waffle-jna – SpotBugs Bug Detector Report

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.3

Threshold is medium

Effort is

Summary

Classes	Bugs	Errors	Missing Classes
89	97	0	2

Files

Class	Bugs
waffle.jaas.RolePrincipalTest	1
waffle.jaas.UserPrincipalTest	1
waffle.jaas.WindowsLoginModule	7
waffle.jaas.WindowsLoginModuleTest$1	1
waffle.jaas.WindowsLoginModuleTest$2	1
waffle.servlet.CorsAwareNegotiateSecurityFilterTest	2
waffle.servlet.CorsAwareNegotiateSecurityFilterTest$1	2
waffle.servlet.CorsAwareNegotiateSecurityFilterTest$2	1
waffle.servlet.NegotiateSecurityFilter	5
waffle.servlet.NegotiateSecurityFilterTest	6
waffle.servlet.NegotiateSecurityFilterTest$4	2
waffle.servlet.NegotiateSecurityFilterTest$5	1
waffle.servlet.WaffleInfoServlet	3
waffle.servlet.WindowsPrincipal	4
waffle.servlet.spi.NegotiateSecurityFilterProvider	3
waffle.servlet.spi.SecurityFilterProviderCollection	5
waffle.util.AuthorizationHeader	4
waffle.util.CorsPreFlightCheck	2
waffle.util.CorsPreFlightCheckTest	8
waffle.util.CorsPreFlightCheckTest$1	2
waffle.util.CorsPreFlightCheckTest$2	2
waffle.util.CorsPreFlightCheckTest$3	2
waffle.util.CorsPreFlightCheckTest$4	2
waffle.util.CorsPreFlightCheckTest$5	2
waffle.util.CorsPreFlightCheckTest$6	2
waffle.util.CorsPreFlightCheckTest$7	2
waffle.util.CorsPreFlightCheckTest$8	2
waffle.util.NtlmMessage	1
waffle.util.WaffleInfo	6
waffle.util.cache.Cache	1
waffle.windows.auth.impl.WindowsAuthProviderImpl	5
waffle.windows.auth.impl.WindowsComputerImpl	1
waffle.windows.auth.impl.WindowsCredentialsHandleImpl	1
waffle.windows.auth.impl.WindowsIdentityImpersonationContextImpl	1
waffle.windows.auth.impl.WindowsIdentityImpl	1
waffle.windows.auth.impl.WindowsSecurityContextImpersonationContextImpl	2
waffle.windows.auth.impl.WindowsSecurityContextImpl	3

waffle.jaas.RolePrincipalTest

Bug	Category	Details	Line	Priority
Object deserialization is used in waffle.jaas.RolePrincipalTest.testIsSerializable()	SECURITY	OBJECT_DESERIALIZATION	101	High

waffle.jaas.UserPrincipalTest

Bug	Category	Details	Line	Priority
Object deserialization is used in waffle.jaas.UserPrincipalTest.testIsSerializable()	SECURITY	OBJECT_DESERIALIZATION	101	High

waffle.jaas.WindowsLoginModule

Bug	Category	Details	Line	Priority
waffle.jaas.WindowsLoginModule.initialize(Subject, CallbackHandler, Map, Map) may expose internal representation by storing an externally mutable object into WindowsLoginModule.subject	MALICIOUS_CODE	EI_EXPOSE_REP2	94	Medium
Method waffle.jaas.WindowsLoginModule.login() throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	140	Medium
Method waffle.jaas.WindowsLoginModule.login() throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	144	Medium
Method waffle.jaas.WindowsLoginModule.login() throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	152	Medium
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	139	Medium
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	142	Medium
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	151	Medium

waffle.jaas.WindowsLoginModuleTest$1

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.jaas.WindowsLoginModuleTest$1 at new waffle.jaas.WindowsLoginModuleTest$1(WindowsLoginModuleTest) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	238	Medium

waffle.jaas.WindowsLoginModuleTest$2

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.jaas.WindowsLoginModuleTest$2 at new waffle.jaas.WindowsLoginModuleTest$2(WindowsLoginModuleTest) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	264	Medium

waffle.servlet.CorsAwareNegotiateSecurityFilterTest

Bug	Category	Details	Line	Priority
Method waffle.servlet.CorsAwareNegotiateSecurityFilterTest.doFilterTestCorsPreflightRequest() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	74	Medium
Method waffle.servlet.CorsAwareNegotiateSecurityFilterTest.doFilterTestCorsPreflightRequest() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	89	Medium

waffle.servlet.CorsAwareNegotiateSecurityFilterTest$1

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	78	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	76	Medium

