SpotBugs Report

Project Information

Project: ActiveMQ :: JDBC Store

SpotBugs version: 4.8.3

Code analyzed:



Metrics

4865 lines of code analyzed, in 72 classes, in 4 packages.

Metric Total Density*
High Priority Warnings 1 0.21
Medium Priority Warnings 142 29.19
Total Warnings 143 29.39

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 9
Correctness Warnings 53
Experimental Warnings 9
Malicious code vulnerability Warnings 57
Multithreaded correctness Warnings 4
Performance Warnings 6
Security Warnings 2
Dodgy code Warnings 3
Total 143

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.store.jdbc.JDBCMessageStore at new org.apache.activemq.store.jdbc.JDBCMessageStore(JDBCPersistenceAdapter, JDBCAdapter, WireFormat, ActiveMQDestination, ActiveMQMessageAudit) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.store.jdbc.TransactionContext at new org.apache.activemq.store.jdbc.TransactionContext(JDBCPersistenceAdapter) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.store.journal.JournalPersistenceAdapter at new org.apache.activemq.store.journal.JournalPersistenceAdapter(Journal, PersistenceAdapter, TaskRunnerFactory) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
DE org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.closeStatement(Statement) might ignore java.sql.SQLException
IMSE Dubious catching of IllegalMonitorStateException in org.apache.activemq.store.jdbc.TransactionContext.lockAndWrapped(Lock)
It org.apache.activemq.store.jdbc.JDBCTopicMessageStore$LastRecovered$PriorityIterator.next() cannot throw NoSuchElementException
OS org.apache.activemq.store.jdbc.JdbcMemoryTransactionStore.recoverLastAck(byte[], ActiveMQDestination, String, String) may fail to close stream
PA Primitive field org.apache.activemq.store.jdbc.adapter.PostgresqlJDBCAdapter.acksPkName is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility.
RR org.apache.activemq.store.jdbc.JdbcMemoryTransactionStore.recoverLastAck(byte[], ActiveMQDestination, String, String) ignores result of org.apache.activemq.util.DataByteArrayInputStream.skipBytes(int)

Correctness Warnings

Code Warning
NP Null passed for non-null parameter of DefaultJDBCAdapter.close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.BlobJDBCAdapter.doAddMessage(TransactionContext, long, MessageId, ActiveMQDestination, byte[], long, byte, XATransactionId)
NP Null passed for non-null parameter of DefaultJDBCAdapter.close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.BlobJDBCAdapter.doGetMessage(TransactionContext, MessageId)
NP Null passed for non-null parameter of DefaultJDBCAdapter.close(ResultSet) in org.apache.activemq.store.jdbc.adapter.BlobJDBCAdapter.doGetMessage(TransactionContext, MessageId)
NP Null passed for non-null parameter of DefaultJDBCAdapter.close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.BlobJDBCAdapter.updateBlob(Connection, String, long, byte[])
NP Null passed for non-null parameter of DefaultJDBCAdapter.close(ResultSet) in org.apache.activemq.store.jdbc.adapter.BlobJDBCAdapter.updateBlob(Connection, String, long, byte[])
NP rs is null guaranteed to be dereferenced in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessages(TransactionContext, ActiveMQDestination, long[], long, int, boolean, JDBCMessageRecoveryListener) on exception path
NP s is null guaranteed to be dereferenced in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessages(TransactionContext, ActiveMQDestination, long[], long, int, boolean, JDBCMessageRecoveryListener) on exception path
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doClearLastAck(TransactionContext, ActiveMQDestination, byte, String, String)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doCommitAddOp(TransactionContext, long, long)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doDeleteOldMessages(TransactionContext)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doDeleteSubscription(TransactionContext, ActiveMQDestination, String, String)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetAllSubscriptions(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetAllSubscriptions(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetDestinations(TransactionContext)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetDestinations(TransactionContext)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetDurableSubscriberMessageCount(TransactionContext, ActiveMQDestination, String, String, boolean)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetDurableSubscriberMessageCount(TransactionContext, ActiveMQDestination, String, String, boolean)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastAckedDurableSubscriberMessageId(TransactionContext, ActiveMQDestination, String, String)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastAckedDurableSubscriberMessageId(TransactionContext, ActiveMQDestination, String, String)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastMessageStoreSequenceId(TransactionContext)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastMessageStoreSequenceId(TransactionContext)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastProducerSequenceId(TransactionContext, ProducerId)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetLastProducerSequenceId(TransactionContext, ProducerId)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessage(TransactionContext, MessageId)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessage(TransactionContext, MessageId)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageById(TransactionContext, long)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageById(TransactionContext, long)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageCount(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageCount(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageReference(TransactionContext, long)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetMessageReference(TransactionContext, long)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetSubscriberEntry(TransactionContext, ActiveMQDestination, String, String)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doGetSubscriberEntry(TransactionContext, ActiveMQDestination, String, String)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doMessageIdScan(TransactionContext, int, JDBCMessageIdScanListener)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doMessageIdScan(TransactionContext, int, JDBCMessageIdScanListener)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecordDestination(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecover(TransactionContext, ActiveMQDestination, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecover(TransactionContext, ActiveMQDestination, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessages(TransactionContext, ActiveMQDestination, String, String, long, long, int, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessages(TransactionContext, ActiveMQDestination, String, String, long, long, int, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessagesWithPriority(TransactionContext, ActiveMQDestination, String, String, long, long, int, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverNextMessagesWithPriority(TransactionContext, ActiveMQDestination, String, String, long, long, int, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverPreparedOps(TransactionContext, JdbcMemoryTransactionStore)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverPreparedOps(TransactionContext, JdbcMemoryTransactionStore)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverSubscription(TransactionContext, ActiveMQDestination, String, String, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRecoverSubscription(TransactionContext, ActiveMQDestination, String, String, JDBCMessageRecoveryListener)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRemoveAllMessages(TransactionContext, ActiveMQDestination)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doSetSubscriberEntry(TransactionContext, SubscriptionInfo, boolean, boolean)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doSetSubscriberEntry(TransactionContext, SubscriptionInfo, boolean, boolean)
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doUpdateMessage(TransactionContext, ActiveMQDestination, MessageId, byte[])
NP Null passed for non-null parameter of close(PreparedStatement) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.getStoreSequenceId(TransactionContext, ActiveMQDestination, MessageId)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.getStoreSequenceId(TransactionContext, ActiveMQDestination, MessageId)
NP Null passed for non-null parameter of close(ResultSet) in org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.messageTableAlreadyExists(TransactionContext)

