Java code static analysis to find whether the code contains a HTTP call?

Question

I am working on a very complex java web project with about hundreds of developers and intend to improve the performance of this monolitic. What I am trying to do is find out whether some guy issue external HttpCall in the Filter/Interceptor as you konw , HttpCall may be very time consuming and is very error-prone and will block other normal requests.

I have thought serval solutions but don't know if that is practical:

1. Add a flag in the the Filter/Interceptor and use bytebuddy to retransform Socket implementation to log the stacktrace if an HttpCall happended in the Filter/Interceptor
2. Static code analysis. To travasal the AST using (may be ANTLR?) to find out if there are any HttpCalls from the Filter/Interceptor
3. Customize the findbugs plugin to do things above?

For method 1, I know how to do that but it may hurt the performance a little bit as it's at Runtime and we must intercept all the http requests and check if it's from the Filter/Interceptor.

To 2 and 3, I am not quite clear about how to do that and if that is practical.

Any help is appreciate!

Answer 1

As for Byte Buddy, this would be done using a Java agent. If you instrument all implementations of a given interface - for example of a known HTTP client, or Java's URLConnection, you could instrument these classes and record the stack from there.

There are multiple resources on the net that describe how a Java agent is implemented using Byte Buddy.

Answer 2

Are you only concerned about http? If you wanted to consider "net traffic as a whole", there is a chance for you. But probably not through the means you are thinking.

If you're working in Java, why not use the Security Manager facility, if you are able to forbid all network traffic.