SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.4
Threshold is medium
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 125 |
19 |
0 |
0 |
org.forgerock.json.resource.AdviceContext
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.AdviceContext at new org.forgerock.json.resource.AdviceContext(JsonValue, ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
81 |
Medium |
| org.forgerock.json.resource.AdviceContext.getAdvices() may expose internal representation by returning AdviceContext.advice |
MALICIOUS_CODE |
EI_EXPOSE_REP |
91 |
Medium |
org.forgerock.json.resource.AnnotatedCollectionHandler
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.AnnotatedCollectionHandler at new org.forgerock.json.resource.AnnotatedCollectionHandler(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
org.forgerock.json.resource.AnnotatedRequestHandler
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.AnnotatedRequestHandler at new org.forgerock.json.resource.AnnotatedRequestHandler(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
org.forgerock.json.resource.AnnotatedSingletonHandler
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.AnnotatedSingletonHandler at new org.forgerock.json.resource.AnnotatedSingletonHandler(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
50 |
Medium |
org.forgerock.json.resource.AnnotationCollectionInstance
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.AnnotationCollectionInstance at new org.forgerock.json.resource.AnnotationCollectionInstance(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
org.forgerock.json.resource.CreateRequest
| Bug |
Category |
Details |
Line |
Priority |
| Unused public or protected field: org.forgerock.json.resource.CreateRequest.ACTION_ID_CREATE |
STYLE |
UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD |
Not available |
Medium |
org.forgerock.json.resource.DescribedSyncRequestHandlerAdapter
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.resource.DescribedSyncRequestHandlerAdapter at new org.forgerock.json.resource.DescribedSyncRequestHandlerAdapter(SynchronousRequestHandler) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
36 |
Medium |
org.forgerock.json.resource.FilterChain
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.resource.FilterChain.getFilters() may expose internal representation by returning FilterChain.filters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
213 |
Medium |
org.forgerock.json.resource.IdentifierQueryResourceHandler
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.resource.IdentifierQueryResourceHandler.getResourceResponse() may expose internal representation by returning IdentifierQueryResourceHandler.resourceResponse |
MALICIOUS_CODE |
EI_EXPOSE_REP |
61 |
Medium |
| org.forgerock.json.resource.IdentifierQueryResourceHandler.handleResource(ResourceResponse) may expose internal representation by storing an externally mutable object into IdentifierQueryResourceHandler.resourceResponse |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
40 |
Medium |
org.forgerock.json.resource.MemoryBackend$Cookie
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.forgerock.json.resource.MemoryBackend$Cookie.toBase64(): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
98 |
High |
| Found reliance on default encoding in org.forgerock.json.resource.MemoryBackend$Cookie.valueOf(String): new String(byte[]) |
I18N |
DM_DEFAULT_ENCODING |
72 |
High |
org.forgerock.json.resource.MemoryBackend$ResourceComparator
org.forgerock.json.resource.PatchOperation
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.resource.PatchOperation.getValue() may expose internal representation by returning PatchOperation.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
619 |
Medium |
| org.forgerock.json.resource.PatchOperation.toJsonValue() may expose internal representation by returning PatchOperation.json |
MALICIOUS_CODE |
EI_EXPOSE_REP |
702 |
Medium |
org.forgerock.json.resource.ResourceApiVersionRoutingFilter
| Bug |
Category |
Details |
Line |
Priority |
| The class name org.forgerock.json.resource.ResourceApiVersionRoutingFilter shadows the simple name of the superclass org.forgerock.http.routing.ResourceApiVersionRoutingFilter |
BAD_PRACTICE |
NM_SAME_SIMPLE_NAME_AS_SUPERCLASS |
38-127 |
High |
org.forgerock.json.resource.ResourceException
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.resource.ResourceException.getDetail() may expose internal representation by returning ResourceException.detail |
MALICIOUS_CODE |
EI_EXPOSE_REP |
530 |
Medium |
| Switch statement found in org.forgerock.json.resource.ResourceException.reason(int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
340-414 |
Medium |
