SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is
Summary
Classes | Bugs | Errors | Missing Classes |
---|---|---|---|
29 | 54 | 0 | 3 |
Files
waffle.mock.MockWindowsAuthProvider
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.mock.MockWindowsAuthProvider.logonUser(String, String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 111 | High |
waffle.mock.MockWindowsIdentity
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
new waffle.mock.MockWindowsIdentity(String, List) may expose internal representation by storing an externally mutable object into MockWindowsIdentity.groups | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
Method waffle.mock.MockWindowsIdentity.getGroups() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 66 | Medium |
waffle.mock.http.SimpleFilterChain
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
waffle.mock.http.SimpleFilterChain.getRequest() may expose internal representation by returning SimpleFilterChain.request | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
waffle.mock.http.SimpleFilterChain.getResponse() may expose internal representation by returning SimpleFilterChain.response | MALICIOUS_CODE | EI_EXPOSE_REP | 59 | Medium |
waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.request | MALICIOUS_CODE | EI_EXPOSE_REP2 | 64 | Medium |
waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.response | MALICIOUS_CODE | EI_EXPOSE_REP2 | 65 | Medium |
waffle.mock.http.SimpleHttpRequest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
waffle.mock.http.SimpleHttpRequest.getSession() may expose internal representation by returning SimpleHttpRequest.session | MALICIOUS_CODE | EI_EXPOSE_REP | 180 | Medium |
waffle.mock.http.SimpleHttpRequest.getSession(boolean) may expose internal representation by returning SimpleHttpRequest.session | MALICIOUS_CODE | EI_EXPOSE_REP | 188 | Medium |
This method waffle.mock.http.SimpleHttpRequest.setQueryString(String) parses a String that is a field | STYLE | STT_STRING_PARSING_A_FIELD | 205 | Medium |
waffle.mock.http.SimpleHttpResponse
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
waffle.mock.http.SimpleHttpResponse.getOutputStream() may expose internal representation by returning SimpleHttpResponse.out | MALICIOUS_CODE | EI_EXPOSE_REP | 203 | Medium |
waffle.mock.http.SimpleHttpResponse.getWriter() may expose internal representation by returning SimpleHttpResponse.writer | MALICIOUS_CODE | EI_EXPOSE_REP | 198 | Medium |
To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 142 | Medium |
To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 145 | Medium |
waffle.mock.http.SimpleHttpResponse$1
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Non derivable method waffle.mock.http.SimpleHttpResponse$1.write(int) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 66 | Medium |
waffle.servlet.ImpersonateTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 161 | High |
Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 187 | High |
Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 113 | High |
Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 141 | High |
Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 187 | High |
Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 141 | High |
This method waffle.servlet.ImpersonateTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 81 | Medium |
This method waffle.servlet.ImpersonateTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 82 | Medium |
waffle.servlet.NegotiateSecurityFilterTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 112 | Medium |
Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 113 | Medium |
Method waffle.servlet.NegotiateSecurityFilterTest.testNegotiate() calls String.toUpperCase() on a String Literal | CORRECTNESS | SPP_CONVERSION_OF_STRING_LITERAL | 225 | Medium |
waffle.servlet.WaffleInfoServletTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 114 | Medium |
waffle.servlet.WindowsPrincipalTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.servlet.WindowsPrincipalTest.testIsSerializable() creates Boxed primitive from primitive only to get primitive value | PERFORMANCE | NAB_NEEDLESS_BOX_TO_UNBOX | 83 | Medium |
Object deserialization is used in waffle.servlet.WindowsPrincipalTest.testIsSerializable() | SECURITY | OBJECT_DESERIALIZATION | 78 | High |
waffle.util.AuthorizationHeaderTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.util.AuthorizationHeaderTest.testGetSecurityPackage() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 65 | Medium |
Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1Message() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 77 | Medium |
Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1PostAuthorizationHeader() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 96 | Medium |
Method waffle.util.AuthorizationHeaderTest.testIsSPNegoPostAuthorizationHeader() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 132 | Medium |
waffle.windows.auth.WindowsAuthProviderTest
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method waffle.windows.auth.WindowsAuthProviderTest.testImpersonateLoggedOnUser() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 116 | High |
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 130 | High |
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 132 | High |
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 133 | High |
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 200 | High |
Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 307 | High |
To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 138 | Medium |
To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 155 | Medium |
To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 202 | Medium |
To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 309 | Medium |
Method waffle.windows.auth.WindowsAuthProviderTest.testImpersonateLoggedOnUser() calls toString() on a String | CORRECTNESS | SPP_TOSTRING_ON_STRING | 112 | Medium |
Method waffle.windows.auth.WindowsAuthProviderTest.testLogonUser() calls toString() on a String | CORRECTNESS | SPP_TOSTRING_ON_STRING | 90 | Medium |
This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 105 | Medium |
This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 106 | Medium |
This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 83 | Medium |
This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 84 | Medium |