadataTagInsideApplicationTag",
	"Detected <application>-level <meta-data> tag in library manifest",
	"Developers should not add <application>-level <meta-data> tags to library manifests" +
	" because doing so may inadvertently cause denial-of-service attacks against" +
	" other apps. Instead, developers may consider adding <metadata> nested " +
	"inside of placeholder <service> tags.",
	Category.CORRECTNESS, 5, Severity.ERROR,
	Implementation(
	MetadataTagInsideApplicationTagDetector::class.java,
	Scope.MANIFEST_SCOPE
	)
	)
	}
	}