Project: ActiveMQ :: AMQP
SpotBugs version: 4.8.3
Code analyzed:
3866 lines of code analyzed, in 90 classes, in 4 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 3 | 0.78 |
Medium Priority Warnings | 54 | 13.97 |
Total Warnings | 57 | 14.74 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 4 |
Internationalization Warnings | 1 |
Malicious code vulnerability Warnings | 37 |
Performance Warnings | 2 |
Dodgy code Warnings | 13 |
Total | 57 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
CT | Exception thrown in class org.apache.activemq.transport.amqp.AmqpHeader at new org.apache.activemq.transport.amqp.AmqpHeader(Buffer) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.transport.amqp.AmqpHeader at new org.apache.activemq.transport.amqp.AmqpHeader(Buffer, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
DE | org.apache.activemq.transport.amqp.protocol.AmqpConnection.onAMQPException(IOException) might ignore java.lang.Exception |
OS | org.apache.activemq.transport.amqp.protocol.AmqpConnection.<static initializer for AmqpConnection>() may fail to close stream |
Code | Warning |
---|---|
Dm | Found reliance on default encoding in org.apache.activemq.transport.amqp.protocol.AmqpConnection.<static initializer for AmqpConnection>(): new java.io.InputStreamReader(InputStream) |
Code | Warning |
---|---|
EI | org.apache.activemq.transport.amqp.AmqpFrameParser.getWireFormat() may expose internal representation by returning AmqpFrameParser.wireFormat |
EI | org.apache.activemq.transport.amqp.AmqpHeader.getBuffer() may expose internal representation by returning AmqpHeader.buffer |
EI | org.apache.activemq.transport.amqp.AmqpInactivityMonitor.getAmqpTransport() may expose internal representation by returning AmqpInactivityMonitor.amqpTransport |
EI | org.apache.activemq.transport.amqp.AmqpTransportFilter.getInactivityMonitor() may expose internal representation by returning AmqpTransportFilter.monitor |
EI | org.apache.activemq.transport.amqp.AmqpTransportFilter.getWireFormat() may expose internal representation by returning AmqpTransportFilter.wireFormat |
EI | org.apache.activemq.transport.amqp.AmqpWSTransport.getPeerCertificates() may expose internal representation by returning AmqpWSTransport.certificates |
EI | org.apache.activemq.transport.amqp.message.AmqpWritableBuffer.getArray() may expose internal representation by returning AmqpWritableBuffer.buffer |
EI | org.apache.activemq.transport.amqp.protocol.AmqpAbstractLink.getEndpoint() may expose internal representation by returning AmqpAbstractLink.endpoint |
EI | org.apache.activemq.transport.amqp.protocol.AmqpConnection.getConnectionId() may expose internal representation by returning AmqpConnection.connectionId |
EI | org.apache.activemq.transport.amqp.protocol.AmqpSession.getConnection() may expose internal representation by returning AmqpSession.connection |
EI | org.apache.activemq.transport.amqp.protocol.AmqpSession.getEndpoint() may expose internal representation by returning AmqpSession.protonSession |
EI | org.apache.activemq.transport.amqp.protocol.AmqpSession.getSessionId() may expose internal representation by returning AmqpSession.sessionId |
EI | org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator.getSupportedMechanisms() may expose internal representation by returning AmqpAuthenticator.mechanisms |
EI2 | org.apache.activemq.transport.amqp.AmqpFrameParser.setWireFormat(AmqpWireFormat) may expose internal representation by storing an externally mutable object into AmqpFrameParser.wireFormat |
EI2 | org.apache.activemq.transport.amqp.AmqpInactivityMonitor.setAmqpTransport(AmqpTransport) may expose internal representation by storing an externally mutable object into AmqpInactivityMonitor.amqpTransport |
EI2 | org.apache.activemq.transport.amqp.AmqpNioTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AmqpNioTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.amqp.AmqpProtocolDiscriminator(AmqpTransport, BrokerService) may expose internal representation by storing an externally mutable object into AmqpProtocolDiscriminator.brokerService |
EI2 | new org.apache.activemq.transport.amqp.AmqpProtocolDiscriminator(AmqpTransport, BrokerService) may expose internal representation by storing an externally mutable object into AmqpProtocolDiscriminator.transport |
EI2 | org.apache.activemq.transport.amqp.AmqpSslTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AmqpSslTransportFactory.brokerService |
EI2 | org.apache.activemq.transport.amqp.AmqpTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AmqpTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.amqp.AmqpTransportFilter(Transport, WireFormat, BrokerService) may expose internal representation by storing an externally mutable object into AmqpTransportFilter.wireFormat |
EI2 | org.apache.activemq.transport.amqp.AmqpTransportFilter.setInactivityMonitor(AmqpInactivityMonitor) may expose internal representation by storing an externally mutable object into AmqpTransportFilter.monitor |
EI2 | org.apache.activemq.transport.amqp.AmqpWSTransport.setPeerCertificates(X509Certificate[]) may expose internal representation by storing an externally mutable object into AmqpWSTransport.certificates |
