SpotBugs Report

Project Information

Project: ActiveMQ :: STOMP Protocol

SpotBugs version: 4.8.3

Code analyzed:



Metrics

2385 lines of code analyzed, in 53 classes, in 1 packages.

Metric Total Density*
High Priority Warnings 3 1.26
Medium Priority Warnings 41 17.19
Total Warnings 44 18.45

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Correctness Warnings 1
Internationalization Warnings 3
Malicious code vulnerability Warnings 27
Performance Warnings 3
Dodgy code Warnings 10
Total 44

Warnings

Click on a warning row to see full context information.

Correctness Warnings

Code Warning
NP Possible null pointer dereference of null in org.apache.activemq.transport.stomp.StompTransportFilter.getHbGracePeriodMultiplier()

Internationalization Warnings

Code Warning
Dm Found reliance on default encoding in org.apache.activemq.transport.stomp.ProtocolConverter.<static initializer for ProtocolConverter>(): new java.io.InputStreamReader(InputStream)
Dm Found reliance on default encoding in org.apache.activemq.transport.stomp.StompConnection.send(String, String, String, HashMap): String.getBytes()
Dm Found reliance on default encoding in org.apache.activemq.transport.stomp.StompFrame.getBody(): new String(byte[])

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.transport.stomp.JmsFrameTranslator.getXStream() may expose internal representation by returning JmsFrameTranslator.xStream
EI org.apache.activemq.transport.stomp.StompConnection.getStompSocket() may expose internal representation by returning StompConnection.stompSocket
EI org.apache.activemq.transport.stomp.StompFrame.getContent() may expose internal representation by returning StompFrame.content
EI org.apache.activemq.transport.stomp.StompFrame.getHeaders() may expose internal representation by returning StompFrame.headers
EI org.apache.activemq.transport.stomp.StompFrameError.getException() may expose internal representation by returning StompFrameError.exception
EI org.apache.activemq.transport.stomp.StompSubscription.getConsumerInfo() may expose internal representation by returning StompSubscription.consumerInfo
EI org.apache.activemq.transport.stomp.StompSubscription.getDestination() may expose internal representation by returning StompSubscription.destination
EI org.apache.activemq.transport.stomp.StompTransportFilter.getInactivityMonitor() may expose internal representation by returning StompTransportFilter.monitor
EI org.apache.activemq.transport.stomp.StompTransportFilter.getWireFormat() may expose internal representation by returning StompTransportFilter.wireFormat
EI2 org.apache.activemq.transport.stomp.JmsFrameTranslator.setXStream(XStream) may expose internal representation by storing an externally mutable object into JmsFrameTranslator.xStream
EI2 new org.apache.activemq.transport.stomp.StompCodec(TcpTransport) may expose internal representation by storing an externally mutable object into StompCodec.transport
EI2 org.apache.activemq.transport.stomp.StompConnection.open(Socket) may expose internal representation by storing an externally mutable object into StompConnection.stompSocket
EI2 org.apache.activemq.transport.stomp.StompConnection.setStompSocket(Socket) may expose internal representation by storing an externally mutable object into StompConnection.stompSocket
EI2 new org.apache.activemq.transport.stomp.StompFrame(String, Map, byte[]) may expose internal representation by storing an externally mutable object into StompFrame.content
EI2 new org.apache.activemq.transport.stomp.StompFrame(String, Map, byte[]) may expose internal representation by storing an externally mutable object into StompFrame.headers
EI2 org.apache.activemq.transport.stomp.StompFrame.setContent(byte[]) may expose internal representation by storing an externally mutable object into StompFrame.content
EI2 org.apache.activemq.transport.stomp.StompFrame.setHeaders(Map) may expose internal representation by storing an externally mutable object into StompFrame.headers
EI2 new org.apache.activemq.transport.stomp.StompFrameError(ProtocolException) may expose internal representation by storing an externally mutable object into StompFrameError.exception
EI2 new org.apache.activemq.transport.stomp.StompSubscription(ProtocolConverter, String, ConsumerInfo, String) may expose internal representation by storing an externally mutable object into StompSubscription.consumerInfo
EI2 new org.apache.activemq.transport.stomp.StompSubscription(ProtocolConverter, String, ConsumerInfo, String) may expose internal representation by storing an externally mutable object into StompSubscription.protocolConverter
EI2 org.apache.activemq.transport.stomp.StompSubscription.setDestination(ActiveMQDestination) may expose internal representation by storing an externally mutable object into StompSubscription.destination
EI2 new org.apache.activemq.transport.stomp.StompTransportFilter(Transport, WireFormat, BrokerContext) may expose internal representation by storing an externally mutable object into StompTransportFilter.wireFormat
EI2 org.apache.activemq.transport.stomp.StompTransportFilter.setInactivityMonitor(StompInactivityMonitor) may expose internal representation by storing an externally mutable object into StompTransportFilter.monitor
MS org.apache.activemq.transport.stomp.Stomp.COLON_ESCAPE_SEQ should be moved out of an interface and made package protected
MS org.apache.activemq.transport.stomp.Stomp.ESCAPE_ESCAPE_SEQ should be moved out of an interface and made package protected
MS org.apache.activemq.transport.stomp.Stomp.NEWLINE_ESCAPE_SEQ should be moved out of an interface and made package protected
MS org.apache.activemq.transport.stomp.Stomp.SUPPORTED_PROTOCOL_VERSIONS should be moved out of an interface and made package protected

