SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 305 | 104 | 0 | 0 |
Files
org.apache.turbine.Turbine
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.Turbine.handleHorribleException(HttpServletResponse, Throwable) might ignore java.lang.Exception | BAD_PRACTICE | DE_MIGHT_IGNORE | 904 | Medium |
| org.apache.turbine.Turbine.setTurbineServletContext(ServletContext) may expose internal static state by storing a mutable object into a static field org.apache.turbine.Turbine.servletContext | MALICIOUS_CODE | EI_EXPOSE_STATIC_REP2 | 710 | Medium |
| Public static org.apache.turbine.Turbine.getConfiguration() may expose internal representation by returning Turbine.configuration | MALICIOUS_CODE | MS_EXPOSE_REP | 591 | Medium |
| Public static org.apache.turbine.Turbine.getDefaultServerData() may expose internal representation by returning Turbine.serverData | MALICIOUS_CODE | MS_EXPOSE_REP | 678 | Medium |
| Public static org.apache.turbine.Turbine.getTurbineServletContext() may expose internal representation by returning Turbine.servletContext | MALICIOUS_CODE | MS_EXPOSE_REP | 720 | Medium |
| Write to static field org.apache.turbine.Turbine.firstDoGet from instance method org.apache.turbine.Turbine.destroy() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 734 | High |
| Write to static field org.apache.turbine.Turbine.firstInit from instance method org.apache.turbine.Turbine.destroy() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 733 | High |
| Write to static field org.apache.turbine.Turbine.applicationRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 263 | Medium |
| Write to static field org.apache.turbine.Turbine.webappRoot from instance method org.apache.turbine.Turbine.configure(ServletConfig, ServletContext) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 267 | Medium |
org.apache.turbine.modules.GenericLoader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.modules.GenericLoader at new org.apache.turbine.modules.GenericLoader(Class, IntSupplier) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 74 | Medium |
| Public static org.apache.turbine.modules.GenericLoader.getPackages() may expose internal representation by returning GenericLoader.TURBINE_PACKAGES | MALICIOUS_CODE | MS_EXPOSE_REP | 149 | Medium |
org.apache.turbine.om.OMTool
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.om.OMTool at new org.apache.turbine.om.OMTool() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 66 | Medium |
org.apache.turbine.om.security.DefaultUserImpl
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.om.security.DefaultUserImpl.getPermStorage() may expose internal representation by returning DefaultUserImpl.permStorage | MALICIOUS_CODE | EI_EXPOSE_REP | 466 | Medium |
| org.apache.turbine.om.security.DefaultUserImpl.getTempStorage() may expose internal representation by returning DefaultUserImpl.tempStorage | MALICIOUS_CODE | EI_EXPOSE_REP | 497 | Medium |
| org.apache.turbine.om.security.DefaultUserImpl.setPermStorage(Map) may expose internal representation by storing an externally mutable object into DefaultUserImpl.permStorage | MALICIOUS_CODE | EI_EXPOSE_REP2 | 480 | Medium |
| org.apache.turbine.om.security.DefaultUserImpl.setTempStorage(Map) may expose internal representation by storing an externally mutable object into DefaultUserImpl.tempStorage | MALICIOUS_CODE | EI_EXPOSE_REP2 | 511 | Medium |
| Inconsistent synchronization of org.apache.turbine.om.security.DefaultUserImpl.permStorage; locked 83% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 480 | Medium |
org.apache.turbine.services.BaseInitableBroker
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| instanceof will always return false in org.apache.turbine.services.BaseInitableBroker.getInitableInstance(String), since a Exception cannot be a NoClassDefFoundError | CORRECTNESS | BC_IMPOSSIBLE_INSTANCEOF | 246 | Medium |
org.apache.turbine.services.BaseService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.BaseService.getConfiguration() may expose internal representation by returning BaseService.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 123 | Medium |
org.apache.turbine.services.BaseServiceBroker
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.BaseServiceBroker.getConfiguration() may expose internal representation by returning BaseServiceBroker.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 152 | Medium |
| org.apache.turbine.services.BaseServiceBroker.setConfiguration(Configuration) may expose internal representation by storing an externally mutable object into BaseServiceBroker.configuration | MALICIOUS_CODE | EI_EXPOSE_REP2 | 142 | Medium |
