SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.7.2
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 308 |
84 |
0 |
0 |
org.apache.turbine.Turbine
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.Turbine.handleHorribleException(HttpServletResponse, Throwable) might ignore java.lang.Exception |
BAD_PRACTICE |
DE_MIGHT_IGNORE |
904 |
Medium |
| org.apache.turbine.Turbine.setTurbineServletContext(ServletContext) may expose internal static state by storing a mutable object into a static field org.apache.turbine.Turbine.servletContext |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
710 |
Medium |
| Public static org.apache.turbine.Turbine.getConfiguration() may expose internal representation by returning Turbine.configuration |
MALICIOUS_CODE |
MS_EXPOSE_REP |
591 |
Medium |
| Public static org.apache.turbine.Turbine.getDefaultServerData() may expose internal representation by returning Turbine.serverData |
MALICIOUS_CODE |
MS_EXPOSE_REP |
678 |
Medium |
| Public static org.apache.turbine.Turbine.getTurbineServletContext() may expose internal representation by returning Turbine.servletContext |
MALICIOUS_CODE |
MS_EXPOSE_REP |
720 |
Medium |
| Write to static field org.apache.turbine.Turbine.firstDoGet from instance method org.apache.turbine.Turbine.destroy() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
734 |
High |
| Write to static field org.apache.turbine.Turbine.firstInit from instance method org.apache.turbine.Turbine.destroy() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
733 |
High |
| Write to static field org.apache.turbine.Turbine.applicationRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
263 |
Medium |
| Write to static field org.apache.turbine.Turbine.webappRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
267 |
Medium |
org.apache.turbine.modules.GenericLoader
| Bug |
Category |
Details |
Line |
Priority |
| Public static org.apache.turbine.modules.GenericLoader.getPackages() may expose internal representation by returning GenericLoader.TURBINE_PACKAGES |
MALICIOUS_CODE |
MS_EXPOSE_REP |
149 |
Medium |
org.apache.turbine.om.security.DefaultUserImpl
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.om.security.DefaultUserImpl.getPermStorage() may expose internal representation by returning DefaultUserImpl.permStorage |
MALICIOUS_CODE |
EI_EXPOSE_REP |
466 |
Medium |
| org.apache.turbine.om.security.DefaultUserImpl.getTempStorage() may expose internal representation by returning DefaultUserImpl.tempStorage |
MALICIOUS_CODE |
EI_EXPOSE_REP |
497 |
Medium |
| org.apache.turbine.om.security.DefaultUserImpl.setPermStorage(Map) may expose internal representation by storing an externally mutable object into DefaultUserImpl.permStorage |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
480 |
Medium |
| org.apache.turbine.om.security.DefaultUserImpl.setTempStorage(Map) may expose internal representation by storing an externally mutable object into DefaultUserImpl.tempStorage |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
511 |
Medium |
| Inconsistent synchronization of org.apache.turbine.om.security.DefaultUserImpl.permStorage; locked 83% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
480 |
Medium |
org.apache.turbine.services.BaseInitableBroker
| Bug |
Category |
Details |
Line |
Priority |
| instanceof will always return false in org.apache.turbine.services.BaseInitableBroker.getInitableInstance(String), since a Exception cannot be a NoClassDefFoundError |
CORRECTNESS |
BC_IMPOSSIBLE_INSTANCEOF |
248 |
Medium |
org.apache.turbine.services.BaseService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.BaseService.getConfiguration() may expose internal representation by returning BaseService.configuration |
MALICIOUS_CODE |
EI_EXPOSE_REP |
123 |
Medium |
org.apache.turbine.services.BaseServiceBroker
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.BaseServiceBroker.getConfiguration() may expose internal representation by returning BaseServiceBroker.configuration |
MALICIOUS_CODE |
EI_EXPOSE_REP |
152 |
Medium |
| org.apache.turbine.services.BaseServiceBroker.setConfiguration(Configuration) may expose internal representation by storing an externally mutable object into BaseServiceBroker.configuration |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
142 |
Medium |
org.apache.turbine.services.BaseUnicastRemoteService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.BaseUnicastRemoteService.getConfiguration() may expose internal representation by returning BaseUnicastRemoteService.configuration |
MALICIOUS_CODE |
EI_EXPOSE_REP |
82 |
Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field configuration |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field initableBroker |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field serviceBroker |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
org.apache.turbine.services.TurbineServices
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.TurbineServices.setManager(ServiceManager) may expose internal static state by storing a mutable object into a static field org.apache.turbine.services.TurbineServices.instance |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
