Project: ActiveMQ :: MQTT Protocol
SpotBugs version: 4.8.3
Code analyzed:
2084 lines of code analyzed, in 51 classes, in 2 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 1 | 0.48 |
Medium Priority Warnings | 37 | 17.75 |
Total Warnings | 38 | 18.23 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 1 |
Correctness Warnings | 1 |
Malicious code vulnerability Warnings | 23 |
Multithreaded correctness Warnings | 1 |
Performance Warnings | 1 |
Dodgy code Warnings | 11 |
Total | 38 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
PA | Primitive field org.apache.activemq.transport.mqtt.MQTTProtocolConverter.version is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
Code | Warning |
---|---|
GC | org.fusesource.hawtbuf.UTF8Buffer is incompatible with expected argument type String in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.convertMessage(PUBLISH) |
Code | Warning |
---|---|
EI | org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.getProtocolConverter() may expose internal representation by returning MQTTInactivityMonitor.protocolConverter |
EI | org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getConnectionId() may expose internal representation by returning MQTTProtocolConverter.connectionId |
EI | org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getMQTTTransport() may expose internal representation by returning MQTTProtocolConverter.mqttTransport |
EI | org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getPacketIdGenerator() may expose internal representation by returning MQTTProtocolConverter.packetIdGenerator |
EI | org.apache.activemq.transport.mqtt.MQTTProtocolConverter.getSessionId() may expose internal representation by returning MQTTProtocolConverter.sessionId |
EI | org.apache.activemq.transport.mqtt.MQTTSubscription.getConsumerInfo() may expose internal representation by returning MQTTSubscription.consumerInfo |
EI | org.apache.activemq.transport.mqtt.MQTTTransportFilter.getInactivityMonitor() may expose internal representation by returning MQTTTransportFilter.monitor |
EI | org.apache.activemq.transport.mqtt.MQTTTransportFilter.getWireFormat() may expose internal representation by returning MQTTTransportFilter.wireFormat |
EI | org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.getProtocolConverter() may expose internal representation by returning AbstractMQTTSubscriptionStrategy.protocol |
EI2 | new org.apache.activemq.transport.mqtt.MQTTCodec(MQTTCodec$MQTTFrameSink, MQTTWireFormat) may expose internal representation by storing an externally mutable object into MQTTCodec.wireFormat |
EI2 | new org.apache.activemq.transport.mqtt.MQTTCodec(TcpTransport, MQTTWireFormat) may expose internal representation by storing an externally mutable object into MQTTCodec.wireFormat |
EI2 | org.apache.activemq.transport.mqtt.MQTTInactivityMonitor.setProtocolConverter(MQTTProtocolConverter) may expose internal representation by storing an externally mutable object into MQTTInactivityMonitor.protocolConverter |
EI2 | org.apache.activemq.transport.mqtt.MQTTNIOTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTNIOTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.mqtt.MQTTProtocolConverter(MQTTTransport, BrokerService) may expose internal representation by storing an externally mutable object into MQTTProtocolConverter.brokerService |
EI2 | new org.apache.activemq.transport.mqtt.MQTTProtocolConverter(MQTTTransport, BrokerService) may expose internal representation by storing an externally mutable object into MQTTProtocolConverter.mqttTransport |
EI2 | org.apache.activemq.transport.mqtt.MQTTSslTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTSslTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.mqtt.MQTTSubscription(MQTTProtocolConverter, String, QoS, ConsumerInfo) may expose internal representation by storing an externally mutable object into MQTTSubscription.consumerInfo |
EI2 | new org.apache.activemq.transport.mqtt.MQTTSubscription(MQTTProtocolConverter, String, QoS, ConsumerInfo) may expose internal representation by storing an externally mutable object into MQTTSubscription.protocolConverter |
EI2 | org.apache.activemq.transport.mqtt.MQTTTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into MQTTTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.mqtt.MQTTTransportFilter(Transport, WireFormat, BrokerService) may expose internal representation by storing an externally mutable object into MQTTTransportFilter.wireFormat |
EI2 | org.apache.activemq.transport.mqtt.MQTTTransportFilter.setInactivityMonitor(MQTTInactivityMonitor) may expose internal representation by storing an externally mutable object into MQTTTransportFilter.monitor |
EI2 | org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AbstractMQTTSubscriptionStrategy.brokerService |
