SpotBugs Report

Project Information

Project: ActiveMQ :: Generic JMS Pool

SpotBugs version: 4.8.3

Code analyzed:



Metrics

1313 lines of code analyzed, in 26 classes, in 1 packages.

Metric Total Density*
High Priority Warnings 0.00
Medium Priority Warnings 24 18.28
Total Warnings 24 18.28

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 2
Malicious code vulnerability Warnings 15
Multithreaded correctness Warnings 7
Total 24

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.jms.pool.PooledProducer at new org.apache.activemq.jms.pool.PooledProducer(MessageProducer, Destination) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
Se Class org.apache.activemq.jms.pool.XaPooledConnectionFactory defines non-transient non-serializable instance field transactionManager

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.jms.pool.ConnectionPool.getConnection() may expose internal representation by returning ConnectionPool.connection
EI org.apache.activemq.jms.pool.GenericResourceManager.getTransactionManager() may expose internal representation by returning GenericResourceManager.transactionManager
EI org.apache.activemq.jms.pool.SessionHolder.getOrCreateProducer() may expose internal representation by returning SessionHolder.producer
EI org.apache.activemq.jms.pool.SessionHolder.getSession() may expose internal representation by returning SessionHolder.session
EI org.apache.activemq.jms.pool.XaPooledConnectionFactory.getTransactionManager() may expose internal representation by returning XaPooledConnectionFactory.transactionManager
EI2 org.apache.activemq.jms.pool.GenericResourceManager.setTransactionManager(TransactionManager) may expose internal representation by storing an externally mutable object into GenericResourceManager.transactionManager
EI2 new org.apache.activemq.jms.pool.GenericResourceManager$ConnectionAndWrapperNamedXAResource(XAResource, String, Connection) may expose internal representation by storing an externally mutable object into GenericResourceManager$ConnectionAndWrapperNamedXAResource.connection
EI2 new org.apache.activemq.jms.pool.PooledConnection(ConnectionPool) may expose internal representation by storing an externally mutable object into PooledConnection.pool
EI2 new org.apache.activemq.jms.pool.PooledMessageConsumer(PooledSession, MessageConsumer) may expose internal representation by storing an externally mutable object into PooledMessageConsumer.delegate
EI2 new org.apache.activemq.jms.pool.PooledMessageConsumer(PooledSession, MessageConsumer) may expose internal representation by storing an externally mutable object into PooledMessageConsumer.session
EI2 new org.apache.activemq.jms.pool.PooledProducer(MessageProducer, Destination) may expose internal representation by storing an externally mutable object into PooledProducer.messageProducer
EI2 new org.apache.activemq.jms.pool.PooledSession(SessionKey, SessionHolder, KeyedObjectPool, boolean, boolean) may expose internal representation by storing an externally mutable object into PooledSession.sessionPool
EI2 new org.apache.activemq.jms.pool.SessionHolder(Session) may expose internal representation by storing an externally mutable object into SessionHolder.session
EI2 new org.apache.activemq.jms.pool.XaConnectionPool(Connection, TransactionManager) may expose internal representation by storing an externally mutable object into XaConnectionPool.transactionManager
EI2 org.apache.activemq.jms.pool.XaPooledConnectionFactory.setTransactionManager(TransactionManager) may expose internal representation by storing an externally mutable object into XaPooledConnectionFactory.transactionManager

Multithreaded correctness Warnings

Code Warning
DC Possible double-check on org.apache.activemq.jms.pool.SessionHolder.producer in org.apache.activemq.jms.pool.SessionHolder.getOrCreateProducer()
DC Possible double-check on org.apache.activemq.jms.pool.SessionHolder.publisher in org.apache.activemq.jms.pool.SessionHolder.getOrCreatePublisher()
DC Possible double-check on org.apache.activemq.jms.pool.SessionHolder.sender in org.apache.activemq.jms.pool.SessionHolder.getOrCreateSender()
IS Inconsistent synchronization of org.apache.activemq.jms.pool.ConnectionPool.hasExpired; locked 75% of time
IS Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.producer; locked 40% of time
IS Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.publisher; locked 40% of time
IS Inconsistent synchronization of org.apache.activemq.jms.pool.SessionHolder.sender; locked 40% of time

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

DC_DOUBLECHECK: Possible double-check of field

This method may contain an instance of double-checked locking.  This idiom is not correct according to the semantics of the Java memory model.  For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

IS2_INCONSISTENT_SYNC: Inconsistent synchronization

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.