70 |
Medium |
| Public static org.apache.turbine.services.TurbineServices.getInstance() may expose internal representation by returning TurbineServices.instance |
MALICIOUS_CODE |
MS_EXPOSE_REP |
59 |
Medium |
org.apache.turbine.services.intake.IntakeTool
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.intake.IntakeTool.getGroups() may expose internal representation by returning IntakeTool.groups |
MALICIOUS_CODE |
EI_EXPOSE_REP |
490 |
Medium |
org.apache.turbine.services.jsp.util.JspNavigation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.services.jsp.util.JspNavigation(RunData) may expose internal representation by storing an externally mutable object into JspNavigation.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
62 |
Medium |
org.apache.turbine.services.jsp.util.JspScreenPlaceholder
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.services.jsp.util.JspScreenPlaceholder(RunData) may expose internal representation by storing an externally mutable object into JspScreenPlaceholder.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
66 |
Medium |
org.apache.turbine.services.naming.TurbineNamingService
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field org.apache.turbine.services.naming.TurbineNamingService.contextPropsList from instance method org.apache.turbine.services.naming.TurbineNamingService.init() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
84 |
Medium |
org.apache.turbine.services.pull.TurbinePullService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.pull.TurbinePullService.getGlobalContext() may expose internal representation by returning TurbinePullService.globalContext |
MALICIOUS_CODE |
EI_EXPOSE_REP |
364 |
Medium |
| Redundant nullcheck of tool, which is known to be non-null in org.apache.turbine.services.pull.TurbinePullService.populateWithPermTools(List, Context, Object, User) |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
636 |
Medium |
| Redundant nullcheck of tool, which is known to be non-null in org.apache.turbine.services.pull.TurbinePullService.populateWithSessionTools(List, Context, RunData, User) |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
553 |
Medium |
org.apache.turbine.services.pull.util.DateTimeFormatterTool
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.pull.util.DateTimeFormatterTool.getDtfs() may expose internal representation by returning DateTimeFormatterTool.dtfs |
MALICIOUS_CODE |
EI_EXPOSE_REP |
116 |
Medium |
org.apache.turbine.services.rundata.DefaultTurbineRunData
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getDebugVariables() may expose internal representation by returning DefaultTurbineRunData.debugVariables |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1273 |
Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getJNDIContexts() may expose internal representation by returning DefaultTurbineRunData.jndiContexts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1059 |
Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getOut() may expose internal representation by returning DefaultTurbineRunData.out |
MALICIOUS_CODE |
EI_EXPOSE_REP |
811 |
Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getStackTraceException() may expose internal representation by returning DefaultTurbineRunData.stackTraceException |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1235 |
Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.setJNDIContexts(Map) may expose internal representation by storing an externally mutable object into DefaultTurbineRunData.jndiContexts |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1070 |
Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.setStackTrace(String, Throwable) may expose internal representation by storing an externally mutable object into DefaultTurbineRunData.stackTraceException |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1248 |
Medium |
org.apache.turbine.services.schedule.AbstractSchedulerService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.schedule.AbstractSchedulerService.getThread() may expose internal representation by returning AbstractSchedulerService.houseKeepingThread |
MALICIOUS_CODE |
EI_EXPOSE_REP |
235 |
Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorque
| Bug |
Category |
Details |
Line |
Priority |
| Using .equals to compare two byte[]'s, (equivalent to ==) in org.apache.turbine.services.schedule.BaseJobEntryTorque.setProperty(byte[]) |
CORRECTNESS |
EC_BAD_ARRAY_COMPARE |
331 |
Medium |
| Using .equals to compare two byte[]'s, (equivalent to ==) in org.apache.turbine.services.schedule.BaseJobEntryTorque.valueEquals(JobEntryTorque) |
CORRECTNESS |
EC_BAD_ARRAY_COMPARE |
878 |
Medium |
| org.apache.turbine.services.schedule.BaseJobEntryTorque.getProperty() may expose internal representation by returning BaseJobEntryTorque.property |
MALICIOUS_CODE |
EI_EXPOSE_REP |
321 |
Medium |
| org.apache.turbine.services.schedule.BaseJobEntryTorque.setProperty(byte[]) may expose internal representation by storing an externally mutable object into BaseJobEntryTorque.property |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
336 |
Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorquePeer
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.schedule.BaseJobEntryTorquePeer.setJobEntryTorquePeerImpl(JobEntryTorquePeerImpl) may expose internal static state by storing a mutable object into a static field org.apache.turbine.services.schedule.BaseJobEntryTorquePeer.jobEntryTorquePeerImpl |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
265 |
Medium |
org.apache.turbine.services.schedule.JobEntryQuartz
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.schedule.JobEntryQuartz defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
41 |
Medium |
org.apache.turbine.services.schedule.QuartzSchedulerService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.schedule.QuartzSchedulerService.getScheduler() may expose internal representation by returning QuartzSchedulerService.scheduler |
MALICIOUS_CODE |
EI_EXPOSE_REP |
396 |
Medium |
org.apache.turbine.services.schedule.WorkerThread
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.services.schedule.WorkerThread(JobEntry) may expose internal representation by storing an externally mutable object into WorkerThread.je |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
org.apache.turbine.services.security.DefaultSecurityService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.security.DefaultSecurityService.getUserManager() may expose internal representation by returning DefaultSecurityService.userManager |
MALICIOUS_CODE |
EI_EXPOSE_REP |
344 |
Medium |
org.apache.turbine.services.servlet.TurbineServletService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.servlet.TurbineServletService.getServletContext() may expose internal representation by returning TurbineServletService.servletContext |
MALICIOUS_CODE |
EI_EXPOSE_REP |
187 |
Medium |
org.apache.turbine.services.session.SessionListener
| Bug |
Category |
Details |
Line |
Priority |
| Class org.apache.turbine.services.session.SessionListener defines non-transient non-serializable instance field sessionService |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
org.apache.turbine.services.template.BaseTemplateEngineService
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.template.BaseTemplateEngineService.getTemplateEngineServiceConfiguration() may expose internal representation by returning BaseTemplateEngineService.configuration |
MALICIOUS_CODE |
EI_EXPOSE_REP |
72 |
Medium |
org.apache.turbine.services.template.mapper.ScreenDefaultTemplateMapper
| Bug |
Category |
Details |
Line |
Priority |
| Dead store to componentSize in org.apache.turbine.services.template.mapper.ScreenDefaultTemplateMapper.doMapping(String) |
STYLE |
DLS_DEAD_LOCAL_STORE |
84 |
Medium |
org.apache.turbine.services.uniqueid.TurbineUniqueIdService
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineId from instance method org.apache.turbine.services.uniqueid.TurbineUniqueIdService.init() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
81 |
Medium |
| Write to static field org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineURL from instance method org.apache.turbine.services.uniqueid.TurbineUniqueIdService.init() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
77 |
Medium |
org.apache.turbine.services.urlmapper.model.URLMapEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getGroupNamesMap() may expose internal representation by returning URLMapEntry.groupNamesMap |
MALICIOUS_CODE |
EI_EXPOSE_REP |
137 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getIgnoreParameters() may expose internal representation by returning URLMapEntry.ignore |
MALICIOUS_CODE |
EI_EXPOSE_REP |
100 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getImplicitParameters() may expose internal representation by returning URLMapEntry.implicit |
MALICIOUS_CODE |
EI_EXPOSE_REP |
81 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getOverrideParameters() may expose internal representation by returning URLMapEntry.override |
MALICIOUS_CODE |
EI_EXPOSE_REP |
119 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getRelevantKeys() may expose internal representation by returning URLMapEntry.relevantKeys |
MALICIOUS_CODE |
EI_EXPOSE_REP |
157 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.setGroupNamesMap(Map) may expose internal representation by storing an externally mutable object into URLMapEntry.groupNamesMap |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
147 |
Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.setRelevantKeys(Set) may expose internal representation by storing an externally mutable object into URLMapEntry.relevantKeys |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
167 |
Medium |
org.apache.turbine.services.urlmapper.model.URLMappingContainer
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.urlmapper.model.URLMappingContainer.getMapEntries() may expose internal representation by returning URLMappingContainer.urlMapEntries |
MALICIOUS_CODE |
EI_EXPOSE_REP |
