Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is

Summary

Classes Bugs Errors Missing Classes
25 23 0 2

Files

Class Bugs
waffle.shiro.GroupMappingWaffleRealmTest 1
waffle.shiro.WaffleFqnPrincipal 4
waffle.shiro.negotiate.AuthenticationInProgressException 1
waffle.shiro.negotiate.MockServletResponse 1
waffle.shiro.negotiate.NegotiateAuthenticationFilter 5
waffle.shiro.negotiate.NegotiateAuthenticationFilterTest 1
waffle.shiro.negotiate.NegotiateAuthenticationRealmTest$1 1
waffle.shiro.negotiate.NegotiateInfo 3
waffle.shiro.negotiate.NegotiateToken 6

waffle.shiro.GroupMappingWaffleRealmTest

Bug Category Details Line Priority
Class waffle.shiro.GroupMappingWaffleRealmTest defines fields that are used only as locals CORRECTNESS FCBL_FIELD_COULD_BE_LOCAL 63 Medium

waffle.shiro.WaffleFqnPrincipal

Bug Category Details Line Priority
Method new waffle.shiro.WaffleFqnPrincipal(IWindowsIdentity) does not presize the allocation of a collection PERFORMANCE PSC_PRESIZE_COLLECTIONS 57 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 95 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 97 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 99 Medium

waffle.shiro.negotiate.AuthenticationInProgressException

Bug Category Details Line Priority
Class waffle.shiro.negotiate.AuthenticationInProgressException defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium

waffle.shiro.negotiate.MockServletResponse

Bug Category Details Line Priority
Method waffle.shiro.negotiate.MockServletResponse.addHeader(String, String) checks a map with containsKey(), before using get() CORRECTNESS MUI_CONTAINSKEY_BEFORE_GET 56 Medium

waffle.shiro.negotiate.NegotiateAuthenticationFilter

Bug Category Details Line Priority
This use of org/slf4j/Logger.debug(Ljava/lang/String;[Ljava/lang/Object;)V might be used to include CRLF characters into log messages SECURITY CRLF_INJECTION_LOGS 130 Medium
This use of org/slf4j/Logger.debug(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages SECURITY CRLF_INJECTION_LOGS 152 Medium
Unconstrained method waffle.shiro.negotiate.NegotiateAuthenticationFilter.sendChallengeOnFailure(ServletResponse) converts checked exception to unchecked STYLE EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS 342 High
This use of javax/servlet/http/HttpServletResponse.addHeader(Ljava/lang/String;Ljava/lang/String;)V might be used to include CRLF characters into HTTP headers SECURITY HTTP_RESPONSE_SPLITTING 375 Medium
waffle.shiro.negotiate.NegotiateAuthenticationFilter.sendUnauthorized(List, byte[], HttpServletResponse): 1st parameter 'protocols' could be declared as java.lang.Iterable instead STYLE OCP_OVERLY_CONCRETE_PARAMETER 373 Medium

waffle.shiro.negotiate.NegotiateAuthenticationFilterTest

Bug Category Details Line Priority
Class waffle.shiro.negotiate.NegotiateAuthenticationFilterTest defines fields that are used only as locals CORRECTNESS FCBL_FIELD_COULD_BE_LOCAL 85 Medium

waffle.shiro.negotiate.NegotiateAuthenticationRealmTest$1

Bug Category Details Line Priority
Return value of NegotiateToken.getIn() ignored, but method has no side effect STYLE RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT 69 Medium

waffle.shiro.negotiate.NegotiateInfo

Bug Category Details Line Priority
waffle.shiro.negotiate.NegotiateInfo.getCredentials() may expose internal representation by returning NegotiateInfo.subject MALICIOUS_CODE EI_EXPOSE_REP 82 Medium
new waffle.shiro.negotiate.NegotiateInfo(Subject, String) may expose internal representation by storing an externally mutable object into NegotiateInfo.subject MALICIOUS_CODE EI_EXPOSE_REP2 61 Medium
Class waffle.shiro.negotiate.NegotiateInfo defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium

waffle.shiro.negotiate.NegotiateToken

Bug Category Details Line Priority
waffle.shiro.negotiate.NegotiateToken.getCredentials() may expose internal representation by returning NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP 138 Medium
waffle.shiro.negotiate.NegotiateToken.getSubject() may expose internal representation by returning NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP 190 Medium
new waffle.shiro.negotiate.NegotiateToken(byte[], byte[], String, String, boolean, boolean, String) may expose internal representation by storing an externally mutable object into NegotiateToken.in MALICIOUS_CODE EI_EXPOSE_REP2 99 Medium
new waffle.shiro.negotiate.NegotiateToken(byte[], byte[], String, String, boolean, boolean, String) may expose internal representation by storing an externally mutable object into NegotiateToken.out MALICIOUS_CODE EI_EXPOSE_REP2 100 Medium
waffle.shiro.negotiate.NegotiateToken.setSubject(Subject) may expose internal representation by storing an externally mutable object into NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP2 172 Medium
Class waffle.shiro.negotiate.NegotiateToken defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium