SpotBugs Report

Project Information

Project: ActiveMQ :: JUnit Rule

SpotBugs version: 4.8.3

Code analyzed:



Metrics

986 lines of code analyzed, in 18 classes, in 1 packages.

Metric Total Density*
High Priority Warnings 2 2.03
Medium Priority Warnings 5 5.07
Total Warnings 7 7.10

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 2
Internationalization Warnings 1
Malicious code vulnerability Warnings 2
Dodgy code Warnings 2
Total 7

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.junit.EmbeddedActiveMQBroker at new org.apache.activemq.junit.EmbeddedActiveMQBroker(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.junit.EmbeddedActiveMQBroker at new org.apache.activemq.junit.EmbeddedActiveMQBroker(URI) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.

Internationalization Warnings

Code Warning
Dm Found reliance on default encoding in org.apache.activemq.junit.EmbeddedActiveMQBroker.createMessage(byte[], Map): new String(byte[])

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.junit.EmbeddedActiveMQBroker.getBrokerService() may expose internal representation by returning EmbeddedActiveMQBroker.brokerService
EI2 new org.apache.activemq.junit.AbstractActiveMQClientResource(ActiveMQConnectionFactory) may expose internal representation by storing an externally mutable object into AbstractActiveMQClientResource.connectionFactory

Dodgy code Warnings

Code Warning
DCN Do not catch NullPointerException like in org.apache.activemq.junit.ActiveMQTestRunner.withPotentialTimeout(FrameworkMethod, Object, Statement)
UC Useless condition: it's known that this.untilFailure == false at this point

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

DCN_NULLPOINTER_EXCEPTION: NullPointerException caught

According to SEI Cert rule ERR08-J NullPointerException should not be caught. Handling NullPointerException is considered an inferior alternative to null-checking.

This non-compliant code catches a NullPointerException to see if an incoming parameter is null:


boolean hasSpace(String m) {
  try {
    String ms[] = m.split(" ");
    return names.length != 1;
  } catch (NullPointerException e) {
    return false;
  }
}

A compliant solution would use a null-check as in the following example:


boolean hasSpace(String m) {
    if (m == null) return false;
    String ms[] = m.split(" ");
    return names.length != 1;
}

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

UC_USELESS_CONDITION: Condition has no effect

This condition always produces the same result as the value of the involved variable that was narrowed before. Probably something else was meant or the condition can be removed.