forbidden apis does not detect signature polymorphic methods

[rmuir]

I want to ban MethodHandle.invoke() for some reasons (e.g. its lenient in tests, slow in production, but has a too easy sounding name). If someone wants to do the same thing, they can be explicit they want that.

But forbidden apis never detects violations, because they won't match a "wildcard" signature for these methods (since any parameters can be pushed on stack as-is). Instead it ignores all uses of this method.

A method is signature polymorphic if all of the following are true:
    It is declared in the java.lang.invoke.MethodHandle class.
    It takes a single variable arity parameter (§8.4.1) whose declared type is Object[].
    It has a return type of Object.
    It is native.

[uschindler]

This is similar to the problems with bridge methods. There are 2 possibilities:

• Allow just method names like field names with wildcards. But this is still not easy to solve, because the current algorithm checks the whole signature (always) and just collects all possible signatures beforehand while parsing the signatures file. The lookup is done by a map, so needs more refactoring. See also: Add support for glob pattern combined with methods/fields #88
• It might be better to detect those polymorphic signatures directly. I can check for the polymorpic annotation somehow.

I will look into both options. I am about to release 2.2, so this would be a good opportunity.

[uschindler]

I opened PR #106 using the second approach. All informative description is there.

[uschindler]

I committed the PR.