SpotBugs Report

Project Information

Project: ActiveMQ :: Camel

SpotBugs version: 4.8.3

Code analyzed:



Metrics

1098 lines of code analyzed, in 31 classes, in 5 packages.

Metric Total Density*
High Priority Warnings 0.00
Medium Priority Warnings 35 31.88
Total Warnings 35 31.88

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 1
Malicious code vulnerability Warnings 34
Total 35

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
CT Exception thrown in class org.apache.activemq.camel.CamelMessageProducer at new org.apache.activemq.camel.CamelMessageProducer(CamelDestination, Endpoint, ActiveMQSession) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.

Malicious code vulnerability Warnings

Code Warning
EI org.apache.activemq.camel.CamelConnection.getCamelContext() may expose internal representation by returning CamelConnection.camelContext
EI org.apache.activemq.camel.CamelConnectionFactory.getCamelContext() may expose internal representation by returning CamelConnectionFactory.camelContext
EI org.apache.activemq.camel.CamelDestination.getBinding() may expose internal representation by returning CamelDestination.binding
EI org.apache.activemq.camel.CamelDestination.getCamelContext() may expose internal representation by returning CamelDestination.camelContext
EI org.apache.activemq.camel.CamelDestination.getEndpoint() may expose internal representation by returning CamelDestination.endpoint
EI org.apache.activemq.camel.CamelMessageConsumer.getDestination() may expose internal representation by returning CamelMessageConsumer.destination
EI org.apache.activemq.camel.CamelMessageConsumer.getEndpoint() may expose internal representation by returning CamelMessageConsumer.endpoint
EI org.apache.activemq.camel.CamelMessageConsumer.getSession() may expose internal representation by returning CamelMessageConsumer.session
EI org.apache.activemq.camel.CamelMessageProducer.getDestination() may expose internal representation by returning CamelMessageProducer.destination
EI org.apache.activemq.camel.CamelMessageProducer.getEndpoint() may expose internal representation by returning CamelMessageProducer.endpoint
EI org.apache.activemq.camel.CamelShutdownHook.getCamelContext() may expose internal representation by returning CamelShutdownHook.camelContext
EI org.apache.activemq.camel.component.CamelEndpointLoader.getCamelContext() may expose internal representation by returning CamelEndpointLoader.camelContext
EI org.apache.activemq.camel.component.CamelEndpointLoader.getComponent() may expose internal representation by returning CamelEndpointLoader.component
EI org.apache.activemq.camel.component.broker.BrokerEndpoint.getDestination() may expose internal representation by returning BrokerEndpoint.destination
EI org.apache.activemq.camel.converter.ActiveMQMessageConverter.getBinding() may expose internal representation by returning ActiveMQMessageConverter.binding
EI2 org.apache.activemq.camel.CamelConnection.setCamelContext(CamelContext) may expose internal representation by storing an externally mutable object into CamelConnection.camelContext
EI2 org.apache.activemq.camel.CamelConnectionFactory.setCamelContext(CamelContext) may expose internal representation by storing an externally mutable object into CamelConnectionFactory.camelContext
EI2 org.apache.activemq.camel.CamelDestination.setBinding(JmsBinding) may expose internal representation by storing an externally mutable object into CamelDestination.binding
EI2 org.apache.activemq.camel.CamelDestination.setCamelContext(CamelContext) may expose internal representation by storing an externally mutable object into CamelDestination.camelContext
EI2 org.apache.activemq.camel.CamelDestination.setEndpoint(Endpoint) may expose internal representation by storing an externally mutable object into CamelDestination.endpoint
EI2 new org.apache.activemq.camel.CamelMessageConsumer(CamelDestination, Endpoint, ActiveMQSession, String, boolean) may expose internal representation by storing an externally mutable object into CamelMessageConsumer.destination
EI2 new org.apache.activemq.camel.CamelMessageConsumer(CamelDestination, Endpoint, ActiveMQSession, String, boolean) may expose internal representation by storing an externally mutable object into CamelMessageConsumer.endpoint
EI2 new org.apache.activemq.camel.CamelMessageConsumer(CamelDestination, Endpoint, ActiveMQSession, String, boolean) may expose internal representation by storing an externally mutable object into CamelMessageConsumer.session
EI2 new org.apache.activemq.camel.CamelMessageProducer(CamelDestination, Endpoint, ActiveMQSession) may expose internal representation by storing an externally mutable object into CamelMessageProducer.destination
EI2 new org.apache.activemq.camel.CamelMessageProducer(CamelDestination, Endpoint, ActiveMQSession) may expose internal representation by storing an externally mutable object into CamelMessageProducer.endpoint
EI2 org.apache.activemq.camel.CamelShutdownHook.setCamelContext(CamelContext) may expose internal representation by storing an externally mutable object into CamelShutdownHook.camelContext
EI2 new org.apache.activemq.camel.component.CamelEndpointLoader(CamelContext, DestinationSource) may expose internal representation by storing an externally mutable object into CamelEndpointLoader.camelContext
EI2 new org.apache.activemq.camel.component.CamelEndpointLoader(CamelContext, DestinationSource) may expose internal representation by storing an externally mutable object into CamelEndpointLoader.source
EI2 org.apache.activemq.camel.component.CamelEndpointLoader.setCamelContext(CamelContext) may expose internal representation by storing an externally mutable object into CamelEndpointLoader.camelContext
EI2 org.apache.activemq.camel.component.CamelEndpointLoader.setComponent(ActiveMQComponent) may expose internal representation by storing an externally mutable object into CamelEndpointLoader.component
EI2 new org.apache.activemq.camel.component.broker.BrokerEndpoint(String, BrokerComponent, String, ActiveMQDestination, BrokerConfiguration) may expose internal representation by storing an externally mutable object into BrokerEndpoint.configuration
EI2 new org.apache.activemq.camel.component.broker.BrokerEndpoint(String, BrokerComponent, String, ActiveMQDestination, BrokerConfiguration) may expose internal representation by storing an externally mutable object into BrokerEndpoint.destination
EI2 new org.apache.activemq.camel.component.broker.BrokerProducer(BrokerEndpoint) may expose internal representation by storing an externally mutable object into BrokerProducer.brokerEndpoint
EI2 org.apache.activemq.camel.converter.ActiveMQMessageConverter.setBinding(JmsBinding) may expose internal representation by storing an externally mutable object into ActiveMQMessageConverter.binding

Details

CT_CONSTRUCTOR_THROW: Be wary of letting constructors throw exceptions.

Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks

A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.

See SEI CERT Rule OBJ-11 for more information.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.