SpotBugs Report

Project Information

Project: ActiveMQ :: RA

SpotBugs version: 4.8.3

Code analyzed:



Metrics

2837 lines of code analyzed, in 38 classes, in 1 packages.

Metric Total Density*
High Priority Warnings 1 0.35
Medium Priority Warnings 56 19.74
Total Warnings 57 20.09

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 8
Correctness Warnings 1
Malicious code vulnerability Warnings 39
Multithreaded correctness Warnings 4
Performance Warnings 4
Dodgy code Warnings 1
Total 57

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.ra.ActiveMQEndpointWorker at new org.apache.activemq.ra.ActiveMQEndpointWorker(MessageResourceAdapter, ActiveMQEndpointActivationKey) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.ra.ActiveMQManagedConnection at new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.ra.InboundMessageProducerProxy at new org.apache.activemq.ra.InboundMessageProducerProxy(MessageProducer, Destination) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.ra.MessageEndpointProxy at new org.apache.activemq.ra.MessageEndpointProxy(MessageEndpoint) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
CT Exception thrown in class org.apache.activemq.ra.ServerSessionImpl at new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
Eq org.apache.activemq.ra.ActiveMQManagedConnectionFactory.equals(Object) fails for subtypes
Se Class org.apache.activemq.ra.ActiveMQConnectionRequestInfo defines non-transient non-serializable instance field log
Se The field org.apache.activemq.ra.ActiveMQResourceAdapter.endpointWorkers is transient but isn't set by deserialization

Correctness Warnings

Code Warning
NP Possible null pointer dereference of session in org.apache.activemq.ra.ServerSessionPoolImpl.dispatchToSession(MessageDispatch)

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.ra.ActiveMQActivationSpec.lazyCreateRedeliveryPolicy() may expose internal representation by returning ActiveMQActivationSpec.redeliveryPolicy
EI org.apache.activemq.ra.ActiveMQActivationSpec.redeliveryPolicy() may expose internal representation by returning ActiveMQActivationSpec.redeliveryPolicy
EI org.apache.activemq.ra.ActiveMQConnectionFactory.getReference() may expose internal representation by returning ActiveMQConnectionFactory.reference
EI org.apache.activemq.ra.ActiveMQConnectionRequestInfo.prefetchPolicy() may expose internal representation by returning ActiveMQConnectionRequestInfo.prefetchPolicy
EI org.apache.activemq.ra.ActiveMQConnectionRequestInfo.redeliveryPolicy() may expose internal representation by returning ActiveMQConnectionRequestInfo.redeliveryPolicy
EI org.apache.activemq.ra.ActiveMQConnectionSupport.getInfo() may expose internal representation by returning ActiveMQConnectionSupport.info
EI org.apache.activemq.ra.ActiveMQManagedConnection.getLocalTransaction() may expose internal representation by returning ActiveMQManagedConnection.localAndXATransaction
EI org.apache.activemq.ra.ActiveMQManagedConnection.getLogWriter() may expose internal representation by returning ActiveMQManagedConnection.logWriter
EI org.apache.activemq.ra.ActiveMQManagedConnection.getPhysicalConnection() may expose internal representation by returning ActiveMQManagedConnection.physicalConnection
EI org.apache.activemq.ra.ActiveMQManagedConnection.getTransactionContext() may expose internal representation by returning ActiveMQManagedConnection.transactionContext
EI org.apache.activemq.ra.ActiveMQManagedConnection.getXAResource() may expose internal representation by returning ActiveMQManagedConnection.localAndXATransaction
EI org.apache.activemq.ra.ActiveMQManagedConnectionFactory.getLogWriter() may expose internal representation by returning ActiveMQManagedConnectionFactory.logWriter
EI org.apache.activemq.ra.ActiveMQResourceAdapter.getConnectionFactory() may expose internal representation by returning ActiveMQResourceAdapter.connectionFactory
EI org.apache.activemq.ra.ManagedConnectionProxy.getManagedConnection() may expose internal representation by returning ManagedConnectionProxy.managedConnection
EI org.apache.activemq.ra.ServerSessionImpl.getMessageProducer() may expose internal representation by returning ServerSessionImpl.messageProducer
EI org.apache.activemq.ra.ServerSessionImpl.getSession() may expose internal representation by returning ServerSessionImpl.session
EI2 new org.apache.activemq.ra.ActiveMQConnectionFactory(ActiveMQManagedConnectionFactory, ConnectionManager, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.factory
EI2 new org.apache.activemq.ra.ActiveMQConnectionFactory(ActiveMQManagedConnectionFactory, ConnectionManager, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.info
EI2 org.apache.activemq.ra.ActiveMQConnectionFactory.setReference(Reference) may expose internal representation by storing an externally mutable object into ActiveMQConnectionFactory.reference
EI2 org.apache.activemq.ra.ActiveMQEndpointWorker.setConnection(ActiveMQConnection) may expose internal representation by storing an externally mutable object into ActiveMQEndpointWorker.connection
EI2 new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.info
EI2 new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.physicalConnection
EI2 new org.apache.activemq.ra.ActiveMQManagedConnection(Subject, ActiveMQConnection, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.subject
EI2 org.apache.activemq.ra.ActiveMQManagedConnection.associate(Subject, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.info
EI2 org.apache.activemq.ra.ActiveMQManagedConnection.associate(Subject, ActiveMQConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.subject
EI2 org.apache.activemq.ra.ActiveMQManagedConnection.setLogWriter(PrintWriter) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnection.logWriter
EI2 org.apache.activemq.ra.ActiveMQManagedConnectionFactory.setLogWriter(PrintWriter) may expose internal representation by storing an externally mutable object into ActiveMQManagedConnectionFactory.logWriter
EI2 org.apache.activemq.ra.ActiveMQResourceAdapter.setConnectionFactory(ActiveMQConnectionFactory) may expose internal representation by storing an externally mutable object into ActiveMQResourceAdapter.connectionFactory
EI2 new org.apache.activemq.ra.InboundMessageProducerProxy(MessageProducer, Destination) may expose internal representation by storing an externally mutable object into InboundMessageProducerProxy.messageProducer
EI2 new org.apache.activemq.ra.LocalAndXATransaction(TransactionContext) may expose internal representation by storing an externally mutable object into LocalAndXATransaction.transactionContext
EI2 org.apache.activemq.ra.LocalAndXATransaction.setTransactionContext(TransactionContext) may expose internal representation by storing an externally mutable object into LocalAndXATransaction.transactionContext
EI2 new org.apache.activemq.ra.ManagedConnectionProxy(ActiveMQManagedConnection, ConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ManagedConnectionProxy.info
EI2 new org.apache.activemq.ra.ManagedConnectionProxy(ActiveMQManagedConnection, ConnectionRequestInfo) may expose internal representation by storing an externally mutable object into ManagedConnectionProxy.managedConnection
EI2 new org.apache.activemq.ra.ManagedSessionProxy(ActiveMQSession, ManagedConnectionProxy) may expose internal representation by storing an externally mutable object into ManagedSessionProxy.connectionProxy
EI2 new org.apache.activemq.ra.ManagedSessionProxy(ActiveMQSession, ManagedConnectionProxy) may expose internal representation by storing an externally mutable object into ManagedSessionProxy.session
EI2 new org.apache.activemq.ra.ManagedTransactionContext(TransactionContext) may expose internal representation by storing an externally mutable object into ManagedTransactionContext.sharedContext
EI2 new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) may expose internal representation by storing an externally mutable object into ServerSessionImpl.pool
EI2 new org.apache.activemq.ra.ServerSessionImpl(ServerSessionPoolImpl, ActiveMQSession, WorkManager, MessageEndpoint, boolean, int) may expose internal representation by storing an externally mutable object into ServerSessionImpl.session
EI2 new org.apache.activemq.ra.ServerSessionPoolImpl(ActiveMQEndpointWorker, int) may expose internal representation by storing an externally mutable object into ServerSessionPoolImpl.activeMQAsfEndpointWorker

