与注解相关的类

Annotable，可以被附上注解的元素
Annotation，一个注解，例如@Override
AnnotationType，Java的注解类型，例如java.lang.Override
AnnotationElement

代码示例

WebGoat v8.0.0

import java
from Annotation anno, AnnotationType annotp
where anno.getFile().toString() = "StartLesson" and
    anno.getType() = annotp
select annotp.getQualifiedName(), anno, anno.getValue("path")

匹配结果示例

查找缺失@Override标注的方法

查看被覆盖了，但是缺少@Override标注的方法
代码示例

import java
class OverrideAnnotation extends Annotation {
    OverrideAnnotation() {
        this.getType().hasQualifiedName("java.lang", "Override")
    }
}
from Method overriding, Method overridden
where overriding.overrides(overridden) and
    not overriding.getAnAnnotation() instanceof OverrideAnnotation
select overriding, "Method overrides another method, but does not have an @Override annotation."

查找调用了已废弃的方法

查找方法A，方法A调用了方法B，方法B被@Deprecated标注了
代码示例

import java
class DeprecatedAnnotation extends Annotation {
    DeprecatedAnnotation() {
        this.getType().hasQualifiedName("java.lang", "Deprecated")
    }
}
from Call call
where call.getCallee() instanceof DeprecatedMethod
    and not call.getCaller() instanceof DeprecatedMethod
select call, "This call invokes a deprecated method."

改进

除了@Deprecated以外，Java库提供了另一个注解来标注某个方法已经废弃了。
可以使用@SuppressWarnings(“deprecated”)来标注某个方法已经被废弃了

@SuppressWarnings("deprecated")
    void r() {
        m();
    }

代码改进示例
使用了强制类型转换+正则表达式匹配文本

class SuppressDeprecationWarningAnnotation extends Annotation{
    SuppressDeprecationWarningAnnotation(){
        this.getType().hasQualifiedName("java.lang", "SuppressWarnings") and
        this.getAValue().(StringLiteral).getLiteral().regexpMatch(".*deprecation.*");
    }
}

import java
// Insert the class definitions from above
from Call call
where call.getCallee() instanceof DeprecatedMethod
    and not call.getCaller() instanceof DeprecatedMethod
    and not call.getCaller().getAnAnnotation() instanceof SuppressDeprecationWarningAnnotation
select call, "This call invokes a deprecated method."