Experimental Warnings

Code Warning
OBL org.apache.activemq.store.jdbc.LeaseDatabaseLocker.determineTimeDifference(Connection) may fail to clean up java.sql.ResultSet
OBL org.apache.activemq.store.jdbc.LeaseDatabaseLocker.determineTimeDifference(Connection) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.LeaseDatabaseLocker.reportLeasOwnerShipAndDuration(Connection) may fail to clean up java.sql.ResultSet
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doAddMessage(TransactionContext, long, MessageId, ActiveMQDestination, byte[], long, byte, XATransactionId) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doAddMessageReference(TransactionContext, long, MessageId, ActiveMQDestination, long, String) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doRemoveMessage(TransactionContext, long, XATransactionId) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doSetLastAck(TransactionContext, ActiveMQDestination, XATransactionId, String, String, long, long) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.doSetLastAckWithPriority(TransactionContext, ActiveMQDestination, XATransactionId, String, String, long, long) may fail to clean up java.sql.Statement
OBL org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.dumpTables(Connection, String, String, String) may fail to clean up java.sql.Statement on checked exception

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.createTransactionStore() may expose internal representation by returning JDBCPersistenceAdapter.transactionStore
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getAdapter() may expose internal representation by returning JDBCPersistenceAdapter.adapter
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getBrokerService() may expose internal representation by returning org.apache.activemq.broker.LockableServiceSupport.brokerService
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getScheduledThreadPoolExecutor() may expose internal representation by returning org.apache.activemq.broker.LockableServiceSupport.clockDaemon
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getStatements() may expose internal representation by returning JDBCPersistenceAdapter.statements
EI org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getWireFormat() may expose internal representation by returning JDBCPersistenceAdapter.wireFormat
EI org.apache.activemq.store.jdbc.JDBCTopicMessageStore.getMessageStoreSubStatistics() may expose internal representation by returning JDBCTopicMessageStore.stats
EI org.apache.activemq.store.jdbc.Statements.getCreateLockSchemaStatements() may expose internal representation by returning Statements.createLockSchemaStatements
EI org.apache.activemq.store.jdbc.Statements.getDropSchemaStatements() may expose internal representation by returning Statements.dropSchemaStatements
EI org.apache.activemq.store.jdbc.TransactionContext.getAddMessageStatement() may expose internal representation by returning TransactionContext.addMessageStatement
EI org.apache.activemq.store.jdbc.TransactionContext.getRemovedMessageStatement() may expose internal representation by returning TransactionContext.removedMessageStatement
EI org.apache.activemq.store.jdbc.TransactionContext.getUpdateLastAckStatement() may expose internal representation by returning TransactionContext.updateLastAckStatement
EI org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.getStatements() may expose internal representation by returning DefaultJDBCAdapter.statements
EI org.apache.activemq.store.journal.JournalMessageStore.getLongTermMessageStore() may expose internal representation by returning JournalMessageStore.longTermStore
EI org.apache.activemq.store.journal.JournalPersistenceAdapter.createTransactionStore() may expose internal representation by returning JournalPersistenceAdapter.transactionStore
EI org.apache.activemq.store.journal.JournalPersistenceAdapter.getLongTermPersistence() may expose internal representation by returning JournalPersistenceAdapter.longTermPersistence
EI org.apache.activemq.store.journal.JournalPersistenceAdapter.getTransactionStore() may expose internal representation by returning JournalPersistenceAdapter.transactionStore
EI org.apache.activemq.store.journal.JournalPersistenceAdapter.getUsageManager() may expose internal representation by returning JournalPersistenceAdapter.usageManager
EI org.apache.activemq.store.journal.JournalPersistenceAdapter.getWireFormat() may expose internal representation by returning JournalPersistenceAdapter.wireFormat
EI org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.createPersistenceAdapter() may expose internal representation by returning JournalPersistenceAdapterFactory.jdbcPersistenceAdapter
EI org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.getJdbcAdapter() may expose internal representation by returning JournalPersistenceAdapterFactory.jdbcPersistenceAdapter
EI org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.getJournal() may expose internal representation by returning JournalPersistenceAdapterFactory.journal
EI org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.getTaskRunnerFactory() may expose internal representation by returning JournalPersistenceAdapterFactory.taskRunnerFactory
EI org.apache.activemq.store.journal.JournalTopicMessageStore.getLongTermTopicMessageStore() may expose internal representation by returning JournalTopicMessageStore.longTermStore
EI org.apache.activemq.store.journal.JournalTopicMessageStore.getMessageStoreSubStatistics() may expose internal representation by returning JournalTopicMessageStore.stats
EI org.apache.activemq.store.journal.JournalTransactionStore$Tx.getOperations() may expose internal representation by returning JournalTransactionStore$Tx.operations
EI2 org.apache.activemq.store.jdbc.AbstractJDBCLocker.configure(PersistenceAdapter) may expose internal representation by storing an externally mutable object into AbstractJDBCLocker.jdbcAdapter
EI2 org.apache.activemq.store.jdbc.AbstractJDBCLocker.setStatements(Statements) may expose internal representation by storing an externally mutable object into AbstractJDBCLocker.statements
