10: Add WorldAccessPermissionsPlugin

src/main/java/com/bartek/esa/core/di/PluginModule.java

@@ -125,4 +125,10 @@ public class PluginModule {
     public Plugin sqlInjectionPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
         return new SqlInjectionPlugin(globMatcher, xmlHelper);
     }
+
+    @Provides
+    @IntoSet
+    public Plugin worldAccessPermissionsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        return new WorldAccessPermissionsPlugin(globMatcher, xmlHelper);
+    }
 }

src/main/java/com/bartek/esa/core/plugin/WorldAccessPermissionsPlugin.java

@@ -0,0 +1,39 @@
+package com.bartek.esa.core.plugin;
+
+import com.bartek.esa.core.archetype.JavaPlugin;
+import com.bartek.esa.core.model.enumeration.Severity;
+import com.bartek.esa.core.xml.XmlHelper;
+import com.bartek.esa.file.matcher.GlobMatcher;
+import com.github.javaparser.ast.CompilationUnit;
+import com.github.javaparser.ast.expr.FieldAccessExpr;
+import com.github.javaparser.ast.expr.NameExpr;
+
+import javax.inject.Inject;
+import java.util.Map;
+
+public class WorldAccessPermissionsPlugin extends JavaPlugin {
+
+    @Inject
+    public WorldAccessPermissionsPlugin(GlobMatcher globMatcher, XmlHelper xmlHelper) {
+        super(globMatcher, xmlHelper);
+    }
+
+    @Override
+    public void run(CompilationUnit compilationUnit) {
+        compilationUnit.findAll(NameExpr.class).stream()
+                .filter(expr -> expr.getName().getIdentifier().matches("MODE_WORLD_(READABLE|WRITEABLE)"))
+                .forEach(expr -> addIssue(Severity.ERROR, getModel(expr), getLineNumberFromExpression(expr), expr.toString()));
+
+        compilationUnit.findAll(FieldAccessExpr.class).stream()
+                .filter(expr -> expr.getName().getIdentifier().matches("MODE_WORLD_(READABLE|WRITEABLE)"))
+                .forEach(expr -> addIssue(Severity.ERROR, getModel(expr), getLineNumberFromExpression(expr), expr.toString()));
+    }
+
+    private Map<String, String> getModel(NameExpr expression) {
+        return Map.of("exprName", expression.getName().getIdentifier());
+    }
+
+    private Map<String, String> getModel(FieldAccessExpr expression) {
+        return Map.of("exprName", expression.getName().getIdentifier());
+    }
+}

src/main/resources/description.properties

@@ -111,3 +111,8 @@ com.bartek.esa.core.plugin.IntentFilterPlugin=Implemented intent filter.\n\
 
 com.bartek.esa.core.plugin.SqlInjectionPlugin='rawQuery' method detected. Potential SQL injection attack.\n\
   'rawQuery' method should be avoided because of possibility to inject SQL code.
+
+com.bartek.esa.core.plugin.WorldAccessPermissionsPlugin=World access permissions detected. Potential data leakage.\n\
+  The deprecated '${exprName}' constant has been found and it can be risky to use.\n\
+  It grants world access permission to selected resource.\n\
+  Consider using less permissive mode.a.