waffle.servlet.CorsAwareNegotiateSecurityFilterTest$2

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.servlet.CorsAwareNegotiateSecurityFilterTest$2 at new waffle.servlet.CorsAwareNegotiateSecurityFilterTest$2(CorsAwareNegotiateSecurityFilterTest) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	93	Medium

waffle.servlet.NegotiateSecurityFilter

Bug	Category	Details	Line	Priority
Method waffle.servlet.NegotiateSecurityFilter.init(FilterConfig) is excessively complex, with a cyclomatic complexity of 68	STYLE	CC_CYCLOMATIC_COMPLEXITY	323	Medium
Method waffle.servlet.NegotiateSecurityFilter.init(FilterConfig) accesses list or array with constant index	CORRECTNESS	CLI_CONSTANT_LIST_INDEX	416	Medium
This use of org/slf4j/Logger.debug(Ljava/lang/String;[Ljava/lang/Object;)V might be used to include CRLF characters into log messages	SECURITY	CRLF_INJECTION_LOGS	122	Medium
Unconstrained method waffle.servlet.NegotiateSecurityFilter.sendUnauthorized(HttpServletResponse, boolean) converts checked exception to unchecked	STYLE	EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS	488	High
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	184	Medium

waffle.servlet.NegotiateSecurityFilterTest

Bug	Category	Details	Line	Priority
Method waffle.servlet.NegotiateSecurityFilterTest.testCorsAndBearerAuthorizationI_init(FilterConfig) uses AccessibleObject.setAccessible to modify accessibility of classes	CORRECTNESS	RFI_SET_ACCESSIBLE	115	Medium
Method waffle.servlet.NegotiateSecurityFilterTest.testCorsAndBearerAuthorizationI_init(FilterConfig) uses AccessibleObject.setAccessible to modify accessibility of classes	CORRECTNESS	RFI_SET_ACCESSIBLE	116	Medium
Method waffle.servlet.NegotiateSecurityFilterTest.testCorsAndBearerAuthorizationI_init(FilterConfig) uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	86	Medium
Method waffle.servlet.NegotiateSecurityFilterTest.testCorsAndBearerAuthorizationI_init(FilterConfig) uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	122	Medium
Method waffle.servlet.NegotiateSecurityFilterTest.testExcludeCorsAndOAUTHBearerAuthorization_doFilter(HttpServletRequest, HttpServletResponse, FilterChain, FilterConfig) uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	152	Medium
Method waffle.servlet.NegotiateSecurityFilterTest.testExcludeCorsAndOAUTHBearerAuthorization_doFilter(HttpServletRequest, HttpServletResponse, FilterChain, FilterConfig) uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	182	Medium

waffle.servlet.NegotiateSecurityFilterTest$4

Bug	Category	Details	Line	Priority
Method new waffle.servlet.NegotiateSecurityFilterTest$4(NegotiateSecurityFilterTest, FilterConfig, HttpServletRequest) needlessly boxes a boolean constant	PERFORMANCE	NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION	173	Medium
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	174	Medium

waffle.servlet.NegotiateSecurityFilterTest$5

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.servlet.NegotiateSecurityFilterTest$5 at new waffle.servlet.NegotiateSecurityFilterTest$5(NegotiateSecurityFilterTest, FilterChain, HttpServletRequest, HttpServletResponse) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	184	Medium

waffle.servlet.WaffleInfoServlet

Bug	Category	Details	Line	Priority
Unconstrained method waffle.servlet.WaffleInfoServlet.getWaffleInfoResponse(HttpServletRequest, HttpServletResponse) converts checked exception to unchecked	STYLE	EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS	111	High
Method waffle.servlet.WaffleInfoServlet.getWaffleInfoResponse(HttpServletRequest, HttpServletResponse) throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	111	Medium
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	110	Medium

waffle.servlet.WindowsPrincipal

Bug	Category	Details	Line	Priority
Class waffle.servlet.WindowsPrincipal defines List based fields but uses them like Sets	PERFORMANCE	DLC_DUBIOUS_LIST_COLLECTION	238	Medium
waffle.servlet.WindowsPrincipal.getGroups() may expose internal representation by returning WindowsPrincipal.groups	MALICIOUS_CODE	EI_EXPOSE_REP	156	Medium
Class waffle.servlet.WindowsPrincipal 'overloads' a method with both instance and static versions	STYLE	MOM_MISLEADING_OVERLOAD_MODEL	156	Medium
Method waffle.servlet.WindowsPrincipal.getGroups(IWindowsAccount[]) does not presize the allocation of a collection	PERFORMANCE	PSC_PRESIZE_COLLECTIONS	127	Medium