EI2 new org.apache.activemq.store.jdbc.JDBCMessageStore(JDBCPersistenceAdapter, JDBCAdapter, WireFormat, ActiveMQDestination, ActiveMQMessageAudit) may expose internal representation by storing an externally mutable object into JDBCMessageStore.adapter
EI2 new org.apache.activemq.store.jdbc.JDBCMessageStore(JDBCPersistenceAdapter, JDBCAdapter, WireFormat, ActiveMQDestination, ActiveMQMessageAudit) may expose internal representation by storing an externally mutable object into JDBCMessageStore.audit
EI2 new org.apache.activemq.store.jdbc.JDBCMessageStore(JDBCPersistenceAdapter, JDBCAdapter, WireFormat, ActiveMQDestination, ActiveMQMessageAudit) may expose internal representation by storing an externally mutable object into JDBCMessageStore.persistenceAdapter
EI2 new org.apache.activemq.store.jdbc.JDBCMessageStore(JDBCPersistenceAdapter, JDBCAdapter, WireFormat, ActiveMQDestination, ActiveMQMessageAudit) may expose internal representation by storing an externally mutable object into JDBCMessageStore.wireFormat
EI2 new org.apache.activemq.store.jdbc.JDBCPersistenceAdapter(DataSource, WireFormat) may expose internal representation by storing an externally mutable object into JDBCPersistenceAdapter.wireFormat
EI2 org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.setAdapter(JDBCAdapter) may expose internal representation by storing an externally mutable object into JDBCPersistenceAdapter.adapter
EI2 org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.setStatements(Statements) may expose internal representation by storing an externally mutable object into JDBCPersistenceAdapter.statements
EI2 org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.setWireFormat(WireFormat) may expose internal representation by storing an externally mutable object into JDBCPersistenceAdapter.wireFormat
EI2 org.apache.activemq.store.jdbc.Statements.setCreateLockSchemaStatements(String[]) may expose internal representation by storing an externally mutable object into Statements.createLockSchemaStatements
EI2 org.apache.activemq.store.jdbc.Statements.setCreateSchemaStatements(String[]) may expose internal representation by storing an externally mutable object into Statements.createSchemaStatements
EI2 org.apache.activemq.store.jdbc.Statements.setDropSchemaStatements(String[]) may expose internal representation by storing an externally mutable object into Statements.dropSchemaStatements
EI2 new org.apache.activemq.store.jdbc.TransactionContext(JDBCPersistenceAdapter) may expose internal representation by storing an externally mutable object into TransactionContext.persistenceAdapter
EI2 org.apache.activemq.store.jdbc.TransactionContext.setAddMessageStatement(PreparedStatement) may expose internal representation by storing an externally mutable object into TransactionContext.addMessageStatement
EI2 org.apache.activemq.store.jdbc.TransactionContext.setRemovedMessageStatement(PreparedStatement) may expose internal representation by storing an externally mutable object into TransactionContext.removedMessageStatement
EI2 org.apache.activemq.store.jdbc.TransactionContext.setUpdateLastAckStatement(PreparedStatement) may expose internal representation by storing an externally mutable object into TransactionContext.updateLastAckStatement
EI2 org.apache.activemq.store.jdbc.adapter.DefaultJDBCAdapter.setStatements(Statements) may expose internal representation by storing an externally mutable object into DefaultJDBCAdapter.statements
EI2 new org.apache.activemq.store.journal.JournalMessageStore(JournalPersistenceAdapter, MessageStore, ActiveMQDestination) may expose internal representation by storing an externally mutable object into JournalMessageStore.longTermStore
EI2 new org.apache.activemq.store.journal.JournalMessageStore(JournalPersistenceAdapter, MessageStore, ActiveMQDestination) may expose internal representation by storing an externally mutable object into JournalMessageStore.peristenceAdapter
EI2 org.apache.activemq.store.journal.JournalMessageStore.setMemoryUsage(MemoryUsage) may expose internal representation by storing an externally mutable object into JournalMessageStore.memoryUsage
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapter.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapter.brokerService
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapter.setJournal(Journal) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapter.journal
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapter.setPersistenceAdapter(PersistenceAdapter) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapter.longTermPersistence
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapter.setTaskRunnerFactory(TaskRunnerFactory) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapter.taskRunnerFactory
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapter.setUsageManager(SystemUsage) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapter.usageManager
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.setJdbcAdapter(JDBCPersistenceAdapter) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapterFactory.jdbcPersistenceAdapter
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.setJournal(Journal) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapterFactory.journal
EI2 org.apache.activemq.store.journal.JournalPersistenceAdapterFactory.setTaskRunnerFactory(TaskRunnerFactory) may expose internal representation by storing an externally mutable object into JournalPersistenceAdapterFactory.taskRunnerFactory
EI2 new org.apache.activemq.store.journal.JournalTopicMessageStore(JournalPersistenceAdapter, TopicMessageStore, ActiveMQTopic) may expose internal representation by storing an externally mutable object into JournalTopicMessageStore.longTermStore
EI2 new org.apache.activemq.store.journal.JournalTransactionStore(JournalPersistenceAdapter) may expose internal representation by storing an externally mutable object into JournalTransactionStore.peristenceAdapter

