Project: ActiveMQ :: STOMP Protocol
SpotBugs version: 4.8.3
Code analyzed:
2385 lines of code analyzed, in 53 classes, in 1 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 3 | 1.26 |
Medium Priority Warnings | 41 | 17.19 |
Total Warnings | 44 | 18.45 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Correctness Warnings | 1 |
Internationalization Warnings | 3 |
Malicious code vulnerability Warnings | 27 |
Performance Warnings | 3 |
Dodgy code Warnings | 10 |
Total | 44 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
NP | Possible null pointer dereference of null in org.apache.activemq.transport.stomp.StompTransportFilter.getHbGracePeriodMultiplier() |
Code | Warning |
---|---|
Dm | Found reliance on default encoding in org.apache.activemq.transport.stomp.ProtocolConverter.<static initializer for ProtocolConverter>(): new java.io.InputStreamReader(InputStream) |
Dm | Found reliance on default encoding in org.apache.activemq.transport.stomp.StompConnection.send(String, String, String, HashMap): String.getBytes() |
Dm | Found reliance on default encoding in org.apache.activemq.transport.stomp.StompFrame.getBody(): new String(byte[]) |
Code | Warning |
---|---|
EI | org.apache.activemq.transport.stomp.JmsFrameTranslator.getXStream() may expose internal representation by returning JmsFrameTranslator.xStream |
EI | org.apache.activemq.transport.stomp.StompConnection.getStompSocket() may expose internal representation by returning StompConnection.stompSocket |
EI | org.apache.activemq.transport.stomp.StompFrame.getContent() may expose internal representation by returning StompFrame.content |
EI | org.apache.activemq.transport.stomp.StompFrame.getHeaders() may expose internal representation by returning StompFrame.headers |
EI | org.apache.activemq.transport.stomp.StompFrameError.getException() may expose internal representation by returning StompFrameError.exception |
EI | org.apache.activemq.transport.stomp.StompSubscription.getConsumerInfo() may expose internal representation by returning StompSubscription.consumerInfo |
EI | org.apache.activemq.transport.stomp.StompSubscription.getDestination() may expose internal representation by returning StompSubscription.destination |
EI | org.apache.activemq.transport.stomp.StompTransportFilter.getInactivityMonitor() may expose internal representation by returning StompTransportFilter.monitor |
EI | org.apache.activemq.transport.stomp.StompTransportFilter.getWireFormat() may expose internal representation by returning StompTransportFilter.wireFormat |
EI2 | org.apache.activemq.transport.stomp.JmsFrameTranslator.setXStream(XStream) may expose internal representation by storing an externally mutable object into JmsFrameTranslator.xStream |
EI2 | new org.apache.activemq.transport.stomp.StompCodec(TcpTransport) may expose internal representation by storing an externally mutable object into StompCodec.transport |
EI2 | org.apache.activemq.transport.stomp.StompConnection.open(Socket) may expose internal representation by storing an externally mutable object into StompConnection.stompSocket |
EI2 | org.apache.activemq.transport.stomp.StompConnection.setStompSocket(Socket) may expose internal representation by storing an externally mutable object into StompConnection.stompSocket |
EI2 | new org.apache.activemq.transport.stomp.StompFrame(String, Map, byte[]) may expose internal representation by storing an externally mutable object into StompFrame.content |
EI2 | new org.apache.activemq.transport.stomp.StompFrame(String, Map, byte[]) may expose internal representation by storing an externally mutable object into StompFrame.headers |
EI2 | org.apache.activemq.transport.stomp.StompFrame.setContent(byte[]) may expose internal representation by storing an externally mutable object into StompFrame.content |
EI2 | org.apache.activemq.transport.stomp.StompFrame.setHeaders(Map) may expose internal representation by storing an externally mutable object into StompFrame.headers |
EI2 | new org.apache.activemq.transport.stomp.StompFrameError(ProtocolException) may expose internal representation by storing an externally mutable object into StompFrameError.exception |
EI2 | new org.apache.activemq.transport.stomp.StompSubscription(ProtocolConverter, String, ConsumerInfo, String) may expose internal representation by storing an externally mutable object into StompSubscription.consumerInfo |
EI2 | new org.apache.activemq.transport.stomp.StompSubscription(ProtocolConverter, String, ConsumerInfo, String) may expose internal representation by storing an externally mutable object into StompSubscription.protocolConverter |
EI2 | org.apache.activemq.transport.stomp.StompSubscription.setDestination(ActiveMQDestination) may expose internal representation by storing an externally mutable object into StompSubscription.destination |
EI2 | new org.apache.activemq.transport.stomp.StompTransportFilter(Transport, WireFormat, BrokerContext) may expose internal representation by storing an externally mutable object into StompTransportFilter.wireFormat |
EI2 | org.apache.activemq.transport.stomp.StompTransportFilter.setInactivityMonitor(StompInactivityMonitor) may expose internal representation by storing an externally mutable object into StompTransportFilter.monitor |
MS | org.apache.activemq.transport.stomp.Stomp.COLON_ESCAPE_SEQ should be moved out of an interface and made package protected |
MS | org.apache.activemq.transport.stomp.Stomp.ESCAPE_ESCAPE_SEQ should be moved out of an interface and made package protected |
MS | org.apache.activemq.transport.stomp.Stomp.NEWLINE_ESCAPE_SEQ should be moved out of an interface and made package protected |
MS | org.apache.activemq.transport.stomp.Stomp.SUPPORTED_PROTOCOL_VERSIONS should be moved out of an interface and made package protected |
Code | Warning |
---|---|
UrF | Unread field: org.apache.activemq.transport.stomp.StompCodec.version |
WMI | org.apache.activemq.transport.stomp.JmsFrameTranslator.createMapMessage(HierarchicalStreamReader) makes inefficient use of keySet iterator instead of entrySet iterator |
WMI | org.apache.activemq.transport.stomp.StompConnection.appendHeaders(HashMap) makes inefficient use of keySet iterator instead of entrySet iterator |
Code | Warning |
---|---|
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter.onActiveMQCommand(Command) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.transport.stomp.StompFrame to org.apache.activemq.transport.stomp.StompFrameError in org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(StompFrame) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$1.onResponse(ProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$2.onResponse(ProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$3.onResponse(ProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$3$1.onResponse(ProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from java.net.Socket to javax.net.ssl.SSLSocket in org.apache.activemq.transport.stomp.StompSslTransportFactory.createTransport(WireFormat, Socket, TcpTransport$InitBuffer) |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.ProtocolConverter.<static initializer for ProtocolConverter>() |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.ProtocolConverter.findTranslator(String, ActiveMQDestination, boolean) |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.StompWireFormat.parseHeaders(DataInput, AtomicLong) |
This cast is unchecked, and not all instances of the type cast from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
A final static field that is defined in an interface references a mutable object such as an array or hashtable. This mutable object could be changed by malicious code or by accident from another package. To solve this, the field needs to be moved to a class and made package protected to avoid this vulnerability.
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a NullPointerException
when the code is executed.
Of course, the problem might be that the branch or statement is infeasible and that
the null pointer exception cannot ever be executed; deciding that is beyond the ability of SpotBugs.
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
This field is never read. Consider removing it from the class.
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.