Project: ActiveMQ :: RA
SpotBugs version: 4.8.3
Code analyzed:
2837 lines of code analyzed, in 38 classes, in 1 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 1 | 0.35 |
Medium Priority Warnings | 56 | 19.74 |
Total Warnings | 57 | 20.09 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 8 |
Correctness Warnings | 1 |
Malicious code vulnerability Warnings | 39 |
Multithreaded correctness Warnings | 4 |
Performance Warnings | 4 |
Dodgy code Warnings | 1 |
Total | 57 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
CT | Exception thrown in class org.apache.activemq.ra.ActiveMQEndpointWorker at new org.apache.activemq.ra.ActiveMQEndpointWorker(MessageResourceAdapter, ActiveMQEndpointActivationKey) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.ra.ActiveMQManagedConnection at new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.ra.InboundMessageProducerProxy at new org.apache.activemq.ra.InboundMessageProducerProxy(MessageProducer, Destination) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.ra.MessageEndpointProxy at new org.apache.activemq.ra.MessageEndpointProxy(MessageEndpoint) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.ra.ServerSessionImpl at new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
Eq | org.apache.activemq.ra.ActiveMQManagedConnectionFactory.equals(Object) fails for subtypes |
Se | Class org.apache.activemq.ra.ActiveMQConnectionRequestInfo defines non-transient non-serializable instance field log |
Se | The field org.apache.activemq.ra.ActiveMQResourceAdapter.endpointWorkers is transient but isn't set by deserialization |
Code | Warning |
---|---|
NP | Possible null pointer dereference of session in org.apache.activemq.ra.ServerSessionPoolImpl.dispatchToSession(MessageDispatch) |
Code | Warning |
---|---|
EI | org.apache.activemq.ra.ActiveMQActivationSpec.lazyCreateRedeliveryPolicy() may expose internal representation by returning ActiveMQActivationSpec.redeliveryPolicy |
EI | org.apache.activemq.ra.ActiveMQActivationSpec.redeliveryPolicy() may expose internal representation by returning ActiveMQActivationSpec.redeliveryPolicy |
EI | org.apache.activemq.ra.ActiveMQConnectionFactory.getReference() may expose internal representation by returning ActiveMQConnectionFactory.reference |
EI | org.apache.activemq.ra.ActiveMQConnectionRequestInfo.prefetchPolicy() may expose internal representation by returning ActiveMQConnectionRequestInfo.prefetchPolicy |
EI | org.apache.activemq.ra.ActiveMQConnectionRequestInfo.redeliveryPolicy() may expose internal representation by returning ActiveMQConnectionRequestInfo.redeliveryPolicy |
EI | org.apache.activemq.ra.ActiveMQConnectionSupport.getInfo() may expose internal representation by returning ActiveMQConnectionSupport.info |
EI | org.apache.activemq.ra.ActiveMQManagedConnection.getLocalTransaction() may expose internal representation by returning ActiveMQManagedConnection.localAndXATransaction |
EI | org.apache.activemq.ra.ActiveMQManagedConnection.getLogWriter() may expose internal representation by returning ActiveMQManagedConnection.logWriter |
EI | org.apache.activemq.ra.ActiveMQManagedConnection.getPhysicalConnection() may expose internal representation by returning ActiveMQManagedConnection.physicalConnection |
EI | org.apache.activemq.ra.ActiveMQManagedConnection.getTransactionContext() may expose internal representation by returning ActiveMQManagedConnection.transactionContext |
EI | org.apache.activemq.ra.ActiveMQManagedConnection.getXAResource() may expose internal representation by returning ActiveMQManagedConnection.localAndXATransaction |
EI | org.apache.activemq.ra.ActiveMQManagedConnectionFactory.getLogWriter() may expose internal representation by returning ActiveMQManagedConnectionFactory.logWriter |
EI | org.apache.activemq.ra.ActiveMQResourceAdapter.getConnectionFactory() may expose internal representation by returning ActiveMQResourceAdapter.connectionFactory |
EI | org.apache.activemq.ra.ManagedConnectionProxy.getManagedConnection() may expose internal representation by returning ManagedConnectionProxy.managedConnection |
EI | org.apache.activemq.ra.ServerSessionImpl.getMessageProducer() may expose internal representation by returning ServerSessionImpl.messageProducer |
EI | org.apache.activemq.ra.ServerSessionImpl.getSession() may expose internal representation by returning ServerSessionImpl.session |
EI2 | new org.apache.activemq.ra.ActiveMQConnectionFactory(ActiveMQManagedConnectionFactory, ConnectionManager, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.factory |
EI2 | new org.apache.activemq.ra.ActiveMQConnectionFactory(ActiveMQManagedConnectionFactory, ConnectionManager, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.info |
EI2 | org.apache.activemq.ra.ActiveMQConnectionFactory.setReference(Reference) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.reference |
EI2 | org.apache.activemq.ra.ActiveMQEndpointWorker.setConnection(ActiveMQConnection) may expose internal representation by storing an externally mutable object into ActiveMQEndpointWorker.connection |
EI2 | new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.info |
EI2 | new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.physicalConnection |
EI2 | new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.subject |
EI2 | org.apache.activemq.ra.ActiveMQManagedConnection.associate(Subject, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.info |
EI2 | org.apache.activemq.ra.ActiveMQManagedConnection.associate(Subject, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.subject |
EI2 | org.apache.activemq.ra.ActiveMQManagedConnection.setLogWriter(PrintWriter) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.logWriter |
EI2 | org.apache.activemq.ra.ActiveMQManagedConnectionFactory.setLogWriter(PrintWriter) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnectionFactory.logWriter |
