Block sensitive java member access by usage instead of import #113
Description
Will be particularly useful for method overriding and mixin script.
A simple way of implementing this is:
- For directly blocked class, mark all its members as invalid
- For implementation class not in directly blocked package, mark member as invalid if
- blocked in superclass and interfaces
- contains blocked class in its used type(s)
(Actually I think the first rule is enough for replicating current behaviours, the second rule is for even better security)
Example:
import native.somepkg.BlockedClass; // allowed
import native.somepkg2.WithBlockedUsage;
function someFn(
blocked as BlockedClass // allowed
) as BlockedClass { // allowed
BlockedClass.doAnything(); // denied
BlockedClass.getAnything; // denied
blocked.doAnything(); // denied
blocked.getAnything; // denied
WithBlockedUsage.getBlocked; // denied if getBlocked is 'BlockedClass'
WithBlockedUsage.foo = blocked; // denied because 'blocked' is used
WithBlockedUsage.doBlocked(blocked); // denied because 'blocused is used
}
var impl as BlockedClassImpl;
impl.doAnything(); // denied, because it's denied in BlockedClass