SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.4
Threshold is medium
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 151 |
33 |
0 |
0 |
org.forgerock.json.JsonPointer
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.json.JsonPointer at new org.forgerock.json.JsonPointer(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
58 |
Medium |
org.forgerock.json.JsonValue
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.JsonValue.clone() does not call super.clone() |
BAD_PRACTICE |
CN_IDIOM_NO_SUPER_CALL |
682-688 |
Medium |
| Possible null pointer dereference of value in org.forgerock.json.JsonValue.asMapOfList(Class) |
CORRECTNESS |
NP_NULL_ON_SOME_PATH |
618 |
Medium |
| org.forgerock.json.JsonValue.toString() makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
1267 |
Medium |
org.forgerock.json.JsonValueException
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.json.JsonValueException.getJsonValue() may expose internal representation by returning JsonValueException.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
112 |
Medium |
| new org.forgerock.json.JsonValueException(JsonValue) may expose internal representation by storing an externally mutable object into JsonValueException.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
39 |
Medium |
| new org.forgerock.json.JsonValueException(JsonValue, String) may expose internal representation by storing an externally mutable object into JsonValueException.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
| new org.forgerock.json.JsonValueException(JsonValue, String, Throwable) may expose internal representation by storing an externally mutable object into JsonValueException.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
82 |
Medium |
| new org.forgerock.json.JsonValueException(JsonValue, Throwable) may expose internal representation by storing an externally mutable object into JsonValueException.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
66 |
Medium |
org.forgerock.json.RangeSet
| Bug |
Category |
Details |
Line |
Priority |
| Class org.forgerock.json.RangeSet implements Cloneable but does not define or use clone method |
BAD_PRACTICE |
CN_IDIOM |
28-135 |
Medium |
| Exception thrown in class org.forgerock.json.RangeSet at new org.forgerock.json.RangeSet(int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
49 |
Medium |
org.forgerock.util.LazyList
| Bug |
Category |
Details |
Line |
Priority |
| Possible double-check on org.forgerock.util.LazyList.list in org.forgerock.util.LazyList.lazy() |
MT_CORRECTNESS |
DC_DOUBLECHECK |
62-64 |
Medium |
| Inconsistent synchronization of org.forgerock.util.LazyList.list; locked 40% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
62 |
Medium |
org.forgerock.util.LazyMap
| Bug |
Category |
Details |
Line |
Priority |
| Possible double-check on org.forgerock.util.LazyMap.map in org.forgerock.util.LazyMap.lazy() |
MT_CORRECTNESS |
DC_DOUBLECHECK |
63-65 |
Medium |
| Inconsistent synchronization of org.forgerock.util.LazyMap.map; locked 40% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
63 |
Medium |
org.forgerock.util.ListDecorator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.util.ListDecorator at new org.forgerock.util.ListDecorator(List) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
45 |
Medium |
| new org.forgerock.util.ListDecorator(List) may expose internal representation by storing an externally mutable object into ListDecorator.list |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
47 |
Medium |
org.forgerock.util.MapDecorator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.util.MapDecorator at new org.forgerock.util.MapDecorator(Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
| new org.forgerock.util.MapDecorator(Map) may expose internal representation by storing an externally mutable object into MapDecorator.map |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
50 |
Medium |
org.forgerock.util.Pair$ComparablePairComparator
org.forgerock.util.RangeSet
| Bug |
Category |
Details |
Line |
Priority |
| Class org.forgerock.util.RangeSet implements Cloneable but does not define or use clone method |
BAD_PRACTICE |
CN_IDIOM |
54-129 |
Medium |
| Exception thrown in class org.forgerock.util.RangeSet at new org.forgerock.util.RangeSet(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
54 |
Medium |
| Exception thrown in class org.forgerock.util.RangeSet at new org.forgerock.util.RangeSet(int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
65 |
Medium |
| Exception thrown in class org.forgerock.util.RangeSet at new org.forgerock.util.RangeSet(int, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
78 |
Medium |
org.forgerock.util.SignatureUtil
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.forgerock.util.SignatureUtil.sign(PrivateKey, String, String): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
74 |
High |
| Found reliance on default encoding in org.forgerock.util.SignatureUtil.verify(PublicKey, String, String, byte[]): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
129 |
High |
org.forgerock.util.SimpleHTTPClient
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.forgerock.util.SimpleHTTPClient at new org.forgerock.util.SimpleHTTPClient() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
50 |
Medium |
| Exception thrown in class org.forgerock.util.SimpleHTTPClient at new org.forgerock.util.SimpleHTTPClient(int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
62 |
Medium |
| Found reliance on default encoding in org.forgerock.util.SimpleHTTPClient.get(URL): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
96 |
High |
| Bad comparison of nonnegative value with 0 in org.forgerock.util.SimpleHTTPClient.get(URL) |
CORRECTNESS |
INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE |
82 |
Medium |
org.forgerock.util.thread.ExecutorServiceFactory
| Bug |
Category |
Details |
Line |
Priority |
| new org.forgerock.util.thread.ExecutorServiceFactory(ShutdownManager) may expose internal representation by storing an externally mutable object into ExecutorServiceFactory.shutdownManager |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
org.forgerock.util.thread.ExecutorServiceFactory$NamedThreadFactory
| Bug |
Category |
Details |
Line |
Priority |
| Should org.forgerock.util.thread.ExecutorServiceFactory$NamedThreadFactory be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
202-210 |
Medium |
org.forgerock.util.xml.XMLUtils
| Bug |
Category |
Details |
Line |
Priority |
| org.forgerock.util.xml.XMLUtils.getSafeSAXParser(boolean) might ignore java.lang.Exception |
BAD_PRACTICE |
DE_MIGHT_IGNORE |
122 |
High |
