Project: ActiveMQ :: JUnit Rule
SpotBugs version: 4.8.3
Code analyzed:
986 lines of code analyzed, in 18 classes, in 1 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 2 | 2.03 |
Medium Priority Warnings | 5 | 5.07 |
Total Warnings | 7 | 7.10 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 2 |
Internationalization Warnings | 1 |
Malicious code vulnerability Warnings | 2 |
Dodgy code Warnings | 2 |
Total | 7 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
CT | Exception thrown in class org.apache.activemq.junit.EmbeddedActiveMQBroker at new org.apache.activemq.junit.EmbeddedActiveMQBroker(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.junit.EmbeddedActiveMQBroker at new org.apache.activemq.junit.EmbeddedActiveMQBroker(URI) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
Code | Warning |
---|---|
Dm | Found reliance on default encoding in org.apache.activemq.junit.EmbeddedActiveMQBroker.createMessage(byte[], Map): new String(byte[]) |
Code | Warning |
---|---|
EI | org.apache.activemq.junit.EmbeddedActiveMQBroker.getBrokerService() may expose internal representation by returning EmbeddedActiveMQBroker.brokerService |
EI2 | new org.apache.activemq.junit.AbstractActiveMQClientResource(ActiveMQConnectionFactory) may expose internal representation by storing an externally mutable object into AbstractActiveMQClientResource.connectionFactory |
Code | Warning |
---|---|
DCN | Do not catch NullPointerException like in org.apache.activemq.junit.ActiveMQTestRunner.withPotentialTimeout(FrameworkMethod, Object, Statement) |
UC | Useless condition: it's known that this.untilFailure == false at this point |
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks
A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.
See SEI CERT Rule OBJ-11
for more information.
According to SEI Cert rule ERR08-J NullPointerException should not be caught. Handling NullPointerException is considered an inferior alternative to null-checking.
This non-compliant code catches a NullPointerException to see if an incoming parameter is null:
boolean hasSpace(String m) {
try {
String ms[] = m.split(" ");
return names.length != 1;
} catch (NullPointerException e) {
return false;
}
}
A compliant solution would use a null-check as in the following example:
boolean hasSpace(String m) {
if (m == null) return false;
String ms[] = m.split(" ");
return names.length != 1;
}
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This condition always produces the same result as the value of the involved variable that was narrowed before. Probably something else was meant or the condition can be removed.