Project: ActiveMQ :: Partition Management
SpotBugs version: 4.8.3
Code analyzed:
418 lines of code analyzed, in 11 classes, in 2 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 0.00 | |
Medium Priority Warnings | 12 | 28.71 |
Total Warnings | 12 | 28.71 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 7 |
Correctness Warnings | 1 |
Malicious code vulnerability Warnings | 3 |
Multithreaded correctness Warnings | 1 |
Total | 12 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.brokers is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.byClientId is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.byQueue is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.bySourceIp is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.byTopic is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Partitioning.byUserName is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
PA | Primitive field org.apache.activemq.partition.dto.Target.ids is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
Code | Warning |
---|---|
RV | Return value of java.util.concurrent.CountDownLatch.await(long, TimeUnit) ignored in org.apache.activemq.partition.ZooKeeperPartitionBroker.start() |
Code | Warning |
---|---|
EI | org.apache.activemq.partition.PartitionBrokerPlugin.getConfig() may expose internal representation by returning PartitionBrokerPlugin.config |
EI2 | new org.apache.activemq.partition.PartitionBroker(Broker, PartitionBrokerPlugin) may expose internal representation by storing an externally mutable object into PartitionBroker.plugin |
EI2 | org.apache.activemq.partition.PartitionBrokerPlugin.setConfig(Partitioning) may expose internal representation by storing an externally mutable object into PartitionBrokerPlugin.config |
Code | Warning |
---|---|
NN | Naked notify in org.apache.activemq.partition.PartitionBroker.monitorWakeup() |
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
A call to notify()
or notifyAll()
was made without any (apparent) accompanying
modification to mutable object state. In general, calling a notify
method on a monitor is done because some condition another thread is
waiting for has become true. However, for the condition to be meaningful,
it must involve a heap object that is visible to both threads.
This bug does not necessarily indicate an error, since the change to mutable object state may have taken place in a method which then called the method containing the notification.
SEI CERT rule OBJ01-J requires that accessibility to fields must be limited. Otherwise, the values of the fields may be manipulated from outside the class, which may be unexpected or undesired behaviour. In general, requiring that no fields are allowed to be public is overkill and unrealistic. Even the rule mentions that final fields may be public. Besides final fields, there may be other usages for public fields: some public fields may serve as "flags" that affect the behavior of the class. Such flag fields are expected to be read by the current instance (or the current class, in case of static fields), but written by others. If a field is both written by the methods of the current instance (or the current class, in case of static fields) and from the outside, the code is suspicious. Consider making these fields private and provide appropriate setters, if necessary. Please note that constructors, initializers and finalizers are exceptions, if only they write the field inside the class, the field is not considered as written by the class itself.
The return value of this method should be checked. One common cause of this warning is to invoke a method on an immutable object, thinking that it updates the object. For example, in the following code fragment,
String dateString = getHeaderField(name);
dateString.trim();
the programmer seems to be thinking that the trim() method will update the String referenced by dateString. But since Strings are immutable, the trim() function returns a new String value, which is being ignored here. The code should be corrected to:
String dateString = getHeaderField(name);
dateString = dateString.trim();