Project: ActiveMQ :: JAAS
SpotBugs version: 4.8.3
Code analyzed:
836 lines of code analyzed, in 16 classes, in 1 packages.
Metric | Total | Density* |
---|---|---|
High Priority Warnings | 0.00 | |
Medium Priority Warnings | 15 | 17.94 |
Total Warnings | 15 | 17.94 |
(* Defects per Thousand lines of non-commenting source statements)
Warning Type | Number |
---|---|
Bad practice Warnings | 3 |
Malicious code vulnerability Warnings | 11 |
Performance Warnings | 1 |
Total | 15 |
Click on a warning row to see full context information.
Code | Warning |
---|---|
CT | Exception thrown in class org.apache.activemq.jaas.GroupPrincipal at new org.apache.activemq.jaas.GroupPrincipal(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
CT | Exception thrown in class org.apache.activemq.jaas.UserPrincipal at new org.apache.activemq.jaas.UserPrincipal(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
ES | Comparison of String parameter using == or != in org.apache.activemq.jaas.LDAPLoginModule.getLDAPPropertyValue(String) |
Code | Warning |
---|---|
EI | org.apache.activemq.jaas.CertificateCallback.getCertificates() may expose internal representation by returning CertificateCallback.certificates |
EI | org.apache.activemq.jaas.ReloadableProperties.getProps() may expose internal representation by returning ReloadableProperties.props |
EI | org.apache.activemq.jaas.ReloadableProperties.invertedPropertiesMap() may expose internal representation by returning ReloadableProperties.invertedProps |
EI | org.apache.activemq.jaas.ReloadableProperties.invertedPropertiesValuesMap() may expose internal representation by returning ReloadableProperties.invertedValueProps |
EI2 | org.apache.activemq.jaas.CertificateCallback.setCertificates(X509Certificate[]) may expose internal representation by storing an externally mutable object into CertificateCallback.certificates |
EI2 | org.apache.activemq.jaas.CertificateLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into CertificateLoginModule.subject |
EI2 | org.apache.activemq.jaas.GuestLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into GuestLoginModule.subject |
EI2 | new org.apache.activemq.jaas.JaasCertificateCallbackHandler(X509Certificate[]) may expose internal representation by storing an externally mutable object into JaasCertificateCallbackHandler.certificates |
EI2 | org.apache.activemq.jaas.LDAPLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into LDAPLoginModule.subject |
EI2 | org.apache.activemq.jaas.PropertiesLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into PropertiesLoginModule.subject |
EI2 | new org.apache.activemq.jaas.ReloadableProperties(PropertiesLoader$FileNameKey) may expose internal representation by storing an externally mutable object into ReloadableProperties.key |
Code | Warning |
---|---|
SIC | Should org.apache.activemq.jaas.PropertiesLoader$FileNameKey be a _static_ inner class? |
Classes that throw exceptions in their constructors are vulnerable to Finalizer attacks
A finalizer attack can be prevented, by declaring the class final, using an empty finalizer declared as final, or by a clever use of a private constructor.
See SEI CERT Rule OBJ-11
for more information.
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
This code compares a java.lang.String
parameter for reference
equality using the == or != operators. Requiring callers to
pass only String constants or interned strings to a method is unnecessarily
fragile, and rarely leads to measurable performance gains. Consider
using the equals(Object)
method instead.
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.