Multithreaded correctness Warnings

Code Warning
IS Inconsistent synchronization of org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.cleanupTicket; locked 75% of time
IS Inconsistent synchronization of org.apache.activemq.store.journal.JournalPersistenceAdapter.brokerService; locked 50% of time
IS Inconsistent synchronization of org.apache.activemq.store.journal.JournalPersistenceAdapter.scheduler; locked 60% of time
IS Inconsistent synchronization of org.apache.activemq.store.journal.JournalPersistenceAdapter.taskRunnerFactory; locked 50% of time

Performance Warnings

Code Warning
SBSC org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.log(String, SQLException) concatenates strings using + in a loop
SIC Should org.apache.activemq.store.jdbc.JDBCMessageStore$Duration be a _static_ inner class?
SIC Should org.apache.activemq.store.jdbc.JDBCTopicMessageStore$LastRecoveredEntry be a _static_ inner class?
SIC Should org.apache.activemq.store.jdbc.TransactionContext$UnlockOnCloseConnection be a _static_ inner class?
WMI org.apache.activemq.store.journal.JournalTopicMessageStore$2.execute() makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.store.journal.JournalTransactionStore.recover(TransactionRecoveryListener) makes inefficient use of keySet iterator instead of entrySet iterator

Security Warnings

Code Warning
SQL A prepared statement is generated from a nonconstant String in org.apache.activemq.store.jdbc.LeaseDatabaseLocker.doStart()
SQL A prepared statement is generated from a nonconstant String in org.apache.activemq.store.jdbc.LeaseDatabaseLocker.keepAlive()

