SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 29 | 50 | 0 | 3 |
Files
waffle.mock.MockWindowsAuthProvider
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.mock.MockWindowsAuthProvider.logonUser(String, String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 111 | High |
waffle.mock.MockWindowsIdentity
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new waffle.mock.MockWindowsIdentity(String, List) may expose internal representation by storing an externally mutable object into MockWindowsIdentity.groups | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
| Method waffle.mock.MockWindowsIdentity.getGroups() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 66 | Medium |
waffle.mock.http.SimpleFilterChain
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| waffle.mock.http.SimpleFilterChain.getRequest() may expose internal representation by returning SimpleFilterChain.request | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
| waffle.mock.http.SimpleFilterChain.getResponse() may expose internal representation by returning SimpleFilterChain.response | MALICIOUS_CODE | EI_EXPOSE_REP | 59 | Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.request | MALICIOUS_CODE | EI_EXPOSE_REP2 | 64 | Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.response | MALICIOUS_CODE | EI_EXPOSE_REP2 | 65 | Medium |
waffle.mock.http.SimpleHttpRequest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| waffle.mock.http.SimpleHttpRequest.getSession() may expose internal representation by returning SimpleHttpRequest.session | MALICIOUS_CODE | EI_EXPOSE_REP | 180 | Medium |
| waffle.mock.http.SimpleHttpRequest.getSession(boolean) may expose internal representation by returning SimpleHttpRequest.session | MALICIOUS_CODE | EI_EXPOSE_REP | 188 | Medium |
| This method waffle.mock.http.SimpleHttpRequest.setQueryString(String) parses a String that is a field | STYLE | STT_STRING_PARSING_A_FIELD | 205 | Medium |
waffle.mock.http.SimpleHttpResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| waffle.mock.http.SimpleHttpResponse.getOutputStream() may expose internal representation by returning SimpleHttpResponse.out | MALICIOUS_CODE | EI_EXPOSE_REP | 203 | Medium |
| waffle.mock.http.SimpleHttpResponse.getWriter() may expose internal representation by returning SimpleHttpResponse.writer | MALICIOUS_CODE | EI_EXPOSE_REP | 198 | Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 142 | Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 145 | Medium |
waffle.mock.http.SimpleHttpResponse$1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method waffle.mock.http.SimpleHttpResponse$1.write(int) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 66 | Medium |
waffle.mock.http.SimpleRequestDispatcher
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The following redirection could be used by an attacker to redirect users to a phishing website. | SECURITY | UNVALIDATED_REDIRECT | 57 | Medium |
waffle.servlet.ImpersonateTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 186 | High |
| Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 140 | High |
| This method waffle.servlet.ImpersonateTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 80 | Medium |
| This method waffle.servlet.ImpersonateTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 81 | Medium |
waffle.servlet.NegotiateSecurityFilterTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 111 | Medium |
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 112 | Medium |
| Method waffle.servlet.NegotiateSecurityFilterTest.testNegotiate() calls String.toUpperCase() on a String Literal | CORRECTNESS | SPP_CONVERSION_OF_STRING_LITERAL | 224 | Medium |
waffle.servlet.WaffleInfoServletTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 117 | Medium |
waffle.servlet.WindowsPrincipalTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.servlet.WindowsPrincipalTest.testIsSerializable() creates Boxed primitive from primitive only to get primitive value | PERFORMANCE | NAB_NEEDLESS_BOX_TO_UNBOX | 83 | Medium |
| Object deserialization is used in waffle.servlet.WindowsPrincipalTest.testIsSerializable() | SECURITY | OBJECT_DESERIALIZATION | 78 | High |
waffle.util.AuthorizationHeaderTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.util.AuthorizationHeaderTest.testGetSecurityPackage() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 65 | Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1Message() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 77 | Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1PostAuthorizationHeader() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 96 | Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsSPNegoPostAuthorizationHeader() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 132 | Medium |
waffle.windows.auth.WindowsAuthProviderTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method waffle.windows.auth.WindowsAuthProviderTest.testImpersonateLoggedOnUser() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 116 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 130 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 132 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 133 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 200 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 307 | High |
| To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 138 | Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 155 | Medium |
| To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 202 | Medium |
| To make log readable, log format ( {}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 309 | Medium |
| Method waffle.windows.auth.WindowsAuthProviderTest.testLogonUser() calls toString() on a String | CORRECTNESS | SPP_TOSTRING_ON_STRING | 90 | Medium |
| This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 105 | Medium |
| This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 106 | Medium |
| This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 83 | Medium |
| This method waffle.windows.auth.WindowsAuthProviderTest stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 84 | Medium |