org.apache.turbine.services.BaseUnicastRemoteService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.BaseUnicastRemoteService.getConfiguration() may expose internal representation by returning BaseUnicastRemoteService.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 82 | Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field configuration | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field initableBroker | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
| Class org.apache.turbine.services.BaseUnicastRemoteService defines non-transient non-serializable instance field serviceBroker | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
org.apache.turbine.services.TurbineServices
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.TurbineServices.setManager(ServiceManager) may expose internal static state by storing a mutable object into a static field org.apache.turbine.services.TurbineServices.instance | MALICIOUS_CODE | EI_EXPOSE_STATIC_REP2 | 70 | Medium |
| Public static org.apache.turbine.services.TurbineServices.getInstance() may expose internal representation by returning TurbineServices.instance | MALICIOUS_CODE | MS_EXPOSE_REP | 59 | Medium |
org.apache.turbine.services.intake.IntakeTool
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.intake.IntakeTool.getGroups() may expose internal representation by returning IntakeTool.groups | MALICIOUS_CODE | EI_EXPOSE_REP | 490 | Medium |
org.apache.turbine.services.jsp.util.JspNavigation
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.services.jsp.util.JspNavigation(RunData) may expose internal representation by storing an externally mutable object into JspNavigation.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 62 | Medium |
org.apache.turbine.services.jsp.util.JspScreenPlaceholder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.services.jsp.util.JspScreenPlaceholder at new org.apache.turbine.services.jsp.util.JspScreenPlaceholder(RunData) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 68 | Medium |
| new org.apache.turbine.services.jsp.util.JspScreenPlaceholder(RunData) may expose internal representation by storing an externally mutable object into JspScreenPlaceholder.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 66 | Medium |
org.apache.turbine.services.naming.TurbineNamingService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Write to static field org.apache.turbine.services.naming.TurbineNamingService.contextPropsList from instance method org.apache.turbine.services.naming.TurbineNamingService.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 84 | Medium |
org.apache.turbine.services.pull.TurbinePullService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.pull.TurbinePullService.getGlobalContext() may expose internal representation by returning TurbinePullService.globalContext | MALICIOUS_CODE | EI_EXPOSE_REP | 364 | Medium |
| Redundant nullcheck of tool, which is known to be non-null in org.apache.turbine.services.pull.TurbinePullService.populateWithPermTools(List, Context, Object, User) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 636 | Medium |
| Redundant nullcheck of tool, which is known to be non-null in org.apache.turbine.services.pull.TurbinePullService.populateWithSessionTools(List, Context, RunData, User) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 553 | Medium |
org.apache.turbine.services.pull.util.DateTimeFormatterTool
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.pull.util.DateTimeFormatterTool.getDtfs() may expose internal representation by returning DateTimeFormatterTool.dtfs | MALICIOUS_CODE | EI_EXPOSE_REP | 116 | Medium |
org.apache.turbine.services.rundata.DefaultTurbineRunData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getDebugVariables() may expose internal representation by returning DefaultTurbineRunData.debugVariables | MALICIOUS_CODE | EI_EXPOSE_REP | 1273 | Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getJNDIContexts() may expose internal representation by returning DefaultTurbineRunData.jndiContexts | MALICIOUS_CODE | EI_EXPOSE_REP | 1059 | Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getOut() may expose internal representation by returning DefaultTurbineRunData.out | MALICIOUS_CODE | EI_EXPOSE_REP | 811 | Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.getStackTraceException() may expose internal representation by returning DefaultTurbineRunData.stackTraceException | MALICIOUS_CODE | EI_EXPOSE_REP | 1235 | Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.setJNDIContexts(Map) may expose internal representation by storing an externally mutable object into DefaultTurbineRunData.jndiContexts | MALICIOUS_CODE | EI_EXPOSE_REP2 | 1070 | Medium |
| org.apache.turbine.services.rundata.DefaultTurbineRunData.setStackTrace(String, Throwable) may expose internal representation by storing an externally mutable object into DefaultTurbineRunData.stackTraceException | MALICIOUS_CODE | EI_EXPOSE_REP2 | 1248 | Medium |
