Linter: Java class blacklist

[vemv]

Context

There are historical Java classes which are thread-unsafe, and/or have been superseded.

Those classes should be avoided in regular code. At most one could wrap them in a library, so the gotchas are abstracted away.

Task

Create a linter that analyzes :imports (or even a whole namespace - imports aren't mandatory) finding references to a class blacklist: SimpleDateFormat, URL, GregorianCalendar, DecimalFormat, and etc (research).

Acceptance criteria

• Analyzes :imports with different syntaxes
  • Or better: Uses ns-publics or such to query the currently imported clases
• Analyzes whole namespaces (each defn, etc), including metadata
  • This is necesary (even if querying ns-publics) since code can refer to classes that were not :imported
• The blacklist should be configurable
• .cljs files are excluded

Additional resources

https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/net/URL.html#equals(java.lang.Object)

https://www.callicoder.com/java-simpledateformat-thread-safety-issues/

[vemv]

Semi-related, (def foo (java.text.Collator/getInstance)) is correct but potentially slow in a threaded context because it's a synchronized class. It's better but in a defn.

http://hg.openjdk.java.net/jdk7/jdk7/jdk/file/00cd9dc3c2b5/src/share/classes/java/text/Collator.java