SpotBugs Report

Project Information

Project: ActiveMQ :: Console

SpotBugs version: 4.8.3

Code analyzed:



Metrics

5953 lines of code analyzed, in 84 classes, in 9 packages.

Metric Total Density*
High Priority Warnings 16 2.69
Medium Priority Warnings 103 17.30
Total Warnings 119 19.99

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 11
Correctness Warnings 2
Internationalization Warnings 8
Malicious code vulnerability Warnings 65
Performance Warnings 19
Dodgy code Warnings 14
Total 119

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.console.command.store.ExportStreamManager at new org.apache.activemq.console.command.store.ExportStreamManager(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
DE org.apache.activemq.console.Main.getActiveMQHome() might ignore java.lang.Exception
DE org.apache.activemq.console.command.ShutdownCommand.stopBrokers(MBeanServerConnection, Collection) might ignore java.lang.Exception
OS org.apache.activemq.console.command.store.proto.MapEntryPB$Buffer.writeUnframed(CodedOutputStream) may fail to close stream
OS org.apache.activemq.console.command.store.proto.MessagePB$Buffer.writeUnframed(CodedOutputStream) may fail to close stream
OS org.apache.activemq.console.command.store.proto.QueueEntryPB$Buffer.writeUnframed(CodedOutputStream) may fail to close stream
OS org.apache.activemq.console.command.store.proto.QueuePB$Buffer.writeUnframed(CodedOutputStream) may fail to close stream
RV Exceptional return value of java.io.File.mkdirs() ignored in org.apache.activemq.console.Main.main(String[])
RV Exceptional return value of java.io.File.mkdirs() ignored in org.apache.activemq.console.command.CreateCommand.createSubDirs(File, String[])
RV Exceptional return value of java.io.File.mkdirs() ignored in org.apache.activemq.console.command.CreateCommand.runTask(List)
Se org.apache.activemq.console.command.DstatCommand$ObjectInstanceComparator implements Comparator but not Serializable

Correctness Warnings

Code Warning
MF Field BstatCommand.helpFile masks field in superclass org.apache.activemq.console.command.QueryCommand
MF Field DecryptCommand.helpFile masks field in superclass org.apache.activemq.console.command.EncryptCommand

Internationalization Warnings

Code Warning
Dm Found reliance on default encoding in org.apache.activemq.console.command.AbstractCommand.printHelpFromFile(): new java.io.InputStreamReader(InputStream)
Dm Found reliance on default encoding in org.apache.activemq.console.command.CreateCommand.runTask(List): new java.io.InputStreamReader(InputStream)
Dm Found reliance on default encoding in org.apache.activemq.console.command.CreateCommand.writeFile(String, File): String.getBytes()
Dm Found reliance on default encoding in org.apache.activemq.console.command.store.tar.TarInputStream.getNextEntry(): new String(byte[], int, int)
Dm Found reliance on default encoding in org.apache.activemq.console.command.store.tar.TarOutputStream.putNextEntry(TarEntry): String.getBytes()
Dm Found reliance on default encoding in org.apache.activemq.console.filter.MapTransformFilter.transformToMap(CompositeDataSupport): new String(byte[])
Dm Found reliance on default encoding in org.apache.activemq.console.filter.MapTransformFilter.transformToMap(ActiveMQBytesMessage): new String(byte[])
Dm Found reliance on default encoding in new org.apache.activemq.console.formatter.CommandShellOutputFormatter(OutputStream): new java.io.PrintStream(OutputStream)