86 |
Medium |
org.apache.turbine.services.urlmapper.model.XmlParameterList
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.services.urlmapper.model.XmlParameterList.getXmlParameters() may expose internal representation by returning XmlParameterList.xmlParameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
96 |
Medium |
| org.apache.turbine.services.urlmapper.model.XmlParameterList.setXmlParameters(List) may expose internal representation by storing an externally mutable object into XmlParameterList.xmlParameters |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
106 |
Medium |
org.apache.turbine.util.ObjectUtils
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in org.apache.turbine.util.ObjectUtils.deserialize(byte[]) |
STYLE |
REC_CATCH_EXCEPTION |
94 |
Medium |
org.apache.turbine.util.SecurityCheck
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.SecurityCheck(RunData, String, String, boolean) may expose internal representation by storing an externally mutable object into SecurityCheck.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
93 |
Medium |
org.apache.turbine.util.ServerData
org.apache.turbine.util.TurbineConfig
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.TurbineConfig(String, Map, Map) may expose internal representation by storing an externally mutable object into TurbineConfig.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
155 |
Medium |
| new org.apache.turbine.util.TurbineConfig(String, Map, Map) may expose internal representation by storing an externally mutable object into TurbineConfig.initParams |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
156 |
Medium |
| Unread public/protected field: org.apache.turbine.util.TurbineConfig.timeout |
STYLE |
URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD |
100 |
Medium |
org.apache.turbine.util.template.HtmlPageAttributes
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.util.template.HtmlPageAttributes.getBodyAttributes() may expose internal representation by returning HtmlPageAttributes.bodyAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
225 |
Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getHttpEquivs() may expose internal representation by returning HtmlPageAttributes.httpEquivs |
MALICIOUS_CODE |
EI_EXPOSE_REP |
481 |
Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getLinks() may expose internal representation by returning HtmlPageAttributes.linkTags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
334 |
Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getMetaTags() may expose internal representation by returning HtmlPageAttributes.metaTags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
491 |
Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getScripts() may expose internal representation by returning HtmlPageAttributes.scripts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
248 |
Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getStyles() may expose internal representation by returning HtmlPageAttributes.styles |
MALICIOUS_CODE |
EI_EXPOSE_REP |
356 |
Medium |
org.apache.turbine.util.template.TemplateInfo
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.template.TemplateInfo(RunData) may expose internal representation by storing an externally mutable object into TemplateInfo.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
66 |
Medium |
org.apache.turbine.util.template.TemplateNavigation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.template.TemplateNavigation(PipelineData) may expose internal representation by storing an externally mutable object into TemplateNavigation.pipelineData |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
64 |
Medium |
org.apache.turbine.util.template.TemplateScreen
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.template.TemplateScreen(PipelineData) may expose internal representation by storing an externally mutable object into TemplateScreen.pipelineData |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
67 |
Medium |
org.apache.turbine.util.velocity.VelocityEmail
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.turbine.util.velocity.VelocityEmail.getContext() may expose internal representation by returning VelocityEmail.context |
MALICIOUS_CODE |
EI_EXPOSE_REP |
208 |
Medium |
| new org.apache.turbine.util.velocity.VelocityEmail(Context) may expose internal representation by storing an externally mutable object into VelocityEmail.context |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
136 |
Medium |
| org.apache.turbine.util.velocity.VelocityEmail.setContext(Context) may expose internal representation by storing an externally mutable object into VelocityEmail.context |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
196 |
Medium |
org.apache.turbine.util.velocity.VelocityHtmlEmail
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.turbine.util.velocity.VelocityHtmlEmail(Context) may expose internal representation by storing an externally mutable object into VelocityHtmlEmail.context |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
127 |
Medium |