org.apache.turbine.services.schedule.AbstractJobEntry
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.services.schedule.AbstractJobEntry at new org.apache.turbine.services.schedule.AbstractJobEntry(int, int, int, int, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 106 | Medium |
org.apache.turbine.services.schedule.AbstractSchedulerService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.schedule.AbstractSchedulerService.getThread() may expose internal representation by returning AbstractSchedulerService.houseKeepingThread | MALICIOUS_CODE | EI_EXPOSE_REP | 235 | Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorque
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Using .equals to compare two byte[]'s, (equivalent to ==) in org.apache.turbine.services.schedule.BaseJobEntryTorque.setProperty(byte[]) | CORRECTNESS | EC_BAD_ARRAY_COMPARE | 331 | Medium |
| Using .equals to compare two byte[]'s, (equivalent to ==) in org.apache.turbine.services.schedule.BaseJobEntryTorque.valueEquals(JobEntryTorque) | CORRECTNESS | EC_BAD_ARRAY_COMPARE | 878 | Medium |
| org.apache.turbine.services.schedule.BaseJobEntryTorque.getProperty() may expose internal representation by returning BaseJobEntryTorque.property | MALICIOUS_CODE | EI_EXPOSE_REP | 321 | Medium |
| org.apache.turbine.services.schedule.BaseJobEntryTorque.setProperty(byte[]) may expose internal representation by storing an externally mutable object into BaseJobEntryTorque.property | MALICIOUS_CODE | EI_EXPOSE_REP2 | 336 | Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorquePeer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.schedule.BaseJobEntryTorquePeer.setJobEntryTorquePeerImpl(JobEntryTorquePeerImpl) may expose internal static state by storing a mutable object into a static field org.apache.turbine.services.schedule.BaseJobEntryTorquePeer.jobEntryTorquePeerImpl | MALICIOUS_CODE | EI_EXPOSE_STATIC_REP2 | 265 | Medium |
org.apache.turbine.services.schedule.BaseJobEntryTorqueRecordMapper
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class org.apache.turbine.services.schedule.BaseJobEntryTorqueRecordMapper defines non-transient non-serializable instance field strategy | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
org.apache.turbine.services.schedule.JobEntryQuartz
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.schedule.JobEntryQuartz defines compareTo(Object) and uses Object.equals() | BAD_PRACTICE | EQ_COMPARETO_USE_OBJECT_EQUALS | 41 | Medium |
org.apache.turbine.services.schedule.QuartzSchedulerService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.schedule.QuartzSchedulerService.getScheduler() may expose internal representation by returning QuartzSchedulerService.scheduler | MALICIOUS_CODE | EI_EXPOSE_REP | 396 | Medium |
org.apache.turbine.services.schedule.WorkerThread
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.services.schedule.WorkerThread(JobEntry) may expose internal representation by storing an externally mutable object into WorkerThread.je | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
org.apache.turbine.services.security.DefaultSecurityService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.security.DefaultSecurityService.getUserManager() may expose internal representation by returning DefaultSecurityService.userManager | MALICIOUS_CODE | EI_EXPOSE_REP | 344 | Medium |
org.apache.turbine.services.servlet.TurbineServletService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.servlet.TurbineServletService.getServletContext() may expose internal representation by returning TurbineServletService.servletContext | MALICIOUS_CODE | EI_EXPOSE_REP | 187 | Medium |
org.apache.turbine.services.session.SessionListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class org.apache.turbine.services.session.SessionListener defines non-transient non-serializable instance field sessionService | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
org.apache.turbine.services.template.BaseTemplateEngineService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.template.BaseTemplateEngineService.getTemplateEngineServiceConfiguration() may expose internal representation by returning BaseTemplateEngineService.configuration | MALICIOUS_CODE | EI_EXPOSE_REP | 72 | Medium |
org.apache.turbine.services.template.mapper.ScreenDefaultTemplateMapper
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Dead store to componentSize in org.apache.turbine.services.template.mapper.ScreenDefaultTemplateMapper.doMapping(String) | STYLE | DLS_DEAD_LOCAL_STORE | 84 | Medium |