EI2 | org.apache.activemq.ra.ActiveMQResourceAdapter.setConnectionFactory(ActiveMQConnectionFactory) may expose internal representation by storing an externally mutable object into ActiveMQResourceAdapter.connectionFactory |
EI2 | new org.apache.activemq.ra.InboundMessageProducerProxy(MessageProducer, Destination) may expose internal representation by storing an externally mutable object into InboundMessageProducerProxy.messageProducer |
EI2 | new org.apache.activemq.ra.LocalAndXATransaction(TransactionContext) may expose internal representation by storing an externally mutable object into LocalAndXATransaction.transactionContext |
EI2 | org.apache.activemq.ra.LocalAndXATransaction.setTransactionContext(TransactionContext) may expose internal representation by storing an externally mutable object into LocalAndXATransaction.transactionContext |
EI2 | new org.apache.activemq.ra.ManagedConnectionProxy(ActiveMQManagedConnection, ConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ManagedConnectionProxy.info |
EI2 | new org.apache.activemq.ra.ManagedConnectionProxy(ActiveMQManagedConnection, ConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ManagedConnectionProxy.managedConnection |
EI2 | new org.apache.activemq.ra.ManagedSessionProxy(ActiveMQSession, ManagedConnectionProxy) may expose internal representation by storing an externally mutable object into ManagedSessionProxy.connectionProxy |
EI2 | new org.apache.activemq.ra.ManagedSessionProxy(ActiveMQSession, ManagedConnectionProxy) may expose internal representation by storing an externally mutable object into ManagedSessionProxy.session |
EI2 | new org.apache.activemq.ra.ManagedTransactionContext(TransactionContext) may expose internal representation by storing an externally mutable object into ManagedTransactionContext.sharedContext |
EI2 | new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) may expose internal representation by storing an externally mutable object into ServerSessionImpl.pool |
EI2 | new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) may expose internal representation by storing an externally mutable object into ServerSessionImpl.session |
EI2 | new org.apache.activemq.ra.ServerSessionPoolImpl(ActiveMQEndpointWorker, int) may expose internal representation by storing an externally mutable object into ServerSessionPoolImpl.activeMQAsfEndpointWorker |
Code | Warning |
---|---|
JLM | Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.close() |
JLM | Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.removeFromPool(ServerSessionImpl) |
JLM | Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.returnToPool(ServerSessionImpl) |
UL | org.apache.activemq.ra.ServerSessionPoolImpl.returnToPool(ServerSessionImpl) does not release lock on all exception paths |
Code | Warning |
---|---|
Dm | org.apache.activemq.ra.ActiveMQActivationSpec.isValidEnableBatch(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead |
Dm | org.apache.activemq.ra.ActiveMQActivationSpec.isValidNoLocal(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead |
Dm | org.apache.activemq.ra.ActiveMQActivationSpec.isValidUseRAManagedTransaction(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead |
Dm | new org.apache.activemq.ra.ActiveMQEndpointWorker(MessageResourceAdapter, ActiveMQEndpointActivationKey) invokes inefficient new String(String) constructor |
Code | Warning |
---|---|
DLS | Dead store to result in org.apache.activemq.ra.ActiveMQResourceAdapter$2.recover(int) |
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks
A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.
See SEI CERT Rule OBJ-11
for more information.
This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because SpotBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Creating new instances of java.lang.Boolean
wastes
memory, since Boolean
objects are immutable and there are
only two useful values of this type. Use the Boolean.valueOf()
method (or Java 5 autoboxing) to create Boolean
objects instead.
Using the java.lang.String(String)
constructor wastes memory
because the object so constructed will be functionally indistinguishable
from the String
passed as a parameter. Just use the
argument String
directly.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This class has an equals method that will be broken if it is inherited by subclasses.
It compares a class literal with the class of the argument (e.g., in class Foo
it might check if Foo.class == o.getClass()
).
It is better to check if this.getClass() == o.getClass()
.
This method performs synchronization on an object that is an instance of
a class from the java.util.concurrent package (or its subclasses). Instances
of these classes have their own concurrency control mechanisms that are orthogonal to
the synchronization provided by the Java keyword synchronized
. For example,
synchronizing on an AtomicBoolean
will not prevent other threads
from modifying the AtomicBoolean
.
Such code may be correct, but should be carefully reviewed and documented, and may confuse people who have to maintain the code at a later date.
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a NullPointerException
when the code is executed.
Of course, the problem might be that the branch or statement is infeasible and that
the null pointer exception cannot ever be executed; deciding that is beyond the ability of SpotBugs.
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or java.lang.Object
, and does not appear to implement
the Externalizable
interface or the
readObject()
and writeObject()
methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.
This method acquires a JSR-166 (java.util.concurrent
) lock,
but does not release it on all exception paths out of the method. In general, the correct idiom
for using a JSR-166 lock is:
Lock l = ...;
l.lock();
try {
// do something
} finally {
l.unlock();
}