Dodgy code Warnings

Code Warning
RV Return value of JournalTransactionStore$Tx.getOperations() ignored, but method has no side effect
RV Return value of createTransactionStore() ignored, but method has no side effect
UC Useless object stored in variable result of method org.apache.activemq.store.jdbc.JDBCPersistenceAdapter.getStoreSequenceIdForMessageId(ConnectionContext, MessageId, ActiveMQDestination)

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

DE_MIGHT_IGNORE: Method might ignore exception

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

IMSE_DONT_CATCH_IMSE: Dubious catching of IllegalMonitorStateException

IllegalMonitorStateException is generally only thrown in case of a design flaw in your code (calling wait or notify on an object you do not hold a lock on).

IS2_INCONSISTENT_SYNC: Inconsistent synchronization

The fields of this class appear to be accessed inconsistently with respect to synchronization.  This bug report indicates that the bug pattern detector judged that

A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe.

You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization.

Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held.  Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct.

IT_NO_SUCH_ELEMENT: Iterator next() method cannot throw NoSuchElementException

This class implements the java.util.Iterator interface.  However, its next() method is not capable of throwing java.util.NoSuchElementException.  The next() method should be changed so it throws NoSuchElementException if is called when there are no more elements to return.

NP_NULL_PARAM_DEREF: Method call passes null for non-null parameter

This method call passes a null value for a non-null method parameter. Either the parameter is annotated as a parameter that should always be non-null, or analysis has shown that it will always be dereferenced.

NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH: Value is null and guaranteed to be dereferenced on exception path

There is a statement or branch on an exception path that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions).

OBL_UNSATISFIED_OBLIGATION: Method may fail to clean up stream or resource

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. For sending feedback, check:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes (PDF), for a description of the analysis technique.

OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE: Method may fail to clean up stream or resource on checked exception

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. For sending feedback, check:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes (PDF), for a description of the analysis technique.

OS_OPEN_STREAM: Method may fail to close stream

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

PA_PUBLIC_PRIMITIVE_ATTRIBUTE: Primitive field is public

SEI CERT rule OBJ01-J requires that accessibility to fields must be limited. Otherwise, the values of the fields may be manipulated from outside the class, which may be unexpected or undesired behaviour. In general, requiring that no fields are allowed to be public is overkill and unrealistic. Even the rule mentions that final fields may be public. Besides final fields, there may be other usages for public fields: some public fields may serve as "flags" that affect the behavior of the class. Such flag fields are expected to be read by the current instance (or the current class, in case of static fields), but written by others. If a field is both written by the methods of the current instance (or the current class, in case of static fields) and from the outside, the code is suspicious. Consider making these fields private and provide appropriate setters, if necessary. Please note that constructors, initializers and finalizers are exceptions, if only they write the field inside the class, the field is not considered as written by the class itself.

SR_NOT_CHECKED: Method ignores results of InputStream.skip()

This method ignores the return value of java.io.InputStream.skip() which can skip multiple bytes.  If the return value is not checked, the caller will not be able to correctly handle the case where fewer bytes were skipped than the caller requested.  This is a particularly insidious kind of bug, because in many programs, skips from input streams usually do skip the full amount of data requested, causing the program to fail only sporadically. With Buffered streams, however, skip() will only skip data in the buffer, and will routinely fail to skip the requested number of bytes.

RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT: Return value of method without side effect is ignored

This code calls a method and ignores the return value. However, our analysis shows that the method (including its implementations in subclasses if any) does not produce any effect other than return value. Thus, this call can be removed.

We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong. Common false-positive cases include:

- The method is designed to be overridden and produce a side effect in other projects which are out of the scope of the analysis.

- The method is called to trigger the class loading which may have a side effect.

- The method is called just to get some exception.

If you feel that our assumption is incorrect, you can use a @CheckReturnValue annotation to instruct SpotBugs that ignoring the return value of this method is acceptable.

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 5) explicitly.

For example:

// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
}

// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
}
String s = buf.toString();

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.

SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING: A prepared statement is generated from a nonconstant String

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

UC_USELESS_OBJECT: Useless object created

Our analysis shows that this object is useless. It's created and modified, but its value never go outside of the method or produce any side-effect. Either there is a mistake and object was intended to be used or it can be removed.

This analysis rarely produces false-positives. Common false-positive cases include:

- This object used to implicitly throw some obscure exception.

- This object used as a stub to generalize the code.

- This object used to hold strong references to weak/soft-referenced objects.

WMI_WRONG_MAP_ITERATOR: Inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.