Malicious code vulnerability Warnings

Code Warning
DP org.apache.activemq.console.Main.getClassLoader() creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
DP org.apache.activemq.console.command.AbstractJmxCommand.findJMXUrlByProcessId(int) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
DP org.apache.activemq.console.command.AbstractJmxCommand.useJmxServiceUrl() creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
EI org.apache.activemq.console.Main.getClassLoader() may expose internal representation by returning Main.classLoader
EI org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.freeze() may expose internal representation by returning MapEntryPB$Bean.frozen
EI org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.getKey() may expose internal representation by returning MapEntryPB$Bean.f_key
EI org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.getValue() may expose internal representation by returning MapEntryPB$Bean.f_value
EI org.apache.activemq.console.command.store.proto.MapEntryPB$Buffer.toUnframedBuffer() may expose internal representation by returning MapEntryPB$Buffer.buffer
EI org.apache.activemq.console.command.store.proto.MessagePB$Bean.freeze() may expose internal representation by returning MessagePB$Bean.frozen
EI org.apache.activemq.console.command.store.proto.MessagePB$Bean.getCodec() may expose internal representation by returning MessagePB$Bean.f_codec
EI org.apache.activemq.console.command.store.proto.MessagePB$Bean.getDirectData() may expose internal representation by returning MessagePB$Bean.f_directData
EI org.apache.activemq.console.command.store.proto.MessagePB$Bean.getDirectFile() may expose internal representation by returning MessagePB$Bean.f_directFile
EI org.apache.activemq.console.command.store.proto.MessagePB$Bean.getValue() may expose internal representation by returning MessagePB$Bean.f_value
EI org.apache.activemq.console.command.store.proto.MessagePB$Buffer.toUnframedBuffer() may expose internal representation by returning MessagePB$Buffer.buffer
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.createSenderList() may expose internal representation by returning QueueEntryPB$Bean.f_sender
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.freeze() may expose internal representation by returning QueueEntryPB$Bean.frozen
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.getAttachment() may expose internal representation by returning QueueEntryPB$Bean.f_attachment
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.getMessageLocator() may expose internal representation by returning QueueEntryPB$Bean.f_messageLocator
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.getSenderList() may expose internal representation by returning QueueEntryPB$Bean.f_sender
EI org.apache.activemq.console.command.store.proto.QueueEntryPB$Buffer.toUnframedBuffer() may expose internal representation by returning QueueEntryPB$Buffer.buffer
EI org.apache.activemq.console.command.store.proto.QueuePB$Bean.freeze() may expose internal representation by returning QueuePB$Bean.frozen
EI org.apache.activemq.console.command.store.proto.QueuePB$Bean.getBindingData() may expose internal representation by returning QueuePB$Bean.f_bindingData
EI org.apache.activemq.console.command.store.proto.QueuePB$Bean.getBindingKind() may expose internal representation by returning QueuePB$Bean.f_bindingKind
EI org.apache.activemq.console.command.store.proto.QueuePB$Buffer.toUnframedBuffer() may expose internal representation by returning QueuePB$Buffer.buffer
EI org.apache.activemq.console.command.store.tar.TarInputStream.getNextEntry() may expose internal representation by returning TarInputStream.currEntry
EI org.apache.activemq.console.filter.StubQueryFilter.query(String) may expose internal representation by returning StubQueryFilter.data
EI org.apache.activemq.console.filter.StubQueryFilter.query(List) may expose internal representation by returning StubQueryFilter.data
EI org.apache.activemq.console.formatter.CommandShellOutputFormatter.getOutputStream() may expose internal representation by returning CommandShellOutputFormatter.outputStream
EI2 org.apache.activemq.console.command.AbstractCommand.setCommandContext(CommandContext) may expose internal representation by storing an externally mutable object into AbstractCommand.context
EI2 org.apache.activemq.console.command.StoreExportCommand.setCommandContext(CommandContext) may expose internal representation by storing an externally mutable object into StoreExportCommand.context
EI2 new org.apache.activemq.console.command.store.proto.MapEntryPB$Bean() may expose internal representation by storing an externally mutable object into MapEntryPB$Bean.bean
EI2 new org.apache.activemq.console.command.store.proto.MapEntryPB$Bean(MapEntryPB$Bean) may expose internal representation by storing an externally mutable object into MapEntryPB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.readExternal(DataInput) may expose internal representation by storing an externally mutable object into MapEntryPB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.setKey(Buffer) may expose internal representation by storing an externally mutable object into MapEntryPB$Bean.f_key
EI2 org.apache.activemq.console.command.store.proto.MapEntryPB$Bean.setValue(Buffer) may expose internal representation by storing an externally mutable object into MapEntryPB$Bean.f_value