Performance Warnings

Code Warning
UrF Unread field: org.apache.activemq.transport.stomp.StompCodec.version
WMI org.apache.activemq.transport.stomp.JmsFrameTranslator.createMapMessage(HierarchicalStreamReader) makes inefficient use of keySet iterator instead of entrySet iterator
WMI org.apache.activemq.transport.stomp.StompConnection.appendHeaders(HashMap) makes inefficient use of keySet iterator instead of entrySet iterator

Dodgy code Warnings

Code Warning
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter.onActiveMQCommand(Command)
BC Unchecked/unconfirmed cast from org.apache.activemq.transport.stomp.StompFrame to org.apache.activemq.transport.stomp.StompFrameError in org.apache.activemq.transport.stomp.ProtocolConverter.onStompCommand(StompFrame)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$1.onResponse(ProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$2.onResponse(ProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$3.onResponse(ProtocolConverter, Response)
BC Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.stomp.ProtocolConverter$3$1.onResponse(ProtocolConverter, Response)
BC Unchecked/unconfirmed cast from java.net.Socket to javax.net.ssl.SSLSocket in org.apache.activemq.transport.stomp.StompSslTransportFactory.createTransport(WireFormat, Socket, TcpTransport$InitBuffer)
REC Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.ProtocolConverter.<static initializer for ProtocolConverter>()
REC Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.ProtocolConverter.findTranslator(String, ActiveMQDestination, boolean)
REC Exception is caught when Exception is not thrown in org.apache.activemq.transport.stomp.StompWireFormat.parseHeaders(DataInput, AtomicLong)

Details

BC_UNCONFIRMED_CAST: Unchecked/unconfirmed cast

This cast is unchecked, and not all instances of the type cast from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

MS_OOI_PKGPROTECT: Field should be moved out of an interface and made package protected

A final static field that is defined in an interface references a mutable object such as an array or hashtable. This mutable object could be changed by malicious code or by accident from another package. To solve this, the field needs to be moved to a class and made package protected to avoid this vulnerability.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception cannot ever be executed; deciding that is beyond the ability of SpotBugs.

REC_CATCH_EXCEPTION: Exception is caught when Exception is not thrown

This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

try {
    ...
} catch (RuntimeException e) {
    throw e;
} catch (Exception e) {
    ... deal with all non-runtime exceptions ...
}

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.

WMI_WRONG_MAP_ITERATOR: Inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.