Package com.google.errorprone.annotations

Annotation Type RestrictedApi

@Target({CONSTRUCTOR,METHOD}) public @interface RestrictedApi
Restrict this method to callsites with a allowlist annotation.

Callers that are not allowlisted will cause a configurable compiler diagnostic. Allowlisting can either allow the call outright, or make the compiler emit a warning when the API is called. Paths matching a regular expression, e.g. unit tests, can also be excluded.

The following example shows a hypothetical, potentially unsafe Foo.bar method. It is marked with the @RestrictedApi annotations such that callers annotated with @LegacyUnsafeFooBar raise a warning, whereas the @ReviewedFooBar annotation silently allows the call.

The @LegacyUnsafeFooBar annotation can be used to allow existing call sites until they are refactored, while prohibiting new call-sites. Call-sites determined to be acceptable, for example through code review, could be marked @ReviewedFooBar. 


 public @interface LegacyUnsafeFooBar{}

 public @interface ReviewedFooBar{
  public string reviewer();
  public string comments();
 }

 public class Foo {
   @RestrictedApi(
      explanation="You could shoot yourself in the foot with Foo.bar if you aren't careful",
      link="http://edsger.dijkstra/foo_bar_consider_harmful.html",
      allowedOnPath="testsuite/.*", // Unsafe behavior in tests is ok.
      allowlistAnnotations = {ReviewedFooBar.class},
      allowlistWithWarningAnnotations = {LegacyUnsafeFooBar.class})
   public void bar() {
      if (complicatedCondition) {
          shoot_your_foot();
      } else {
          solve_your_problem();
      }
   }
   boolean complicatedCondition = true;

   @ReviewedFooBar(
      reviewer="bangert",
      comments="Makes sure complicatedCondition isn't true, so bar is safe!"
   )
   public void safeBar() {
      if (!complicatedCondition) {
          bar();
      }
   }

   @LegacyUnsafeFooBar
   public void someOldCode() {
      // ...
      bar()
      // ...
   }
 }

  • Required Element Summary

    Required Elements
    Modifier and Type
    Required Element
    Description
    String
    explanation
    Explanation why the API is restricted, to be inserted into the compiler output.

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    String
    allowedOnPath
    Allow the restricted API on paths matching this regular expression.
    Class<? extends Annotation>[]
    allowlistAnnotations
    Allow calls to the restricted API in methods or classes with this annotation.
    Class<? extends Annotation>[]
    allowlistWithWarningAnnotations
    Emit warnings, not errors, on calls to the restricted API for callers with this annotation.
    String
    link
    Optional link explaining why the API is restricted.

  • Element Details

    • explanation

      String explanation
      Explanation why the API is restricted, to be inserted into the compiler output.

    • link

      String link
      Optional link explaining why the API is restricted.
      Default:
      ""

    • allowedOnPath

      String allowedOnPath
      Allow the restricted API on paths matching this regular expression.

      Leave empty (the default) to enforce the API restrictions on all paths.

      Default:
      ""

    • allowlistAnnotations

      Class<? extends Annotation>[] allowlistAnnotations
      Allow calls to the restricted API in methods or classes with this annotation.
      Default:
      {}

    • allowlistWithWarningAnnotations

      Class<? extends Annotation>[] allowlistWithWarningAnnotations
      Emit warnings, not errors, on calls to the restricted API for callers with this annotation.

      This should only be used if callers should aggressively move away from this API (or change to a allowlist annotation after review). Too many warnings will lead to ALL warnings being ignored, so tread very carefully.

      Default:
      {}