SpotBugs Report

Project Information

Project: ActiveMQ :: MQTT Protocol

SpotBugs version: 4.8.3

Code analyzed:



Metrics

2084 lines of code analyzed, in 51 classes, in 2 packages.

Metric Total Density*
High Priority Warnings 1 0.48
Medium Priority Warnings 37 17.75
Total Warnings 38 18.23

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 1
Correctness Warnings 1
Malicious code vulnerability Warnings 23
Multithreaded correctness Warnings 1
Performance Warnings 1
Dodgy code Warnings 11
Total 38

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
PA Primitive field org.apache.activemq.transport.mqtt.MQTTProtocolConverter.version is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility.

Correctness Warnings

Code Warning
GC org.fusesource.hawtbuf.UTF8Buffer is incompatible with expected argument type String in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.convertMessage(PUBLISH)

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.getProtocolConverter() may expose internal representation by returning MQTTInactivityMonitor.protocolConverter
EI org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getConnectionId() may expose internal representation by returning MQTTProtocolConverter.connectionId
EI org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getMQTTTransport() may expose internal representation by returning MQTTProtocolConverter.mqttTransport
EI org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getPacketIdGenerator() may expose internal representation by returning MQTTProtocolConverter.packetIdGenerator
EI org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getSessionId() may expose internal representation by returning MQTTProtocolConverter.sessionId
EI org.apache.activemq.transport.mqtt.MQTTSubscription.getConsumerInfo() may expose internal representation by returning MQTTSubscription.consumerInfo
EI org.apache.activemq.transport.mqtt.MQTTTransportFilter.getInactivityMonitor() may expose internal representation by returning MQTTTransportFilter.monitor
EI org.apache.activemq.transport.mqtt.MQTTTransportFilter.getWireFormat() may expose internal representation by returning MQTTTransportFilter.wireFormat
EI org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.getProtocolConverter() may expose internal representation by returning AbstractMQTTSubscriptionStrategy.protocol
EI2 new org.apache.activemq.transport.mqtt.MQTTCodec(MQTTCodec$MQTTFrameSink, MQTTWireFormat) may expose internal representation by storing an externally mutable object into MQTTCodec.wireFormat
EI2 new org.apache.activemq.transport.mqtt.MQTTCodec(TcpTransport, MQTTWireFormat) may expose internal representation by storing an externally mutable object into MQTTCodec.wireFormat
EI2 org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.setProtocolConverter(MQTTProtocolConverter) may expose internal representation by storing an externally mutable object into MQTTInactivityMonitor.protocolConverter
EI2 org.apache.activemq.transport.mqtt.MQTTNIOTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTNIOTransportFactory.brokerService
EI2 new org.apache.activemq.transport.mqtt.MQTTProtocolConverter(MQTTTransport, BrokerService) may expose internal representation by storing an externally mutable object into MQTTProtocolConverter.brokerService
EI2 new org.apache.activemq.transport.mqtt.MQTTProtocolConverter(MQTTTransport, BrokerService) may expose internal representation by storing an externally mutable object into MQTTProtocolConverter.mqttTransport
EI2 org.apache.activemq.transport.mqtt.MQTTSslTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTSslTransportFactory.brokerService
EI2 new org.apache.activemq.transport.mqtt.MQTTSubscription(MQTTProtocolConverter, String, QoS, ConsumerInfo) may expose internal representation by storing an externally mutable object into MQTTSubscription.consumerInfo
EI2 new org.apache.activemq.transport.mqtt.MQTTSubscription(MQTTProtocolConverter, String, QoS, ConsumerInfo) may expose internal representation by storing an externally mutable object into MQTTSubscription.protocolConverter
EI2 org.apache.activemq.transport.mqtt.MQTTTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTTransportFactory.brokerService
EI2 new org.apache.activemq.transport.mqtt.MQTTTransportFilter(Transport, WireFormat, BrokerService) may expose internal representation by storing an externally mutable object into MQTTTransportFilter.wireFormat
EI2 org.apache.activemq.transport.mqtt.MQTTTransportFilter.setInactivityMonitor(MQTTInactivityMonitor) may expose internal representation by storing an externally mutable object into MQTTTransportFilter.monitor
EI2 org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AbstractMQTTSubscriptionStrategy.brokerService
EI2 org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.setProtocolConverter(MQTTProtocolConverter) may expose internal representation by storing an externally mutable object into AbstractMQTTSubscriptionStrategy.protocol