waffle.servlet.spi.NegotiateSecurityFilterProvider

Bug	Category	Details	Line	Priority
This use of org/slf4j/Logger.debug(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V might be used to include CRLF characters into log messages	SECURITY	CRLF_INJECTION_LOGS	127	Medium
waffle.servlet.spi.NegotiateSecurityFilterProvider.getProtocols() may expose internal representation by returning NegotiateSecurityFilterProvider.protocolsList	MALICIOUS_CODE	EI_EXPOSE_REP	88	Medium
waffle.servlet.spi.NegotiateSecurityFilterProvider.setProtocols(List) may expose internal representation by storing an externally mutable object into NegotiateSecurityFilterProvider.protocolsList	MALICIOUS_CODE	EI_EXPOSE_REP2	98	Medium

waffle.servlet.spi.SecurityFilterProviderCollection

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.servlet.spi.SecurityFilterProviderCollection at new waffle.servlet.spi.SecurityFilterProviderCollection(String[], IWindowsAuthProvider) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	90	Medium
Unconstrained method new waffle.servlet.spi.SecurityFilterProviderCollection(String[], IWindowsAuthProvider) converts checked exception to unchecked	STYLE	EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS	90	High
Method waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly	PERFORMANCE	PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS	157	Medium
Method new waffle.servlet.spi.SecurityFilterProviderCollection(SecurityFilterProvider[]) does not presize the allocation of a collection	PERFORMANCE	PSC_PRESIZE_COLLECTIONS	64	Medium
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	94	Medium

waffle.util.AuthorizationHeader

Bug	Category	Details	Line	Priority
Method waffle.util.AuthorizationHeader.getTokenBytes() throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	123	Medium
Method waffle.util.AuthorizationHeader.isBearerAuthorizationHeader() makes literal string comparisons passing the literal as an argument	STYLE	LSC_LITERAL_STRING_COMPARISON	191	High
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	122	Medium
Method waffle.util.AuthorizationHeader.isBearerAuthorizationHeader() compares string without case after enforcing a case	PERFORMANCE	SPP_USELESS_CASING	191	Medium

waffle.util.CorsPreFlightCheck

Bug	Category	Details	Line	Priority
Method waffle.util.CorsPreFlightCheck.isPreflight(HttpServletRequest) makes literal string comparisons passing the literal as an argument	STYLE	LSC_LITERAL_STRING_COMPARISON	74	High
Method waffle.util.CorsPreFlightCheck.isPreflight(HttpServletRequest) makes literal string comparisons passing the literal as an argument	STYLE	LSC_LITERAL_STRING_COMPARISON	84	High

waffle.util.CorsPreFlightCheckTest

Bug	Category	Details	Line	Priority
Method waffle.util.CorsPreFlightCheckTest.testCorsMethodPreflightHeadersPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	132	Medium
Method waffle.util.CorsPreFlightCheckTest.testCorsMethodPreflightHeadersPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	143	Medium
Method waffle.util.CorsPreFlightCheckTest.testExpectedCorsPreflightHeadersPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	62	Medium
Method waffle.util.CorsPreFlightCheckTest.testExpectedCorsPreflightHeadersPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	77	Medium
Method waffle.util.CorsPreFlightCheckTest.testNoCorsHeadersPreflightHeaderPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	160	Medium
Method waffle.util.CorsPreFlightCheckTest.testNoCorsHeadersPreflightHeaderPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	176	Medium
Method waffle.util.CorsPreFlightCheckTest.testNoCorsPreflightOriginPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	96	Medium
Method waffle.util.CorsPreFlightCheckTest.testNoCorsPreflightOriginPresent() uses a Side Effect Constructor	STYLE	SEC_SIDE_EFFECT_CONSTRUCTOR	112	Medium

waffle.util.CorsPreFlightCheckTest$1

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	66	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	64	Medium

waffle.util.CorsPreFlightCheckTest$2

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	81	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	79	Medium

waffle.util.CorsPreFlightCheckTest$3

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	100	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	98	Medium

waffle.util.CorsPreFlightCheckTest$4

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	116	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	114	Medium

waffle.util.CorsPreFlightCheckTest$5

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	136	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	134	Medium

waffle.util.CorsPreFlightCheckTest$6

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	147	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	145	Medium

waffle.util.CorsPreFlightCheckTest$7

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	165	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	162	Medium

waffle.util.CorsPreFlightCheckTest$8

Bug	Category	Details	Line	Priority
Return value of javax.servlet.http.HttpServletRequest.getHeader(String) ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	181	Medium
Return value of javax.servlet.http.HttpServletRequest.getMethod() ignored, but method has no side effect	STYLE	RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT	178	Medium

waffle.util.NtlmMessage

Bug	Category	Details	Line	Priority
Hard coded cryptographic key found	SECURITY	HARD_CODE_KEY	33-74	Medium

