Require package-qualified enum types for trusted valueOf widen

Reject import-style polymorphic candidates when deciding whether an ambiguous valueOf widen is machine-scoped and safe to link.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
2026-07-14 06:06:02 +02:00
parent cef9dd1f9a
commit bd9136a45c
2 changed files with 14 additions and 1 deletions

View File

@@ -61,7 +61,8 @@ public final class CallChainLinkPolicy {
return false;
}
String enumType = pe.substring(0, pe.lastIndexOf('.'));
if (!MachineEnumCanonicalizer.enumTypesMatch(eventTypeFqn, enumType)) {
if (!enumType.contains(".")
|| !MachineEnumCanonicalizer.enumTypesMatch(eventTypeFqn, enumType)) {
return false;
}
}

View File

@@ -59,4 +59,16 @@ class CallChainLinkPolicyTest {
assertThat(CallChainLinkPolicy.isTrustedEnumPolymorphicWiden(trigger)).isTrue();
assertThat(CallChainLinkPolicy.shouldFailClosedOnAmbiguousCallGraphWiden(trigger)).isFalse();
}
@Test
void shouldNotTrustImportStylePolymorphicWidenWithoutPackage() {
TriggerPoint trigger = TriggerPoint.builder()
.ambiguous(true)
.event("OrderEvent.valueOf(eventStr)")
.polymorphicEvents(List.of("OrderEvent.PAY", "OrderEvent.SHIP"))
.build();
assertThat(CallChainLinkPolicy.isTrustedEnumPolymorphicWiden(trigger)).isFalse();
assertThat(CallChainLinkPolicy.shouldFailClosedOnAmbiguousCallGraphWiden(trigger)).isTrue();
}
}