Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.4

Threshold is medium

Effort is max

Summary

Classes Bugs Errors Missing Classes
49 8 0 0

Files

Class Bugs
org.forgerock.selfservice.core.StageResponse 1
org.forgerock.selfservice.core.StageResponse$Builder 1
org.forgerock.selfservice.core.config.ProcessInstanceConfig 1
org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl 3
org.forgerock.selfservice.core.util.RequirementsBuilder 2

org.forgerock.selfservice.core.StageResponse

Bug Category Details Line Priority
org.forgerock.selfservice.core.StageResponse.getRequirements() may expose internal representation by returning StageResponse.requirements MALICIOUS_CODE EI_EXPOSE_REP 67 Medium

org.forgerock.selfservice.core.StageResponse$Builder

Bug Category Details Line Priority
org.forgerock.selfservice.core.StageResponse$Builder.setRequirements(JsonValue) may expose internal representation by storing an externally mutable object into StageResponse$Builder.requirements MALICIOUS_CODE EI_EXPOSE_REP2 126 Medium

org.forgerock.selfservice.core.config.ProcessInstanceConfig

Bug Category Details Line Priority
org.forgerock.selfservice.core.config.ProcessInstanceConfig.getStageConfigs() may expose internal representation by returning ProcessInstanceConfig.stageConfigs MALICIOUS_CODE EI_EXPOSE_REP 62 Medium

org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl

Bug Category Details Line Priority
Exception thrown in class org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl at new org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl(int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 72 Medium
Found reliance on default encoding in org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl.fieldMatches(String, String): String.getBytes() I18N DM_DEFAULT_ENCODING 139 High
Found reliance on default encoding in org.forgerock.selfservice.core.crypto.FieldStorageSchemeImpl.hashField(String): String.getBytes() I18N DM_DEFAULT_ENCODING 84 High

org.forgerock.selfservice.core.util.RequirementsBuilder

Bug Category Details Line Priority
org.forgerock.selfservice.core.util.RequirementsBuilder.build() may expose internal representation by returning RequirementsBuilder.jsonValue MALICIOUS_CODE EI_EXPOSE_REP 224 Medium
Switch statement found in new org.forgerock.selfservice.core.util.RequirementsBuilder(RequirementsBuilder$BuilderType, String) where one case falls through to the next case STYLE SF_SWITCH_FALLTHROUGH 57-59 Medium