Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.3

Threshold is medium

Effort is

Summary

Classes Bugs Errors Missing Classes
25 23 0 2

Files

Class Bugs
waffle.shiro.GroupMappingWaffleRealmTest 1
waffle.shiro.WaffleFqnPrincipal 4
waffle.shiro.negotiate.AuthenticationInProgressException 1
waffle.shiro.negotiate.MockServletResponse 1
waffle.shiro.negotiate.NegotiateAuthenticationFilter 5
waffle.shiro.negotiate.NegotiateAuthenticationFilterTest 1
waffle.shiro.negotiate.NegotiateAuthenticationRealmTest$1 1
waffle.shiro.negotiate.NegotiateInfo 3
waffle.shiro.negotiate.NegotiateToken 6

waffle.shiro.GroupMappingWaffleRealmTest

Bug Category Details Line Priority
Class waffle.shiro.GroupMappingWaffleRealmTest defines fields that are used only as locals CORRECTNESS FCBL_FIELD_COULD_BE_LOCAL 63 Medium

waffle.shiro.WaffleFqnPrincipal

Bug Category Details Line Priority
Method new waffle.shiro.WaffleFqnPrincipal(IWindowsIdentity) does not presize the allocation of a collection PERFORMANCE PSC_PRESIZE_COLLECTIONS 57 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 95 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 97 Medium
Method waffle.shiro.WaffleFqnPrincipal.toString() passes constant String of length 1 to character overridden method PERFORMANCE UCPM_USE_CHARACTER_PARAMETERIZED_METHOD 99 Medium

waffle.shiro.negotiate.AuthenticationInProgressException

Bug Category Details Line Priority
Class waffle.shiro.negotiate.AuthenticationInProgressException defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium

waffle.shiro.negotiate.MockServletResponse

Bug Category Details Line Priority
Method waffle.shiro.negotiate.MockServletResponse.addHeader(String, String) checks a map with containsKey(), before using get() CORRECTNESS MUI_CONTAINSKEY_BEFORE_GET 56 Medium

waffle.shiro.negotiate.NegotiateAuthenticationFilter

Bug Category Details Line Priority
This use of org/slf4j/Logger.debug(Ljava/lang/String;[Ljava/lang/Object;)V might be used to include CRLF characters into log messages SECURITY CRLF_INJECTION_LOGS 139 Medium
This use of org/slf4j/Logger.debug(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages SECURITY CRLF_INJECTION_LOGS 161 Medium
Unconstrained method waffle.shiro.negotiate.NegotiateAuthenticationFilter.sendChallengeOnFailure(ServletResponse) converts checked exception to unchecked STYLE EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS 351 High
This use of javax/servlet/http/HttpServletResponse.addHeader(Ljava/lang/String;Ljava/lang/String;)V might be used to include CRLF characters into HTTP headers SECURITY HTTP_RESPONSE_SPLITTING 384 Medium
waffle.shiro.negotiate.NegotiateAuthenticationFilter.sendUnauthorized(List, byte[], HttpServletResponse): 1st parameter 'protocols' could be declared as java.lang.Iterable instead STYLE OCP_OVERLY_CONCRETE_PARAMETER 382 Medium

waffle.shiro.negotiate.NegotiateAuthenticationFilterTest

Bug Category Details Line Priority
Class waffle.shiro.negotiate.NegotiateAuthenticationFilterTest defines fields that are used only as locals CORRECTNESS FCBL_FIELD_COULD_BE_LOCAL 85 Medium

waffle.shiro.negotiate.NegotiateAuthenticationRealmTest$1

Bug Category Details Line Priority
Return value of NegotiateToken.getIn() ignored, but method has no side effect STYLE RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT 71 Medium

waffle.shiro.negotiate.NegotiateInfo

Bug Category Details Line Priority
waffle.shiro.negotiate.NegotiateInfo.getCredentials() may expose internal representation by returning NegotiateInfo.subject MALICIOUS_CODE EI_EXPOSE_REP 84 Medium
new waffle.shiro.negotiate.NegotiateInfo(Subject, String) may expose internal representation by storing an externally mutable object into NegotiateInfo.subject MALICIOUS_CODE EI_EXPOSE_REP2 63 Medium
Class waffle.shiro.negotiate.NegotiateInfo defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium

waffle.shiro.negotiate.NegotiateToken

Bug Category Details Line Priority
waffle.shiro.negotiate.NegotiateToken.getCredentials() may expose internal representation by returning NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP 148 Medium
waffle.shiro.negotiate.NegotiateToken.getSubject() may expose internal representation by returning NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP 200 Medium
new waffle.shiro.negotiate.NegotiateToken(byte[], byte[], String, String, boolean, boolean, String) may expose internal representation by storing an externally mutable object into NegotiateToken.in MALICIOUS_CODE EI_EXPOSE_REP2 109 Medium
new waffle.shiro.negotiate.NegotiateToken(byte[], byte[], String, String, boolean, boolean, String) may expose internal representation by storing an externally mutable object into NegotiateToken.out MALICIOUS_CODE EI_EXPOSE_REP2 110 Medium
waffle.shiro.negotiate.NegotiateToken.setSubject(Subject) may expose internal representation by storing an externally mutable object into NegotiateToken.subject MALICIOUS_CODE EI_EXPOSE_REP2 182 Medium
Class waffle.shiro.negotiate.NegotiateToken defines a computed serialVersionUID that doesn't equate to the calculated value CORRECTNESS IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID Not available Medium