EI2 | org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy.setProtocolConverter(MQTTProtocolConverter) may expose internal representation by storing an externally mutable object into AbstractMQTTSubscriptionStrategy.protocol |
Code | Warning |
---|---|
DC | Possible double-check on org.apache.activemq.transport.mqtt.MQTTProtocolConverter.subsciptionStrategy in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.findSubscriptionStrategy() |
Code | Warning |
---|---|
SIC | Should org.apache.activemq.transport.mqtt.MQTTPacketIdGenerator$NonZeroSequenceGenerator be a _static_ inner class? |
Code | Warning |
---|---|
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$1.onResponse(MQTTProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$1$1.onResponse(MQTTProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.MQTTProtocolConverter$2.onResponse(MQTTProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.mqtt.strategy.AbstractMQTTSubscriptionStrategy$1.onResponse(MQTTProtocolConverter, Response) |
DMI | org.apache.activemq.transport.mqtt.strategy.MQTTVirtualTopicSubscriptionStrategy.onSend(ActiveMQDestination) invokes substring(0), which returns the original value |
RCN | Redundant nullcheck of ack, which is known to be non-null in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command) |
SF | Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolConverter.onActiveMQCommand(Command) where default case is missing |
SF | Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolSupport.convertActiveMQToMQTT(String) where default case is missing |
SF | Switch statement found in org.apache.activemq.transport.mqtt.MQTTProtocolSupport.convertMQTTToActiveMQ(String) where default case is missing |
SF | Switch statement found in org.apache.activemq.transport.mqtt.MQTTSubscription.createPublish(ActiveMQMessage) where default case is missing |
This cast is unchecked, and not all instances of the type cast from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.
This method may contain an instance of double-checked locking. This idiom is not correct according to the semantics of the Java memory model. For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.
This code invokes substring(0) on a String, which returns the original value.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This call to a generic collection method contains an argument with an incompatible class from that of the collection's parameter (i.e., the type of the argument is neither a supertype nor a subtype of the corresponding generic type argument). Therefore, it is unlikely that the collection contains any objects that are equal to the method argument used here. Most likely, the wrong value is being passed to the method.
In general, instances of two unrelated classes are not equal.
For example, if the Foo
and Bar
classes
are not related by subtyping, then an instance of Foo
should not be equal to an instance of Bar
.
Among other issues, doing so will likely result in an equals method
that is not symmetrical. For example, if you define the Foo
class
so that a Foo
can be equal to a String
,
your equals method isn't symmetrical since a String
can only be equal
to a String
.
In rare cases, people do define nonsymmetrical equals methods and still manage to make
their code work. Although none of the APIs document or guarantee it, it is typically
the case that if you check if a Collection<String>
contains
a Foo
, the equals method of argument (e.g., the equals method of the
Foo
class) used to perform the equality checks.
SEI CERT rule OBJ01-J requires that accessibility to fields must be limited. Otherwise, the values of the fields may be manipulated from outside the class, which may be unexpected or undesired behaviour. In general, requiring that no fields are allowed to be public is overkill and unrealistic. Even the rule mentions that final fields may be public. Besides final fields, there may be other usages for public fields: some public fields may serve as "flags" that affect the behavior of the class. Such flag fields are expected to be read by the current instance (or the current class, in case of static fields), but written by others. If a field is both written by the methods of the current instance (or the current class, in case of static fields) and from the outside, the code is suspicious. Consider making these fields private and provide appropriate setters, if necessary. Please note that constructors, initializers and finalizers are exceptions, if only they write the field inside the class, the field is not considered as written by the class itself.
This method contains a redundant check of a known non-null value against the constant null.
This method contains a switch statement where default case is missing. Usually you need to provide a default case.
Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other cases.
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.