EI2 new org.apache.activemq.console.command.store.proto.MessagePB$Bean() may expose internal representation by storing an externally mutable object into MessagePB$Bean.bean
EI2 new org.apache.activemq.console.command.store.proto.MessagePB$Bean(MessagePB$Bean) may expose internal representation by storing an externally mutable object into MessagePB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.MessagePB$Bean.readExternal(DataInput) may expose internal representation by storing an externally mutable object into MessagePB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.MessagePB$Bean.setCodec(AsciiBuffer) may expose internal representation by storing an externally mutable object into MessagePB$Bean.f_codec
EI2 org.apache.activemq.console.command.store.proto.MessagePB$Bean.setDirectData(Buffer) may expose internal representation by storing an externally mutable object into MessagePB$Bean.f_directData
EI2 org.apache.activemq.console.command.store.proto.MessagePB$Bean.setDirectFile(Buffer) may expose internal representation by storing an externally mutable object into MessagePB$Bean.f_directFile
EI2 org.apache.activemq.console.command.store.proto.MessagePB$Bean.setValue(Buffer) may expose internal representation by storing an externally mutable object into MessagePB$Bean.f_value
EI2 new org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean() may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.bean
EI2 new org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean(QueueEntryPB$Bean) may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.readExternal(DataInput) may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.setAttachment(Buffer) may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.f_attachment
EI2 org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.setMessageLocator(Buffer) may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.f_messageLocator
EI2 org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.setSenderList(List) may expose internal representation by storing an externally mutable object into QueueEntryPB$Bean.f_sender
EI2 new org.apache.activemq.console.command.store.proto.QueuePB$Bean() may expose internal representation by storing an externally mutable object into QueuePB$Bean.bean
EI2 new org.apache.activemq.console.command.store.proto.QueuePB$Bean(QueuePB$Bean) may expose internal representation by storing an externally mutable object into QueuePB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.QueuePB$Bean.readExternal(DataInput) may expose internal representation by storing an externally mutable object into QueuePB$Bean.bean
EI2 org.apache.activemq.console.command.store.proto.QueuePB$Bean.setBindingData(Buffer) may expose internal representation by storing an externally mutable object into QueuePB$Bean.f_bindingData
EI2 org.apache.activemq.console.command.store.proto.QueuePB$Bean.setBindingKind(AsciiBuffer) may expose internal representation by storing an externally mutable object into QueuePB$Bean.f_bindingKind
EI2 new org.apache.activemq.console.command.store.tar.TarBuffer(OutputStream, int, int) may expose internal representation by storing an externally mutable object into TarBuffer.outStream
EI2 new org.apache.activemq.console.filter.MBeansAttributeQueryFilter(MBeanServerConnection, Set, MBeansObjectNameQueryFilter) may expose internal representation by storing an externally mutable object into MBeansAttributeQueryFilter.attribView
EI2 new org.apache.activemq.console.filter.MBeansAttributeQueryFilter(MBeanServerConnection, Set, MBeansObjectNameQueryFilter) may expose internal representation by storing an externally mutable object into MBeansAttributeQueryFilter.jmxConnection
EI2 new org.apache.activemq.console.filter.MBeansObjectNameQueryFilter(MBeanServerConnection) may expose internal representation by storing an externally mutable object into MBeansObjectNameQueryFilter.jmxConnection
EI2 new org.apache.activemq.console.filter.MessagesQueryFilter(MBeanServerConnection, ObjectName) may expose internal representation by storing an externally mutable object into MessagesQueryFilter.destName
EI2 new org.apache.activemq.console.filter.MessagesQueryFilter(MBeanServerConnection, ObjectName) may expose internal representation by storing an externally mutable object into MessagesQueryFilter.jmxConnection
EI2 new org.apache.activemq.console.filter.PropertiesViewFilter(Set, QueryFilter) may expose internal representation by storing an externally mutable object into PropertiesViewFilter.viewFilter
EI2 new org.apache.activemq.console.filter.StubQueryFilter(List) may expose internal representation by storing an externally mutable object into StubQueryFilter.data
EI2 new org.apache.activemq.console.formatter.CommandShellOutputFormatter(OutputStream) may expose internal representation by storing an externally mutable object into CommandShellOutputFormatter.out
EI2 new org.apache.activemq.console.formatter.CommandShellOutputFormatter(OutputStream) may expose internal representation by storing an externally mutable object into CommandShellOutputFormatter.outputStream
MS org.apache.activemq.console.command.AbstractJmxCommand.DEFAULT_JMX_URL isn't final but should be
MS org.apache.activemq.console.command.DefaultPasswordFactory.factory isn't final but should be

