SpotBugs Report

Project Information

Project: ActiveMQ :: JAAS

SpotBugs version: 4.8.3

Code analyzed:



Metrics

836 lines of code analyzed, in 16 classes, in 1 packages.

Metric Total Density*
High Priority Warnings 0.00
Medium Priority Warnings 15 17.94
Total Warnings 15 17.94

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 3
Malicious code vulnerability Warnings 11
Performance Warnings 1
Total 15

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.jaas.GroupPrincipal at new org.apache.activemq.jaas.GroupPrincipal(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.jaas.UserPrincipal at new org.apache.activemq.jaas.UserPrincipal(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
ES Comparison of String parameter using == or != in org.apache.activemq.jaas.LDAPLoginModule.getLDAPPropertyValue(String)

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.jaas.CertificateCallback.getCertificates() may expose internal representation by returning CertificateCallback.certificates
EI org.apache.activemq.jaas.ReloadableProperties.getProps() may expose internal representation by returning ReloadableProperties.props
EI org.apache.activemq.jaas.ReloadableProperties.invertedPropertiesMap() may expose internal representation by returning ReloadableProperties.invertedProps
EI org.apache.activemq.jaas.ReloadableProperties.invertedPropertiesValuesMap() may expose internal representation by returning ReloadableProperties.invertedValueProps
EI2 org.apache.activemq.jaas.CertificateCallback.setCertificates(X509Certificate[]) may expose internal representation by storing an externally mutable object into CertificateCallback.certificates
EI2 org.apache.activemq.jaas.CertificateLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into CertificateLoginModule.subject
EI2 org.apache.activemq.jaas.GuestLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into GuestLoginModule.subject
EI2 new org.apache.activemq.jaas.JaasCertificateCallbackHandler(X509Certificate[]) may expose internal representation by storing an externally mutable object into JaasCertificateCallbackHandler.certificates
EI2 org.apache.activemq.jaas.LDAPLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into LDAPLoginModule.subject
EI2 org.apache.activemq.jaas.PropertiesLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into PropertiesLoginModule.subject
EI2 new org.apache.activemq.jaas.ReloadableProperties(PropertiesLoader$FileNameKey) may expose internal representation by storing an externally mutable object into ReloadableProperties.key

Performance Warnings

Code Warning
SIC Should org.apache.activemq.jaas.PropertiesLoader$FileNameKey be a _static_ inner class?

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

ES_COMPARING_PARAMETER_STRING_WITH_EQ: Comparison of String parameter using == or !=

This code compares a java.lang.String parameter for reference equality using the == or != operators. Requiring callers to pass only String constants or interned strings to a method is unnecessarily fragile, and rarely leads to measurable performance gains. Consider using the equals(Object) method instead.

SIC_INNER_SHOULD_BE_STATIC: Should be a static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made static.