feat: differentiate core and plugin classes by ClassLoader to avoid shadowing

改用 StackWalker(RETAIN_CLASS_REFERENCE) 在判定时获取栈帧真实 Class 的 ClassLoader，仅 PluginClassLoader 加载的类才可能判为可疑；伪造官方包名的插件被拦截，官方同名类不再被连坐。编译目标升至 Java 11。
2026-06-09 15:01:43 +08:00
parent 234d75601f
commit 1c218010fe
2 changed files with 34 additions and 19 deletions
--- a/pom.xml
+++ b/pom.xml
@@ -6,11 +6,11 @@

    <groupId>com.novitechie</groupId>
    <artifactId>plugin-privacy</artifactId>
-    <version>1.1.0</version>
+    <version>1.2.0</version>

    <properties>
-        <maven.compiler.source>8</maven.compiler.source>
-        <maven.compiler.target>8</maven.compiler.target>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>
    <build>
@@ -20,8 +20,8 @@
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.7.0</version>
                <configuration>
-                    <source>8</source>
-                    <target>8</target>
+                    <source>11</source>
+                    <target>11</target>
                    <encoding>UTF-8</encoding>
                    <compilerArgument>-XDignore.symbol.file</compilerArgument>
                    <fork>true</fork>
@@ -65,7 +65,13 @@
            <artifactId>ja-netfilter</artifactId>
            <version>2025.3.0</version>
            <scope>provided</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.sun</groupId>
+                    <artifactId>tools</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
    </dependencies>

-</project>
+</project>
--- a/src/main/java/com/novitechie/rules/StackTraceRule.java
+++ b/src/main/java/com/novitechie/rules/StackTraceRule.java
@@ -12,6 +12,9 @@ import java.util.regex.Pattern;
 public class StackTraceRule {

    private static final Pattern PACKAGE_NAME_PATTERN = Pattern.compile("\\A\\p{ASCII}*\\z");
+    private static final String PLUGIN_CLASS_LOADER_NAME = "com.intellij.ide.plugins.cl.PluginClassLoader";
+    private static final StackWalker WALKER = StackWalker.getInstance(StackWalker.Option.RETAIN_CLASS_REFERENCE);
+
    private static List<FilterRule> traceCheckPackageRules = Collections.emptyList();

    public static void initRules(List<FilterRule> traceCheckPackageRules) {
@@ -21,24 +24,30 @@ public class StackTraceRule {
    }

    public static boolean check() {
-        StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
-        for (StackTraceElement stackTraceElement : stackTrace) {
-            if (isSuspiciousFrame(stackTraceElement)) {
-                return true;
-            }
+        return WALKER.walk(frames -> frames.anyMatch(StackTraceRule::isSuspiciousFrame));
+    }
+
+    static boolean isSuspiciousFrame(StackWalker.StackFrame frame) {
+        Class<?> declaringClass = frame.getDeclaringClass();
+        return isSuspicious(frame.getMethodName(), declaringClass.getName(), declaringClass.getClassLoader());
+    }
+
+    static boolean isSuspicious(String methodName, String className, ClassLoader classLoader) {
+        if (!PACKAGE_NAME_PATTERN.matcher(methodName).matches()) {
+            return true;
+        }
+        if (methodName.length() <= 1 && checkTracePackage(className) && isLoadedByPluginClassLoader(classLoader)) {
+            return true;
        }
        return false;
    }

-    static boolean isSuspiciousFrame(StackTraceElement stackTraceElement) {
-        String methodName = stackTraceElement.getMethodName();
-        if (!PACKAGE_NAME_PATTERN.matcher(methodName).matches()) {
-            return true;
+    static boolean isLoadedByPluginClassLoader(ClassLoader classLoader) {
+        if (classLoader == null) {
+            return false;
        }
-        if (methodName.length() <= 1) {
-            String className = stackTraceElement.getClassName();
-            if (checkTracePackage(className)) {
-                // DebugInfo.info("short method frame, className: " + className + ", methodName: " + methodName);
+        for (Class<?> type = classLoader.getClass(); type != null; type = type.getSuperclass()) {
+            if (PLUGIN_CLASS_LOADER_NAME.equals(type.getName())) {
                return true;
            }
        }