org.apache.turbine.services.uniqueid.TurbineUniqueIdService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Write to static field org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineId from instance method org.apache.turbine.services.uniqueid.TurbineUniqueIdService.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 81 | Medium |
| Write to static field org.apache.turbine.services.uniqueid.TurbineUniqueIdService.turbineURL from instance method org.apache.turbine.services.uniqueid.TurbineUniqueIdService.init() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 77 | Medium |
org.apache.turbine.services.urlmapper.model.URLMapEntry
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getGroupNamesMap() may expose internal representation by returning URLMapEntry.groupNamesMap | MALICIOUS_CODE | EI_EXPOSE_REP | 137 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getIgnoreParameters() may expose internal representation by returning URLMapEntry.ignore | MALICIOUS_CODE | EI_EXPOSE_REP | 100 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getImplicitParameters() may expose internal representation by returning URLMapEntry.implicit | MALICIOUS_CODE | EI_EXPOSE_REP | 81 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getOverrideParameters() may expose internal representation by returning URLMapEntry.override | MALICIOUS_CODE | EI_EXPOSE_REP | 119 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.getRelevantKeys() may expose internal representation by returning URLMapEntry.relevantKeys | MALICIOUS_CODE | EI_EXPOSE_REP | 157 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.setGroupNamesMap(Map) may expose internal representation by storing an externally mutable object into URLMapEntry.groupNamesMap | MALICIOUS_CODE | EI_EXPOSE_REP2 | 147 | Medium |
| org.apache.turbine.services.urlmapper.model.URLMapEntry.setRelevantKeys(Set) may expose internal representation by storing an externally mutable object into URLMapEntry.relevantKeys | MALICIOUS_CODE | EI_EXPOSE_REP2 | 167 | Medium |
org.apache.turbine.services.urlmapper.model.URLMappingContainer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.urlmapper.model.URLMappingContainer.getMapEntries() may expose internal representation by returning URLMappingContainer.urlMapEntries | MALICIOUS_CODE | EI_EXPOSE_REP | 86 | Medium |
org.apache.turbine.services.urlmapper.model.XmlParameterList
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.services.urlmapper.model.XmlParameterList.getXmlParameters() may expose internal representation by returning XmlParameterList.xmlParameters | MALICIOUS_CODE | EI_EXPOSE_REP | 96 | Medium |
| org.apache.turbine.services.urlmapper.model.XmlParameterList.setXmlParameters(List) may expose internal representation by storing an externally mutable object into XmlParameterList.xmlParameters | MALICIOUS_CODE | EI_EXPOSE_REP2 | 106 | Medium |
org.apache.turbine.util.BrowserDetector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.util.BrowserDetector at new org.apache.turbine.util.BrowserDetector(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 86 | Medium |
| Exception thrown in class org.apache.turbine.util.BrowserDetector at new org.apache.turbine.util.BrowserDetector(RunData) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 99 | Medium |
org.apache.turbine.util.SecurityCheck
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.util.SecurityCheck at new org.apache.turbine.util.SecurityCheck(RunData, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 76 | Medium |
| Exception thrown in class org.apache.turbine.util.SecurityCheck at new org.apache.turbine.util.SecurityCheck(RunData, String, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 99 | Medium |
| new org.apache.turbine.util.SecurityCheck(RunData, String, String, boolean) may expose internal representation by storing an externally mutable object into SecurityCheck.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 93 | Medium |
org.apache.turbine.util.ServerData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.util.ServerData defines clone() but doesn't implement Cloneable | BAD_PRACTICE | CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE | 132-133 | Medium |
org.apache.turbine.util.TurbineConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.util.TurbineConfig(String, Map, Map) may expose internal representation by storing an externally mutable object into TurbineConfig.attributes | MALICIOUS_CODE | EI_EXPOSE_REP2 | 157 | Medium |
| new org.apache.turbine.util.TurbineConfig(String, Map, Map) may expose internal representation by storing an externally mutable object into TurbineConfig.initParams | MALICIOUS_CODE | EI_EXPOSE_REP2 | 158 | Medium |
| Unread public/protected field: org.apache.turbine.util.TurbineConfig.timeout | STYLE | URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD | 102 | Medium |
org.apache.turbine.util.template.HtmlPageAttributes
