Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-4846

Improve @SecureField detection lookup exclusions

XMLWordPrintable

      When analyzing https://github.com/quarkusio/quarkus/issues/40780 I mentioned the algorithm used for detection of `@SecureField` is also looking into types that are excluded from lookup in other places of the same algorithm. My thinking is that if someone has a field of one of excluded type (e.g. type from `java.` package) inside DTO, it is possible that custom subclass could have a field annotated with `@SecureField`. Nevertheless it is trying to detect IMO very unlikely situation and for now it's better to shorten detection time. Users are advised to tests every secure field they annotate by Quarkus docs.

      I'll try to provide better detection with refactoring of this algorithm based on a new Jandex version in the future. That won't be backportable. This PR is.

              Unassigned Unassigned
              olubyans@redhat.com Alexey Loubyansky
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: