SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 29 |
33 |
0 |
3 |
waffle.mock.MockWindowsIdentity
| Bug |
Category |
Details |
Line |
Priority |
| new waffle.mock.MockWindowsIdentity(String, List) may expose internal representation by storing an externally mutable object into MockWindowsIdentity.groups |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| Method waffle.mock.MockWindowsIdentity.getGroups() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
66 |
Medium |
waffle.mock.http.SimpleFilterChain
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleFilterChain.getRequest() may expose internal representation by returning SimpleFilterChain.request |
MALICIOUS_CODE |
EI_EXPOSE_REP |
50 |
Medium |
| waffle.mock.http.SimpleFilterChain.getResponse() may expose internal representation by returning SimpleFilterChain.response |
MALICIOUS_CODE |
EI_EXPOSE_REP |
59 |
Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.request |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
64 |
Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.response |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
65 |
Medium |
waffle.mock.http.SimpleHttpRequest
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleHttpRequest.getSession() may expose internal representation by returning SimpleHttpRequest.session |
MALICIOUS_CODE |
EI_EXPOSE_REP |
180 |
Medium |
| waffle.mock.http.SimpleHttpRequest.getSession(boolean) may expose internal representation by returning SimpleHttpRequest.session |
MALICIOUS_CODE |
EI_EXPOSE_REP |
188 |
Medium |
| This method waffle.mock.http.SimpleHttpRequest.setQueryString(String) parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
205 |
Medium |
waffle.mock.http.SimpleHttpResponse
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleHttpResponse.getOutputStream() may expose internal representation by returning SimpleHttpResponse.out |
MALICIOUS_CODE |
EI_EXPOSE_REP |
203 |
Medium |
| waffle.mock.http.SimpleHttpResponse.getWriter() may expose internal representation by returning SimpleHttpResponse.writer |
MALICIOUS_CODE |
EI_EXPOSE_REP |
198 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
142 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
145 |
Medium |
waffle.servlet.ImpersonateTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() makes literal string comparisons passing the literal as an argument |
STYLE |
LSC_LITERAL_STRING_COMPARISON |
140 |
High |
| Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
186 |
High |
| Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
140 |
High |
waffle.servlet.NegotiateSecurityFilterTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
113 |
Medium |
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
114 |
Medium |
waffle.servlet.WindowsPrincipalTest
| Bug |
Category |
Details |
Line |
Priority |
| Object deserialization is used in waffle.servlet.WindowsPrincipalTest.testIsSerializable() |
SECURITY |
OBJECT_DESERIALIZATION |
78 |
High |
waffle.util.AuthorizationHeaderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.util.AuthorizationHeaderTest.testGetSecurityPackage() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
65 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1Message() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
77 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1PostAuthorizationHeader() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
96 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsSPNegoPostAuthorizationHeader() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
132 |
Medium |
waffle.windows.auth.WindowsAuthProviderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.windows.auth.WindowsAuthProviderTest.testImpersonateLoggedOnUser() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
115 |
High |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
129 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
131 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
132 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
137 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
154 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
199 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
201 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
306 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
308 |
Medium |
