SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.4
Threshold is medium
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 182 |
60 |
0 |
0 |
org.forgerock.http.header.ConnectionHeader
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.ConnectionHeader.getTokens() may expose internal representation by returning ConnectionHeader.tokens |
MALICIOUS_CODE |
EI_EXPOSE_REP |
90 |
Medium |
| org.forgerock.http.header.ConnectionHeader.getValues() may expose internal representation by returning ConnectionHeader.tokens |
MALICIOUS_CODE |
EI_EXPOSE_REP |
95 |
Medium |
| new org.forgerock.http.header.ConnectionHeader(List) may expose internal representation by storing an externally mutable object into ConnectionHeader.tokens |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
76 |
Medium |
org.forgerock.http.header.ContentEncodingHeader
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.ContentEncodingHeader.getCodings() may expose internal representation by returning ContentEncodingHeader.codings |
MALICIOUS_CODE |
EI_EXPOSE_REP |
117 |
Medium |
| new org.forgerock.http.header.ContentEncodingHeader(List) may expose internal representation by storing an externally mutable object into ContentEncodingHeader.codings |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
61 |
Medium |
org.forgerock.http.header.ContentTypeHeader
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.ContentTypeHeader.getAdditionalParameters() may expose internal representation by returning ContentTypeHeader.additionalParameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
169 |
Medium |
| org.forgerock.http.header.ContentTypeHeader.getValues() makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
192 |
Medium |
org.forgerock.http.header.CookieHeader
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.CookieHeader.getCookies() may expose internal representation by returning CookieHeader.cookies |
MALICIOUS_CODE |
EI_EXPOSE_REP |
147 |
Medium |
| new org.forgerock.http.header.CookieHeader(List) may expose internal representation by storing an externally mutable object into CookieHeader.cookies |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
138 |
Medium |
org.forgerock.http.header.HeaderFactory$2
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.http.header.HeaderFactory$2 at new org.forgerock.http.header.HeaderFactory$2(Comparator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
63 |
Medium |
org.forgerock.http.header.SetCookieHeader
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.SetCookieHeader.getCookies() may expose internal representation by returning SetCookieHeader.cookies |
MALICIOUS_CODE |
EI_EXPOSE_REP |
157 |
Medium |
| org.forgerock.http.header.SetCookieHeader.getValues() may expose internal representation by returning SetCookieHeader.values |
MALICIOUS_CODE |
EI_EXPOSE_REP |
148 |
Medium |
| new org.forgerock.http.header.SetCookieHeader(List) may expose internal representation by storing an externally mutable object into SetCookieHeader.cookies |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
130 |
Medium |
org.forgerock.http.header.Warning
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.header.Warning.getDate() may expose internal representation by returning Warning.date |
MALICIOUS_CODE |
EI_EXPOSE_REP |
106 |
Medium |
| new org.forgerock.http.header.Warning(int, String, String, Date) may expose internal representation by storing an externally mutable object into Warning.date |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
70 |
Medium |
org.forgerock.http.io.BranchingStreamWrapper
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.io.BranchingStreamWrapper.finalize() is public; should be protected |
MALICIOUS_CODE |
FI_PUBLIC_SHOULD_BE_PROTECTED |
198-203 |
Medium |
| Synchronization on BranchingStreamWrapper.trunk in futile attempt to guard it |
MT_CORRECTNESS |
ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD |
172 |
Medium |
| new org.forgerock.http.io.BranchingStreamWrapper(InputStream, Factory) synchronizes on updated field BranchingStreamWrapper.trunk |
MT_CORRECTNESS |
ML_SYNC_ON_UPDATED_FIELD |
51 |
Medium |
| new org.forgerock.http.io.BranchingStreamWrapper(BranchingStreamWrapper) synchronizes on updated field BranchingStreamWrapper.trunk |
MT_CORRECTNESS |
ML_SYNC_ON_UPDATED_FIELD |
64 |
Medium |
org.forgerock.http.io.BranchingStreamWrapper$Trunk
| Bug |
Category |
Details |
Line |
Priority |
