The following document contains the results of FindBugs Report
FindBugs Version is 1.3.9
Threshold is
Effort is min
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Incorrect lazy initialization of static field org.apache.turbine.Turbine.serverData in org.apache.turbine.Turbine.getDefaultServerData() | MT_CORRECTNESS | LI_LAZY_INIT_STATIC | 674-687 | Medium |
Null pointer dereference of System.err in org.apache.turbine.Turbine.configureLogging() | CORRECTNESS | NP_ALWAYS_NULL | 431 | High |
Null pointer dereference of System.err in org.apache.turbine.Turbine.configureLogging() | CORRECTNESS | NP_ALWAYS_NULL | 455 | High |
Null pointer dereference of System.err in org.apache.turbine.Turbine.createRuntimeDirectories(ServletContext, ServletConfig) | CORRECTNESS | NP_ALWAYS_NULL | 506 | High |
Write to static field org.apache.turbine.Turbine.firstDoGet from instance method org.apache.turbine.Turbine.destroy() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 749 | High |
Write to static field org.apache.turbine.Turbine.firstInit from instance method org.apache.turbine.Turbine.destroy() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 748 | High |
Write to static field org.apache.turbine.Turbine.applicationRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 250 | Medium |
Write to static field org.apache.turbine.Turbine.webappRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 254 | Medium |
Write to static field org.apache.turbine.Turbine.initFailure from instance method org.apache.turbine.Turbine.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 223 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unread field: org.apache.turbine.modules.navigations.BaseJspNavigation.prefix; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 43 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unread field: org.apache.turbine.modules.navigations.VelocityNavigation.prefix; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 49 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.modules.screens.JSONScreen.doOutput(PipelineData) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 115 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.om.security.DefaultUserImpl.getLastAccessDate() may expose internal representation by returning DefaultUserImpl.lastAccessDate | MALICIOUS_CODE | EI_EXPOSE_REP | 424 | Medium |
Null pointer dereference of System.out in org.apache.turbine.om.security.DefaultUserImpl.valueUnbound(HttpSessionBindingEvent) | CORRECTNESS | NP_ALWAYS_NULL | 113 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Synchronization on TurbinePipeline.valves in futile attempt to guard it | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | 120 | High |
Synchronization on TurbinePipeline.valves in futile attempt to guard it | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | 172 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field configuration | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field initableBroker | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field serviceBroker | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Write to static field org.apache.turbine.services.naming.TurbineNamingService.contextPropsList from instance method org.apache.turbine.services.naming.TurbineNamingService.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 84 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.schedule.AbstractJobEntry.log isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 38 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Inconsistent synchronization of org.apache.turbine.services.schedule.AbstractSchedulerService.enabled; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 342 | Medium |
org.apache.turbine.services.schedule.AbstractSchedulerService.log isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 40 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.schedule.BaseJobEntryTorque.getProperty() may expose internal representation by returning BaseJobEntryTorque.property | MALICIOUS_CODE | EI_EXPOSE_REP | 331 | Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorque.setProperty(byte[]) may expose internal representation by storing an externally mutable object into BaseJobEntryTorque.property | MALICIOUS_CODE | EI_EXPOSE_REP2 | 346 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.schedule.JobEntryQuartz defines compareTo(Object) and uses Object.equals() | BAD_PRACTICE | EQ_COMPARETO_USE_OBJECT_EQUALS | 41 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.schedule.QuartzSchedulerService.log isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 54 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Possible doublecheck on org.apache.turbine.services.security.DefaultSecurityService.globalGroup in org.apache.turbine.services.security.DefaultSecurityService.getGlobalGroup() | MT_CORRECTNESS | DC_DOUBLECHECK | 592-596 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.template.BaseTemplateEngineService.getTemplateEngineServiceConfiguration() may expose internal representation by returning BaseTemplateEngineService.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 68 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Dead store to componentSize in org.apache.turbine.services.template.mapper.ScreenDefaultTemplateMapper.doMapping(String) | STYLE | DLS_DEAD_LOCAL_STORE | 83 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Synchronization on TurbineUIService.skins in futile attempt to guard it | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | 241 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.services.uniqueid.TurbineUniqueIdService.counter should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | Not available | Medium |
org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineId should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 51 | Medium |
org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineURL isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 53 | High |
Write to static field org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineId from instance method org.apache.turbine.services.uniqueid.TurbineUniqueIdService.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 78 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Inconsistent synchronization of org.apache.turbine.services.velocity.TurbineVelocityService.velocity; locked 60% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 425 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Null pointer dereference of System.out in org.apache.turbine.util.GenerateUniqueId.main(String[]) | CORRECTNESS | NP_ALWAYS_NULL | 154 | High |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.turbine.util.ServerData defines clone() but doesn't implement Cloneable | BAD_PRACTICE | CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE | 141-142 | Medium |
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
new org.apache.turbine.util.template.SelectorBox(String, Object[], Object[], int, boolean[]) may expose internal representation by storing an externally mutable object into SelectorBox.names | MALICIOUS_CODE | EI_EXPOSE_REP2 | 143 | Medium |
new org.apache.turbine.util.template.SelectorBox(String, Object[], Object[], int, boolean[]) may expose internal representation by storing an externally mutable object into SelectorBox.selected | MALICIOUS_CODE | EI_EXPOSE_REP2 | 146 | Medium |
new org.apache.turbine.util.template.SelectorBox(String, Object[], Object[], int, boolean[]) may expose internal representation by storing an externally mutable object into SelectorBox.values | MALICIOUS_CODE | EI_EXPOSE_REP2 | 144 | Medium |
org.apache.turbine.util.template.SelectorBox.setSelected(boolean[]) may expose internal representation by storing an externally mutable object into SelectorBox.selected | MALICIOUS_CODE | EI_EXPOSE_REP2 | 295 | Medium |