Implicit unpermitted operations should be sandboxed

[alisevych]

Description

Unpermitted operations can be called implicitly. Need to sandbox them too.

• in constructors of used classes
• in static blocks
• in private methods of other classes
• in separate threads
• ? probably, there are other cases to be added ?

To Reproduce

Steps to reproduce the behavior:

1. Open IntelliJ IDEA with installed UTBot plugin (with Security Manager turned on)
2. Open/create a project with JDK 8/11
3. Add the following class:

import java.io.File;
import java.io.IOException;

class A {
    A () throws IOException {
        File a = new File("a.txt");
        a.createNewFile();
    }
}

public class SecurityCheck {

    public int read(A a)  {
        return 10;
    }
}

4. Generate tests for the SecurityCheck.read method - with Mocking on

Expected behavior

Generated test is supposed to be disabled with sandbox-related comment.
No file must be created by user's code during test generation.

Actual behavior

Successful test is generated.
File "a.txt" is created during test generation.

Visual proofs (screenshots, logs, images)

    @Test
    @DisplayName("read: a = A() -> return 10")
    public void testReadReturns10() throws IOException {
        SecurityCheck securityCheck = new SecurityCheck();
        A a = new A();

        int actual = securityCheck.read(a);

        assertEquals(10, actual);
    }

Environment

IntelliJ IDEA 2022.1 - 2022.1.4
JDK 8/11

Additional context

Static blocks are being executed without sandbox either:

import java.io.File;

class A {
    static {
        new File("a.txt").renameTo(new File("b.txt"));
    }
}

public class AnotherCheck {

    public int read(A a)  {
        return 10;
    }

}