| Should org.forgerock.http.io.BranchingStreamWrapper$Trunk be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
269-286 |
Medium |
org.forgerock.http.io.ByteArrayBranchingStream
| Bug |
Category |
Details |
Line |
Priority |
| Inconsistent synchronization of org.forgerock.http.io.ByteArrayBranchingStream.mark; locked 66% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
106 |
Medium |
| Inconsistent synchronization of org.forgerock.http.io.ByteArrayBranchingStream.position; locked 72% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
106 |
Medium |
org.forgerock.http.io.FileBuffer
org.forgerock.http.io.IO
| Bug |
Category |
Details |
Line |
Priority |
| Public static org.forgerock.http.io.IO.nullOutputStream() may expose internal representation by returning IO.NULL_OUTPUT_STREAM |
MALICIOUS_CODE |
MS_EXPOSE_REP |
257 |
Medium |
org.forgerock.http.io.MemoryBuffer
org.forgerock.http.io.PipeBufferedStream
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.io.PipeBufferedStream.getIn() may expose internal representation by returning PipeBufferedStream.outputStream |
MALICIOUS_CODE |
EI_EXPOSE_REP |
67 |
Medium |
org.forgerock.http.io.TemporaryBuffer
| Bug |
Category |
Details |
Line |
Priority |
| Exceptional return value of java.io.File.delete() ignored in org.forgerock.http.io.TemporaryBuffer.close() |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
100 |
Medium |
org.forgerock.http.protocol.Cookie
| Bug |
Category |
Details |
Line |
Priority |
| Boxed value is unboxed and then immediately reboxed in org.forgerock.http.protocol.Cookie.isHttpOnly() |
PERFORMANCE |
BX_UNBOXING_IMMEDIATELY_REBOXED |
172 |
Medium |
| Boxed value is unboxed and then immediately reboxed in org.forgerock.http.protocol.Cookie.isSecure() |
PERFORMANCE |
BX_UNBOXING_IMMEDIATELY_REBOXED |
221 |
Medium |
| org.forgerock.http.protocol.Cookie.getExpires() may expose internal representation by returning Cookie.expires |
MALICIOUS_CODE |
EI_EXPOSE_REP |
161 |
Medium |
| org.forgerock.http.protocol.Cookie.getPort() may expose internal representation by returning Cookie.port |
MALICIOUS_CODE |
EI_EXPOSE_REP |
210 |
Medium |
| org.forgerock.http.protocol.Cookie.setExpires(Date) may expose internal representation by storing an externally mutable object into Cookie.expires |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
324 |
Medium |
org.forgerock.http.protocol.Form
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.protocol.Form.toFormString() makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
122 |
Medium |
| org.forgerock.http.protocol.Form.toQueryString() makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
146 |
Medium |
org.forgerock.http.protocol.Headers
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.http.protocol.Headers at new org.forgerock.http.protocol.Headers(Headers) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
53 |
Medium |
| org.forgerock.http.protocol.Headers.asMapOfHeaders() may expose internal representation by returning Headers.headers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
361 |
Medium |
org.forgerock.http.protocol.MessageImpl
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.protocol.MessageImpl.getEntity() may expose internal representation by returning MessageImpl.entity |
MALICIOUS_CODE |
EI_EXPOSE_REP |
64 |
Medium |
| org.forgerock.http.protocol.MessageImpl.getHeaders() may expose internal representation by returning MessageImpl.headers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
69 |
Medium |
org.forgerock.http.protocol.Request
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.protocol.Request.getCookies() may expose internal representation by returning Request.cookies |
MALICIOUS_CODE |
EI_EXPOSE_REP |
68 |
Medium |
| org.forgerock.http.protocol.Request.getUri() may expose internal representation by returning Request.uri |
MALICIOUS_CODE |
EI_EXPOSE_REP |
105 |
Medium |
org.forgerock.http.protocol.RequestCookies
| Bug |
Category |
Details |
Line |
Priority |
| new org.forgerock.http.protocol.RequestCookies(Request) may expose internal representation by storing an externally mutable object into RequestCookies.request |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
49 |
Medium |
org.forgerock.http.protocol.Response
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.protocol.Response.getCause() may expose internal representation by returning Response.cause |
MALICIOUS_CODE |
EI_EXPOSE_REP |
108 |
Medium |
