Project: ActiveMQ :: Generic JMS Pool
SpotBugs version: 4.8.3
Code analyzed:
1313 lines of code analyzed, in 26 classes, in 1 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 0.00 | |
Medium Priority Warnings | 24 | 18.28 |
Total Warnings | 24 | 18.28 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 2 |
Malicious code vulnerability Warnings | 15 |
Multithreaded correctness Warnings | 7 |
Total | 24 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
CT | Exception thrown in class org.apache.activemq.jms.pool.PooledProducer at new org.apache.activemq.jms.pool.PooledProducer(MessageProducer, Destination) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
Se | Class org.apache.activemq.jms.pool.XaPooledConnectionFactory defines non-transient non-serializable instance field transactionManager |
Code | Warning |
---|---|
EI | org.apache.activemq.jms.pool.ConnectionPool.getConnection() may expose internal representation by returning ConnectionPool.connection |
EI | org.apache.activemq.jms.pool.GenericResourceManager.getTransactionManager() may expose internal representation by returning GenericResourceManager.transactionManager |
EI | org.apache.activemq.jms.pool.SessionHolder.getOrCreateProducer() may expose internal representation by returning SessionHolder.producer |
EI | org.apache.activemq.jms.pool.SessionHolder.getSession() may expose internal representation by returning SessionHolder.session |
EI | org.apache.activemq.jms.pool.XaPooledConnectionFactory.getTransactionManager() may expose internal representation by returning XaPooledConnectionFactory.transactionManager |
EI2 | org.apache.activemq.jms.pool.GenericResourceManager.setTransactionManager(TransactionManager) may expose internal representation by storing an externally mutable object into GenericResourceManager.transactionManager |
EI2 | new org.apache.activemq.jms.pool.GenericResourceManager$ConnectionAndWrapperNamedXAResource(XAResource, String, Connection) may expose internal representation by storing an externally mutable object into GenericResourceManager$ConnectionAndWrapperNamedXAResource.connection |
EI2 | new org.apache.activemq.jms.pool.PooledConnection(ConnectionPool) may expose internal representation by storing an externally mutable object into PooledConnection.pool |
EI2 | new org.apache.activemq.jms.pool.PooledMessageConsumer(PooledSession, MessageConsumer) may expose internal representation by storing an externally mutable object into PooledMessageConsumer.delegate |
EI2 | new org.apache.activemq.jms.pool.PooledMessageConsumer(PooledSession, MessageConsumer) may expose internal representation by storing an externally mutable object into PooledMessageConsumer.session |
EI2 | new org.apache.activemq.jms.pool.PooledProducer(MessageProducer, Destination) may expose internal representation by storing an externally mutable object into PooledProducer.messageProducer |
EI2 | new org.apache.activemq.jms.pool.PooledSession(SessionKey, SessionHolder, KeyedObjectPool, boolean, boolean) may expose internal representation by storing an externally mutable object into PooledSession.sessionPool |
EI2 | new org.apache.activemq.jms.pool.SessionHolder(Session) may expose internal representation by storing an externally mutable object into SessionHolder.session |
EI2 | new org.apache.activemq.jms.pool.XaConnectionPool(Connection, TransactionManager) may expose internal representation by storing an externally mutable object into XaConnectionPool.transactionManager |
EI2 | org.apache.activemq.jms.pool.XaPooledConnectionFactory.setTransactionManager(TransactionManager) may expose internal representation by storing an externally mutable object into XaPooledConnectionFactory.transactionManager |
Code | Warning |
---|---|
DC | Possible double-check on org.apache.activemq.jms.pool.SessionHolder.producer in org.apache.activemq.jms.pool.SessionHolder.getOrCreateProducer() |
DC | Possible double-check on org.apache.activemq.jms.pool.SessionHolder.publisher in org.apache.activemq.jms.pool.SessionHolder.getOrCreatePublisher() |
DC | Possible double-check on org.apache.activemq.jms.pool.SessionHolder.sender in org.apache.activemq.jms.pool.SessionHolder.getOrCreateSender() |
IS | Inconsistent synchronization of org.apache.activemq.jms.pool.ConnectionPool.hasExpired; locked 75% of time |
IS | Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.producer; locked 40% of time |
IS | Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.publisher; locked 40% of time |
IS | Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.sender; locked 40% of time |
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks
A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.
See SEI CERT Rule OBJ-11
for more information.
This method may contain an instance of double-checked locking. This idiom is not correct according to the semantics of the Java memory model. For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.
You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.
Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or java.lang.Object
, and does not appear to implement
the Externalizable
interface or the
readObject()
and writeObject()
methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.