waffle.util.WaffleInfo

Bug	Category	Details	Line	Priority
This use of org/slf4j/Logger.error(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages	SECURITY	CRLF_INJECTION_LOGS	342	Medium
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance	CORRECTNESS	SLF4J_FORMAT_SHOULD_BE_CONST	363	High
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance	CORRECTNESS	SLF4J_FORMAT_SHOULD_BE_CONST	366	High
To make log readable, log format () should contain non-sign character.	BAD_PRACTICE	SLF4J_SIGN_ONLY_FORMAT	367	Medium

waffle.util.cache.Cache

Bug	Category	Details	Line	Priority
Unconstrained method waffle.util.cache.Cache.newCache(int) converts checked exception to unchecked	STYLE	EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS	72	High

waffle.windows.auth.impl.WindowsAuthProviderImpl

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.windows.auth.impl.WindowsAuthProviderImpl at new waffle.windows.auth.impl.WindowsAuthProviderImpl() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	93	Medium
Exception thrown in class waffle.windows.auth.impl.WindowsAuthProviderImpl at new waffle.windows.auth.impl.WindowsAuthProviderImpl(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	103	Medium
Constrained method waffle.windows.auth.impl.WindowsAuthProviderImpl.getCurrentComputer() converts checked exception to unchecked	STYLE	EXS_EXCEPTION_SOFTENING_NO_CHECKED	187	Medium
Method waffle.windows.auth.impl.WindowsAuthProviderImpl.getCurrentComputer() calls InetAddress.getLocalHost(), which may be a security risk	CORRECTNESS	MDM_INETADDRESS_GETLOCALHOST	185	Medium
Method waffle.windows.auth.impl.WindowsAuthProviderImpl.getDomains() does not presize the allocation of a collection	PERFORMANCE	PSC_PRESIZE_COLLECTIONS	196	Medium

waffle.windows.auth.impl.WindowsComputerImpl

Bug	Category	Details	Line	Priority
Method waffle.windows.auth.impl.WindowsComputerImpl.getGroups() does not presize the allocation of a collection	PERFORMANCE	PSC_PRESIZE_COLLECTIONS	67	Medium

waffle.windows.auth.impl.WindowsCredentialsHandleImpl

Bug	Category	Details	Line	Priority
waffle.windows.auth.impl.WindowsCredentialsHandleImpl.getHandle() may expose internal representation by returning WindowsCredentialsHandleImpl.handle	MALICIOUS_CODE	EI_EXPOSE_REP	119	Medium

waffle.windows.auth.impl.WindowsIdentityImpersonationContextImpl

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.windows.auth.impl.WindowsIdentityImpersonationContextImpl at new waffle.windows.auth.impl.WindowsIdentityImpersonationContextImpl(WinNT$HANDLE) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	46	Medium

waffle.windows.auth.impl.WindowsIdentityImpl

Bug	Category	Details	Line	Priority
new waffle.windows.auth.impl.WindowsIdentityImpl(WinNT$HANDLE) may expose internal representation by storing an externally mutable object into WindowsIdentityImpl.windowsIdentity	MALICIOUS_CODE	EI_EXPOSE_REP2	60	Medium

waffle.windows.auth.impl.WindowsSecurityContextImpersonationContextImpl

Bug	Category	Details	Line	Priority
Exception thrown in class waffle.windows.auth.impl.WindowsSecurityContextImpersonationContextImpl at new waffle.windows.auth.impl.WindowsSecurityContextImpersonationContextImpl(Sspi$CtxtHandle) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	50	Medium
new waffle.windows.auth.impl.WindowsSecurityContextImpersonationContextImpl(Sspi$CtxtHandle) may expose internal representation by storing an externally mutable object into WindowsSecurityContextImpersonationContextImpl.ctx	MALICIOUS_CODE	EI_EXPOSE_REP2	53	Medium

waffle.windows.auth.impl.WindowsSecurityContextImpl

Bug	Category	Details	Line	Priority
waffle.windows.auth.impl.WindowsSecurityContextImpl.getHandle() may expose internal representation by returning WindowsSecurityContextImpl.ctx	MALICIOUS_CODE	EI_EXPOSE_REP	195	Medium
waffle.windows.auth.impl.WindowsSecurityContextImpl.setSecurityContext(Sspi$CtxtHandle) may expose internal representation by storing an externally mutable object into WindowsSecurityContextImpl.ctx	MALICIOUS_CODE	EI_EXPOSE_REP2	235	Medium
Class waffle.windows.auth.impl.WindowsSecurityContextImpl 'overloads' a method with both instance and static versions	STYLE	MOM_MISLEADING_OVERLOAD_MODEL	168-175	Medium