Multithreaded correctness Warnings

Code Warning
DC Possible double-check on org.apache.activemq.transport.mqtt.MQTTProtocolConverter.subsciptionStrategy in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.findSubscriptionStrategy()

Performance Warnings

Code Warning
SIC Should org.apache.activemq.transport.mqtt.MQTTPacketIdGenerator$NonZeroSequenceGenerator be a _static_ inner class?

Dodgy code Warnings

Code Warning
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$1.onResponse(MQTTProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$1$1.onResponse(MQTTProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$2.onResponse(MQTTProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy$1.onResponse(MQTTProtocolConverter, Response)
DMI org.apache.activemq.transport.mqtt.strategy.MQTTVirtualTopicSubscriptionStrategy.onSend(ActiveMQDestination) invokes substring(0), which returns the original value
RCN Redundant nullcheck of ack, which is known to be non-null in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command)
SF Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command) where default case is missing
SF Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolSupport.convertActiveMQToMQTT(String) where default case is missing
SF Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolSupport.convertMQTTToActiveMQ(String) where default case is missing
SF Switch statement found in org.apache.activemq.transport.mqtt.MQTTSubscription.createPublish(ActiveMQMessage) where default case is missing

Details

BC_UNCONFIRMED_CAST: Unchecked/unconfirmed cast

This cast is unchecked, and not all instances of the type cast from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.

DC_DOUBLECHECK: Possible double-check of field

This method may contain an instance of double-checked locking.  This idiom is not correct according to the semantics of the Java memory model.  For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.

DMI_USELESS_SUBSTRING: Invocation of substring(0), which returns the original value

This code invokes substring(0) on a String, which returns the original value.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

GC_UNRELATED_TYPES: No relationship between generic parameter and method argument

This call to a generic collection method contains an argument with an incompatible class from that of the collection's parameter (i.e., the type of the argument is neither a supertype nor a subtype of the corresponding generic type argument). Therefore, it is unlikely that the collection contains any objects that are equal to the method argument used here. Most likely, the wrong value is being passed to the method.

In general, instances of two unrelated classes are not equal. For example, if the Foo and Bar classes are not related by subtyping, then an instance of Foo should not be equal to an instance of Bar. Among other issues, doing so will likely result in an equals method that is not symmetrical. For example, if you define the Foo class so that a Foo can be equal to a String, your equals method isn't symmetrical since a String can only be equal to a String.

In rare cases, people do define nonsymmetrical equals methods and still manage to make their code work. Although none of the APIs document or guarantee it, it is typically the case that if you check if a Collection<String> contains a Foo, the equals method of argument (e.g., the equals method of the Foo class) used to perform the equality checks.

PA_PUBLIC_PRIMITIVE_ATTRIBUTE: Primitive field is public

SEI CERT rule OBJ01-J requires that accessibility to fields must be limited. Otherwise, the values of the fields may be manipulated from outside the class, which may be unexpected or undesired behaviour. In general, requiring that no fields are allowed to be public is overkill and unrealistic. Even the rule mentions that final fields may be public. Besides final fields, there may be other usages for public fields: some public fields may serve as "flags" that affect the behavior of the class. Such flag fields are expected to be read by the current instance (or the current class, in case of static fields), but written by others. If a field is both written by the methods of the current instance (or the current class, in case of static fields) and from the outside, the code is suspicious. Consider making these fields private and provide appropriate setters, if necessary. Please note that constructors, initializers and finalizers are exceptions, if only they write the field inside the class, the field is not considered as written by the class itself.

RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null

This method contains a redundant check of a known non-null value against the constant null.

SF_SWITCH_NO_DEFAULT: Switch statement found where default case is missing

This method contains a switch statement where default case is missing. Usually you need to provide a default case.

Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other cases.

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.