Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.4

Threshold is medium

Effort is max

Summary

Classes Bugs Errors Missing Classes
26 15 0 0

Files

Class Bugs
org.forgerock.audit.handlers.csv.CsvAuditEventHandler 3
org.forgerock.audit.handlers.csv.CsvAuditEventHandler$ParseJsonValue 2
org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration 4
org.forgerock.audit.handlers.csv.CsvSecureVerifier 2
org.forgerock.audit.handlers.csv.HmacCalculator 1
org.forgerock.audit.handlers.csv.SecureCsvWriter 1
org.forgerock.audit.handlers.csv.StandardCsvWriter 2

org.forgerock.audit.handlers.csv.CsvAuditEventHandler

Bug Category Details Line Priority
Exception thrown in class org.forgerock.audit.handlers.csv.CsvAuditEventHandler at new org.forgerock.audit.handlers.csv.CsvAuditEventHandler(CsvAuditEventHandlerConfiguration, EventTopicsMetaData, KeyStoreHandlerProvider) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 170 Medium
Found reliance on default encoding in org.forgerock.audit.handlers.csv.CsvAuditEventHandler.createCsvMapReader(File): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 351 High
new org.forgerock.audit.handlers.csv.CsvAuditEventHandler(CsvAuditEventHandlerConfiguration, EventTopicsMetaData, KeyStoreHandlerProvider) may expose internal representation by storing an externally mutable object into CsvAuditEventHandler.configuration MALICIOUS_CODE EI_EXPOSE_REP2 146 Medium

org.forgerock.audit.handlers.csv.CsvAuditEventHandler$ParseJsonValue

Bug Category Details Line Priority
new org.forgerock.audit.handlers.csv.CsvAuditEventHandler$ParseJsonValue(CsvAuditEventHandler) may expose internal representation by storing an externally mutable object into CsvAuditEventHandler$ParseJsonValue.this$0 MALICIOUS_CODE EI_EXPOSE_REP2 550 Medium
Should org.forgerock.audit.handlers.csv.CsvAuditEventHandler$ParseJsonValue be a _static_ inner class? PERFORMANCE SIC_INNER_SHOULD_BE_STATIC 550-572 Medium

org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration

Bug Category Details Line Priority
org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration.getBuffering() may expose internal representation by returning CsvAuditEventHandlerConfiguration.buffering MALICIOUS_CODE EI_EXPOSE_REP 133 Medium
org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration.getFormatting() may expose internal representation by returning CsvAuditEventHandlerConfiguration.formatting MALICIOUS_CODE EI_EXPOSE_REP 95 Medium
org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration.getSecurity() may expose internal representation by returning CsvAuditEventHandlerConfiguration.security MALICIOUS_CODE EI_EXPOSE_REP 114 Medium
org.forgerock.audit.handlers.csv.CsvAuditEventHandlerConfiguration.setBufferingConfiguration(CsvAuditEventHandlerConfiguration$EventBufferingConfiguration) may expose internal representation by storing an externally mutable object into CsvAuditEventHandlerConfiguration.buffering MALICIOUS_CODE EI_EXPOSE_REP2 143 Medium

org.forgerock.audit.handlers.csv.CsvSecureVerifier

Bug Category Details Line Priority
Exception thrown in class org.forgerock.audit.handlers.csv.CsvSecureVerifier at new org.forgerock.audit.handlers.csv.CsvSecureVerifier(File, CsvPreference, SecureStorage) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 74 Medium
Found reliance on default encoding in org.forgerock.audit.handlers.csv.CsvSecureVerifier.newBufferedCsvMapReader(): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 164 High

org.forgerock.audit.handlers.csv.HmacCalculator

Bug Category Details Line Priority
Exception thrown in class org.forgerock.audit.handlers.csv.HmacCalculator at new org.forgerock.audit.handlers.csv.HmacCalculator(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 47 Medium

org.forgerock.audit.handlers.csv.SecureCsvWriter

Bug Category Details Line Priority
Exception thrown in class org.forgerock.audit.handlers.csv.SecureCsvWriter at new org.forgerock.audit.handlers.csv.SecureCsvWriter(File, String[], CsvPreference, CsvAuditEventHandlerConfiguration, KeyStoreHandler, Random) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 103 Medium

org.forgerock.audit.handlers.csv.StandardCsvWriter

Bug Category Details Line Priority
Exception thrown in class org.forgerock.audit.handlers.csv.StandardCsvWriter at new org.forgerock.audit.handlers.csv.StandardCsvWriter(File, String[], CsvPreference, CsvAuditEventHandlerConfiguration) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 72 Medium
Found reliance on default encoding in new org.forgerock.audit.handlers.csv.StandardCsvWriter(File, String[], CsvPreference, CsvAuditEventHandlerConfiguration): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 57 High