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.util.template.HtmlPageAttributes.getBodyAttributes() may expose internal representation by returning HtmlPageAttributes.bodyAttributes | MALICIOUS_CODE | EI_EXPOSE_REP | 225 | Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getHttpEquivs() may expose internal representation by returning HtmlPageAttributes.httpEquivs | MALICIOUS_CODE | EI_EXPOSE_REP | 481 | Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getLinks() may expose internal representation by returning HtmlPageAttributes.linkTags | MALICIOUS_CODE | EI_EXPOSE_REP | 334 | Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getMetaTags() may expose internal representation by returning HtmlPageAttributes.metaTags | MALICIOUS_CODE | EI_EXPOSE_REP | 491 | Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getScripts() may expose internal representation by returning HtmlPageAttributes.scripts | MALICIOUS_CODE | EI_EXPOSE_REP | 248 | Medium |
| org.apache.turbine.util.template.HtmlPageAttributes.getStyles() may expose internal representation by returning HtmlPageAttributes.styles | MALICIOUS_CODE | EI_EXPOSE_REP | 356 | Medium |
org.apache.turbine.util.template.TemplateInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.util.template.TemplateInfo(RunData) may expose internal representation by storing an externally mutable object into TemplateInfo.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 66 | Medium |
org.apache.turbine.util.template.TemplateNavigation
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.util.template.TemplateNavigation(PipelineData) may expose internal representation by storing an externally mutable object into TemplateNavigation.pipelineData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 64 | Medium |
org.apache.turbine.util.template.TemplateScreen
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.util.template.TemplateScreen(PipelineData) may expose internal representation by storing an externally mutable object into TemplateScreen.pipelineData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 67 | Medium |
org.apache.turbine.util.template.TemplateSecurityCheck
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.util.template.TemplateSecurityCheck at new org.apache.turbine.util.template.TemplateSecurityCheck(PipelineData) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 83 | Medium |
| Exception thrown in class org.apache.turbine.util.template.TemplateSecurityCheck at new org.apache.turbine.util.template.TemplateSecurityCheck(PipelineData, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 70 | Medium |
org.apache.turbine.util.uri.TurbineURI
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 85 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 247 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(RunData) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 96 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(RunData, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 119 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(RunData, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 132 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(RunData, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 108 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(ServerData) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 171 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(ServerData, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 194 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(ServerData, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 207 | Medium |
| Exception thrown in class org.apache.turbine.util.uri.TurbineURI at new org.apache.turbine.util.uri.TurbineURI(ServerData, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 183 | Medium |
org.apache.turbine.util.velocity.VelocityEmail
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.turbine.util.velocity.VelocityEmail.getContext() may expose internal representation by returning VelocityEmail.context | MALICIOUS_CODE | EI_EXPOSE_REP | 208 | Medium |
| new org.apache.turbine.util.velocity.VelocityEmail(Context) may expose internal representation by storing an externally mutable object into VelocityEmail.context | MALICIOUS_CODE | EI_EXPOSE_REP2 | 136 | Medium |
| org.apache.turbine.util.velocity.VelocityEmail.setContext(Context) may expose internal representation by storing an externally mutable object into VelocityEmail.context | MALICIOUS_CODE | EI_EXPOSE_REP2 | 196 | Medium |
org.apache.turbine.util.velocity.VelocityHtmlEmail
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.apache.turbine.util.velocity.VelocityHtmlEmail(Context) may expose internal representation by storing an externally mutable object into VelocityHtmlEmail.context | MALICIOUS_CODE | EI_EXPOSE_REP2 | 127 | Medium |