Performance Warnings

Code Warning
Bx org.apache.activemq.console.command.store.proto.MessagePB$Bean.hashCode() invokes inefficient new Long(long) constructor; use Long.valueOf(long) instead
Bx org.apache.activemq.console.command.store.proto.QueueEntryPB$Bean.hashCode() invokes inefficient new Long(long) constructor; use Long.valueOf(long) instead
Bx org.apache.activemq.console.command.store.proto.QueuePB$Bean.hashCode() invokes inefficient new Long(long) constructor; use Long.valueOf(long) instead
SBSC org.apache.activemq.console.command.store.amq.CommandLineSupport.convertOptionToPropertyName(String) concatenates strings using + in a loop
SBSC org.apache.activemq.console.filter.AmqMessagesQueryFilter.query(List) concatenates strings using + in a loop
SBSC org.apache.activemq.console.filter.MBeansObjectNameQueryFilter.query(List) concatenates strings using + in a loop
SBSC org.apache.activemq.console.filter.MessagesQueryFilter.query(List) concatenates strings using + in a loop
SS Unread field: org.apache.activemq.console.command.CreateCommand.BROKER_NAME_REGEX; should this field be static?
SS Unread field: org.apache.activemq.console.command.CreateCommand.DEFAULT_BROKERNAME_XPATH; should this field be static?
SS Unread field: org.apache.activemq.console.command.CreateCommand.DEFAULT_TARGET_ACTIVEMQ_CONF; should this field be static?
UrF Unread field: org.apache.activemq.console.command.StoreExportCommand.context
WMI org.apache.activemq.console.filter.GroupPropertiesViewFilter.filterView(Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.filter.MBeansRegExQueryFilter.matches(AttributeList, Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.filter.MBeansRegExQueryFilter.matches(ObjectName, Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.filter.MapTransformFilter.transformToMap(ObjectName) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.filter.MapTransformFilter.transformToMap(CompositeDataSupport) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.formatter.CommandShellOutputFormatter.print(Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.formatter.CommandShellOutputFormatter.printMBean(Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.console.formatter.CommandShellOutputFormatter.printMessage(Map) makes inefficient use of keySet iterator instead of entrySet iterator