Multithreaded correctness Warnings

Code Warning
JLM Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.close()
JLM Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.removeFromPool(ServerSessionImpl)
JLM Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.activemq.ra.ServerSessionPoolImpl.returnToPool(ServerSessionImpl)
UL org.apache.activemq.ra.ServerSessionPoolImpl.returnToPool(ServerSessionImpl) does not release lock on all exception paths

Performance Warnings

Code Warning
Dm org.apache.activemq.ra.ActiveMQActivationSpec.isValidEnableBatch(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Dm org.apache.activemq.ra.ActiveMQActivationSpec.isValidNoLocal(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Dm org.apache.activemq.ra.ActiveMQActivationSpec.isValidUseRAManagedTransaction(List) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Dm new org.apache.activemq.ra.ActiveMQEndpointWorker(MessageResourceAdapter, ActiveMQEndpointActivationKey) invokes inefficient new String(String) constructor

Dodgy code Warnings

Code Warning
DLS Dead store to result in org.apache.activemq.ra.ActiveMQResourceAdapter$2.recover(int)

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

DLS_DEAD_LOCAL_STORE: Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because SpotBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

DM_BOOLEAN_CTOR: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type.  Use the Boolean.valueOf() method (or Java 5 autoboxing) to create Boolean objects instead.

DM_STRING_CTOR: Method invokes inefficient new String(String) constructor

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter.  Just use the argument String directly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails for subtypes

This class has an equals method that will be broken if it is inherited by subclasses. It compares a class literal with the class of the argument (e.g., in class Foo it might check if Foo.class == o.getClass()). It is better to check if this.getClass() == o.getClass().

JLM_JSR166_UTILCONCURRENT_MONITORENTER: Synchronization performed on util.concurrent instance

This method performs synchronization on an object that is an instance of a class from the java.util.concurrent package (or its subclasses). Instances of these classes have their own concurrency control mechanisms that are orthogonal to the synchronization provided by the Java keyword synchronized. For example, synchronizing on an AtomicBoolean will not prevent other threads from modifying the AtomicBoolean.

Such code may be correct, but should be carefully reviewed and documented, and may confuse people who have to maintain the code at a later date.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception cannot ever be executed; deciding that is beyond the ability of SpotBugs.

SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

SE_TRANSIENT_FIELD_NOT_RESTORED: Transient field that isn't set by deserialization.

This class contains a field that is updated at multiple places in the class, thus it seems to be part of the state of the class. However, since the field is marked as transient and not set in readObject or readResolve, it will contain the default value in any deserialized instance of the class.

UL_UNRELEASED_LOCK_EXCEPTION_PATH: Method does not release lock on all exception paths

This method acquires a JSR-166 (java.util.concurrent) lock, but does not release it on all exception paths out of the method. In general, the correct idiom for using a JSR-166 lock is:

Lock l = ...;
l.lock();
try {
    // do something
} finally {
    l.unlock();
}