SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 18 |
22 |
0 |
3 |
waffle.spring.DelegatingNegotiateSecurityFilter
waffle.spring.DelegatingNegotiateSecurityFilterTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.spring.DelegatingNegotiateSecurityFilterTest.testNegotiate() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
135 |
Medium |
waffle.spring.ImpersonateTest
waffle.spring.NegotiateSecurityFilter
| Bug |
Category |
Details |
Line |
Priority |
| This use of org/slf4j/Logger.debug(Ljava/lang/String;[Ljava/lang/Object;)V might be used to include CRLF characters into log messages |
SECURITY |
CRLF_INJECTION_LOGS |
95 |
Medium |
| Unconstrained method waffle.spring.NegotiateSecurityFilter.sendUnauthorized(HttpServletResponse, boolean) converts checked exception to unchecked |
STYLE |
EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS |
211 |
High |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
114 |
Medium |
waffle.spring.NegotiateSecurityFilterEntryPointTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.spring.NegotiateSecurityFilterEntryPointTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
87 |
Medium |
| Method waffle.spring.NegotiateSecurityFilterEntryPointTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
88 |
Medium |
waffle.spring.NegotiateSecurityFilterTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.spring.NegotiateSecurityFilterTest.testNegotiate() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
162 |
Medium |
waffle.spring.WindowsAuthenticationProviderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.spring.WindowsAuthenticationProviderTest.testAuthenticate() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
115 |
Medium |
| Method waffle.spring.WindowsAuthenticationProviderTest.testAuthenticateWithCustomGrantedAuthorityFactory() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
146 |
Medium |
waffle.spring.WindowsAuthenticationToken
| Bug |
Category |
Details |
Line |
Priority |
| waffle.spring.WindowsAuthenticationToken.getAuthorities() may expose internal representation by returning WindowsAuthenticationToken.authorities |
MALICIOUS_CODE |
EI_EXPOSE_REP |
108 |
Medium |
| Method new waffle.spring.WindowsAuthenticationToken(WindowsPrincipal, GrantedAuthorityFactory, GrantedAuthority) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
102 |
Medium |
waffle.spring.WindowsAuthenticationTokenTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.spring.WindowsAuthenticationTokenTest.testCustomGrantedAuthorityFactory() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
104 |
Medium |
| Method waffle.spring.WindowsAuthenticationTokenTest.testWindowsAuthenticationToken() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
77 |
Medium |