Dodgy code Warnings

Code Warning
DB org.apache.activemq.console.command.ShellCommand.runTask(List) uses the same code for two branches
NP Dereference of the result of readLine() without nullcheck in org.apache.activemq.console.command.CreateCommand.runTask(List)
NP Possible null pointer dereference in org.apache.activemq.console.command.CreateCommand.copyConfDirectory(File, File) due to return value of called method
NP Possible null pointer dereference in org.apache.activemq.console.command.store.tar.TarEntry.getDirectoryEntries() due to return value of called method
RCN Redundant nullcheck of obj, which is known to be non-null in org.apache.activemq.console.filter.MapTransformFilter.getDisplayString(Object)
REC Exception is caught when Exception is not thrown in org.apache.activemq.console.Main.getActiveMQHome()
REC Exception is caught when Exception is not thrown in org.apache.activemq.console.command.AbstractJmxCommand.useJmxServiceUrl()
REC Exception is caught when Exception is not thrown in org.apache.activemq.console.command.AbstractJmxCommand.findJMXUrlByProcessId(int)
ST Write to static field org.apache.activemq.console.Main.useDefExt from instance method org.apache.activemq.console.Main.parseExtensions(List)
ST Write to static field org.apache.activemq.console.command.AbstractJmxCommand.jmxPassword from instance method org.apache.activemq.console.command.AbstractJmxCommand.setJmxPassword(String)
ST Write to static field org.apache.activemq.console.command.AbstractJmxCommand.jmxUseLocal from instance method org.apache.activemq.console.command.AbstractJmxCommand.setJmxUseLocal(boolean)
ST Write to static field org.apache.activemq.console.command.AbstractJmxCommand.jmxUser from instance method org.apache.activemq.console.command.AbstractJmxCommand.setJmxUser(String)
UrF Unread public/protected field: org.apache.activemq.console.command.DecryptCommand.helpFile
UrF Unread public/protected field: org.apache.activemq.console.command.store.tar.TarOutputStream.debug

Details

DM_NUMBER_CTOR: Method invokes inefficient Number constructor; use static valueOf instead

Using new Integer(int) is guaranteed to always result in a new object whereas Integer.valueOf(int) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.

Values between -128 and 127 are guaranteed to have corresponding cached instances and using valueOf is approximately 3.5 times faster than using constructor. For values outside the constant range the performance of both styles is the same.

Unless the class must be compatible with JVMs predating Java 5, use either autoboxing or the valueOf() method when creating instances of Long, Integer, Short, Character, and Byte.

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

DB_DUPLICATE_BRANCHES: Method uses the same code for two branches

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

DE_MIGHT_IGNORE: Method might ignore exception

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED: Classloaders should only be created inside doPrivileged block

This code creates a classloader, which needs permission if a security manage is installed. If this code might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

MF_CLASS_MASKS_FIELD: Class defines field that masks a superclass field

This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other.

MS_SHOULD_BE_FINAL: Field isn't final but should be

This public static or protected static field is not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

NP_DEREFERENCE_OF_READLINE_VALUE: Dereference of the result of readLine() without nullcheck

The result of invoking readLine() is dereferenced without checking to see if the result is null. If there are no more lines of text to read, readLine() will return null and dereferencing that will generate a null pointer exception.

NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE: Possible null pointer dereference due to return value of called method

The return value from a method is dereferenced without a null check, and the return value of that method is one that should generally be checked for null. This may lead to a NullPointerException when the code is executed.

OS_OPEN_STREAM: Method may fail to close stream

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE: Redundant nullcheck of value known to be non-null

This method contains a redundant check of a known non-null value against the constant null.

REC_CATCH_EXCEPTION: Exception is caught when Exception is not thrown

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

try {
    ...
} catch (RuntimeException e) {
    throw e;
} catch (Exception e) {
    ... deal with all non-runtime exceptions ...
}

RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: Method ignores exceptional return value

This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don't check the result, you won't notice if the method invocation signals unexpected behavior by returning an atypical return value.

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 5) explicitly.

For example:

// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
}

// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
}
String s = buf.toString();

SS_SHOULD_BE_STATIC: Unread field: should this field be static?

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

SE_COMPARATOR_SHOULD_BE_SERIALIZABLE: Comparator doesn't implement Serializable

This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.

URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD: Unread public/protected field

This field is never read.  The field is public or protected, so perhaps it is intended to be used with classes not seen as part of the analysis. If not, consider removing it from the class.

WMI_WRONG_MAP_ITERATOR: Inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.