EI2 | org.apache.activemq.transport.amqp.AmqpWSTransportFactory.setBrokerService(BrokerService) may expose internal representation by storing an externally mutable object into AmqpWSTransportFactory.brokerService |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpAbstractLink(AmqpSession, Link) may expose internal representation by storing an externally mutable object into AmqpAbstractLink.endpoint |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpConnection(AmqpTransport, BrokerService) may expose internal representation by storing an externally mutable object into AmqpConnection.amqpTransport |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpConnection(AmqpTransport, BrokerService) may expose internal representation by storing an externally mutable object into AmqpConnection.brokerService |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpReceiver(AmqpSession, Receiver, ProducerInfo) may expose internal representation by storing an externally mutable object into AmqpReceiver.producerInfo |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpSender(AmqpSession, Sender, ConsumerInfo) may expose internal representation by storing an externally mutable object into AmqpSender.consumerInfo |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpSession(AmqpConnection, SessionId, Session) may expose internal representation by storing an externally mutable object into AmqpSession.connection |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpSession(AmqpConnection, SessionId, Session) may expose internal representation by storing an externally mutable object into AmqpSession.protonSession |
EI2 | new org.apache.activemq.transport.amqp.protocol.AmqpSession(AmqpConnection, SessionId, Session) may expose internal representation by storing an externally mutable object into AmqpSession.sessionId |
EI2 | new org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator(AmqpTransport, Sasl, BrokerService) may expose internal representation by storing an externally mutable object into AmqpAuthenticator.brokerService |
EI2 | new org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator(AmqpTransport, Sasl, BrokerService) may expose internal representation by storing an externally mutable object into AmqpAuthenticator.sasl |
EI2 | new org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator(AmqpTransport, Sasl, BrokerService) may expose internal representation by storing an externally mutable object into AmqpAuthenticator.transport |
MS | org.apache.activemq.transport.amqp.AmqpSupport.JMS_SELECTOR_FILTER_IDS is a mutable array |
MS | org.apache.activemq.transport.amqp.AmqpSupport.NO_LOCAL_FILTER_IDS is a mutable array |
Code | Warning |
---|---|
Bx | Boxed value is unboxed and then immediately reboxed in org.apache.activemq.transport.amqp.message.JMSMappingOutboundTransformer.transform(ActiveMQMessage) |
SIC | Should org.apache.activemq.transport.amqp.sasl.AmqpAuthenticator$DefaultAuthenticationBroker be a _static_ inner class? |
Code | Warning |
---|---|
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpConnection.onActiveMQCommand(Command) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpConnection$2.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpConnection$4.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpConnection$5.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpReceiver$2.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpSender$3.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpSender$4.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpSession$3.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpSession$5.onResponse(AmqpProtocolConverter, Response) |
BC | Unchecked/unconfirmed cast from org.apache.activemq.command.Response to org.apache.activemq.command.ExceptionResponse in org.apache.activemq.transport.amqp.protocol.AmqpTransactionCoordinator$1.onResponse(AmqpProtocolConverter, Response) |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.amqp.message.AmqpMessageSupport.getBinaryFromMessageBody(ActiveMQObjectMessage) |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.amqp.message.AmqpMessageSupport.getBinaryFromMessageBody(ActiveMQTextMessage) |
REC | Exception is caught when Exception is not thrown in org.apache.activemq.transport.amqp.protocol.AmqpSender.pumpOutbound() |
This cast is unchecked, and not all instances of the type cast from can be cast to the type it is being cast to. Check that your program logic ensures that this cast will not fail.
A boxed value is unboxed and then immediately reboxed.
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks
A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.
See SEI CERT Rule OBJ-11
for more information.
This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behavior to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
A final static field references an array and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the array.
The method creates an IO stream object, does not assign it to any
fields, pass it to other methods that might close it,
or return it, and does not appear to close
the stream on all paths out of the method. This may result in
a file descriptor leak. It is generally a good
idea to use a finally
block to ensure that streams are
closed.
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.