| org.forgerock.http.protocol.Response.setCause(Exception) may expose internal representation by storing an externally mutable object into Response.cause |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
122 |
Medium |
org.forgerock.http.protocol.ResponseException
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.protocol.ResponseException.getResponse() may expose internal representation by returning ResponseException.response |
MALICIOUS_CODE |
EI_EXPOSE_REP |
127 |
Medium |
org.forgerock.http.routing.ResourceApiVersionRoutingFilter
| Bug |
Category |
Details |
Line |
Priority |
| new org.forgerock.http.routing.ResourceApiVersionRoutingFilter(ResourceApiVersionBehaviourManager) may expose internal representation by storing an externally mutable object into ResourceApiVersionRoutingFilter.behaviourManager |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
52 |
Medium |
org.forgerock.http.swagger.SwaggerApiProducer
| Bug |
Category |
Details |
Line |
Priority |
| new org.forgerock.http.swagger.SwaggerApiProducer(Info, String, String, List) may expose internal representation by storing an externally mutable object into SwaggerApiProducer.info |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
88 |
Medium |
org.forgerock.http.swagger.SwaggerExtended
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.swagger.SwaggerExtended.getPaths() may expose internal representation by returning io.swagger.models.Swagger.paths |
MALICIOUS_CODE |
EI_EXPOSE_REP |
34 |
Medium |
org.forgerock.http.util.CaseInsensitiveMap
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.util.CaseInsensitiveMap doesn't override org.forgerock.util.MapDecorator.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
| org.forgerock.http.util.CaseInsensitiveMap.putAll(Map) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
107 |
Medium |
org.forgerock.http.util.CaseInsensitiveSet
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.util.CaseInsensitiveSet doesn't override SetDecorator.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
org.forgerock.http.util.MultiValueMap
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.http.util.MultiValueMap.addAll(Map) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
96 |
Medium |
| org.forgerock.http.util.MultiValueMap.addAll(MultiValueMap) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
85 |
Medium |
org.forgerock.http.util.SetDecorator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.http.util.SetDecorator at new org.forgerock.http.util.SetDecorator(Set) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
45 |
Medium |
| new org.forgerock.http.util.SetDecorator(Set) may expose internal representation by storing an externally mutable object into SetDecorator.set |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
47 |
Medium |
org.forgerock.services.context.AbstractContext
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.services.context.AbstractContext at new org.forgerock.services.context.AbstractContext(JsonValue, ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
130 |
Medium |
org.forgerock.services.context.AttributesContext
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.services.context.AttributesContext.getAttributes() may expose internal representation by returning AttributesContext.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
75 |
Medium |
org.forgerock.services.context.ClientContext
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.services.context.ClientContext.getCertificates() may expose internal representation by returning ClientContext.certificates |
MALICIOUS_CODE |
EI_EXPOSE_REP |
328 |
Medium |
org.forgerock.services.context.ClientContext$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.services.context.ClientContext$Builder.certificates(List) may expose internal representation by storing an externally mutable object into ClientContext$Builder.certificates |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
140 |
Medium |
org.forgerock.services.routing.AbstractRouter
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.services.routing.AbstractRouter.api(ApiProducer) may expose internal representation by storing an externally mutable object into AbstractRouter.apiProducer |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
289 |
Medium |
| Inconsistent synchronization of org.forgerock.services.routing.AbstractRouter.apiProducer; locked 40% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
340 |
Medium |
