RUM-16478: `UnsafeThirdPartyFunctionCall` improvements by satween · Pull Request #3557 · DataDog/dd-sdk-android

satween · 2026-06-18T16:16:24Z

What does this PR do?

Adds generics support for the UnsafeThirdPartyFunctionCall detekt rule. * means any non-null type, ? means any nullable type.
Adds configuration self-checks: verifies that all records in each config are unique.
Adds configuration self-checks: prevents the same method from being added to controversial (safe and unsafe) configs at the same time.
UnsafeThirdPartyFunctionCall is now divided into three subclasses: CodeParser for Kotlin code parsing, and DetektConfigValidator and DetektConfigParser for YAML config parsing and validation.
detekt_custom_unsafe_calls.yml and detekt_custom_safe_calls.yml have been cleaned up according to the new rules.

Motivation

An approach to reduce time to green build for each ticket. Fewer retries means less time and lower resource consumption.

Review checklist (to be filled by reviewers)

Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
Make sure you discussed the feature or bugfix with the maintaining team in an Issue
Make sure each commit and the PR mention the Issue number (cf the CONTRIBUTING doc)

Adds wildcard support and overlap detection to the rule, and splits it into focused modules. Wildcards: YAML entries in knownSafeCalls/knownThrowingCalls now accept per-parameter wildcards — * (any non-nullable type) and ? (any nullable type). Valid only at generic parameter positions; misuse throws IllegalStateException. Overlap detection: Rejects entries that are both safe and throwing, and catches duplicate/overlapping patterns within each list. Removed 17 pre-existing duplicates plus two genuine conflicts (Thread.interrupt(), Array.first(Function1)). Config cleanup: Collapsed repeated generic-parameter entries to wildcards across safe-calls and detekt configs. Refactor: RulesParser (YAML parsing), CodeParser (call-expression extraction), WildcardPattern (matching + validation); the rule now keeps only visitor wiring and the safe/throwing/unknown decision.

codecov-commenter · 2026-06-18T16:41:12Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.39%. Comparing base (bc840ec) to head (af9aead).
⚠️ Report is 13 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3557      +/-   ##
===========================================
- Coverage    72.40%   72.39%   -0.01%     
===========================================
  Files          967      967              
  Lines        35717    35716       -1     
  Branches      5967     5967              
===========================================
- Hits         25858    25854       -4     
+ Misses        8200     8196       -4     
- Partials      1659     1666       +7

see 41 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

hamorillo

Looks good to me. Just leaving a question before approving.

hamorillo · 2026-06-19T11:21:45Z

-        reportUnsafeCall(expression, msg)
+        reportUnsafeCall(
+            expression = expression,
+            message = "Calling $call can throw the following exceptions: ${exceptions.joinToString()}."


nit: Maybe here we can report only the uncaught exceptions.

hamorillo · 2026-06-19T11:35:44Z

+        private val semanticUnsafeCalls = listOf(
+            "java.lang.Thread.interrupt():java.lang.SecurityException",
+            "kotlin.Array.first(kotlin.Function1):java.util.NoSuchElementException"
+        )


❓ What's the goal of this list? Why not to keep those in the unsafe_call.yml?

hamorillo · 2026-06-19T11:41:14Z

+    private val methodPart: String = source.substringBefore('(')
+    internal val overlapKey: OverlapKey = OverlapKey(methodPart, paramSlots.size)
+
+    /** True when this rule has no wildcard slots and can be matched with a plain map lookup. */


nit: I would say the comment is saying the opposite of what the value means.

satween added 2 commits June 16, 2026 17:39

RUM-16478: Improving performance

af9aead

satween requested review from a team as code owners June 18, 2026 16:16

hamorillo reviewed Jun 19, 2026

View reviewed changes

sbarrio requested a review from hamorillo June 19, 2026 12:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUM-16478: `UnsafeThirdPartyFunctionCall` improvements#3557

RUM-16478: `UnsafeThirdPartyFunctionCall` improvements#3557
satween wants to merge 2 commits into
developfrom
tvaleev/feature/RUM-16478

satween commented Jun 18, 2026

Uh oh!

codecov-commenter commented Jun 18, 2026

Uh oh!

hamorillo left a comment

Uh oh!

hamorillo Jun 19, 2026

Uh oh!

hamorillo Jun 19, 2026

Uh oh!

hamorillo Jun 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

satween commented Jun 18, 2026

What does this PR do?

Motivation

Review checklist (to be filled by reviewers)

Uh oh!

codecov-commenter commented Jun 18, 2026

Codecov Report

Uh oh!

hamorillo left a comment

Choose a reason for hiding this comment

Uh oh!

hamorillo Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

hamorillo Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

hamorillo Jun 19, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants