SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 29 |
35 |
0 |
3 |
waffle.mock.MockWindowsIdentity
| Bug |
Category |
Details |
Line |
Priority |
| new waffle.mock.MockWindowsIdentity(String, List) may expose internal representation by storing an externally mutable object into MockWindowsIdentity.groups |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| Method waffle.mock.MockWindowsIdentity.getGroups() does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
66 |
Medium |
waffle.mock.http.SimpleFilterChain
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleFilterChain.getRequest() may expose internal representation by returning SimpleFilterChain.request |
MALICIOUS_CODE |
EI_EXPOSE_REP |
50 |
Medium |
| waffle.mock.http.SimpleFilterChain.getResponse() may expose internal representation by returning SimpleFilterChain.response |
MALICIOUS_CODE |
EI_EXPOSE_REP |
59 |
Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.request |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
64 |
Medium |
| waffle.mock.http.SimpleFilterChain.doFilter(ServletRequest, ServletResponse) may expose internal representation by storing an externally mutable object into SimpleFilterChain.response |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
65 |
Medium |
waffle.mock.http.SimpleHttpRequest
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleHttpRequest.getSession() may expose internal representation by returning SimpleHttpRequest.session |
MALICIOUS_CODE |
EI_EXPOSE_REP |
180 |
Medium |
| waffle.mock.http.SimpleHttpRequest.getSession(boolean) may expose internal representation by returning SimpleHttpRequest.session |
MALICIOUS_CODE |
EI_EXPOSE_REP |
188 |
Medium |
| This method waffle.mock.http.SimpleHttpRequest.setQueryString(String) parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
205 |
Medium |
waffle.mock.http.SimpleHttpResponse
| Bug |
Category |
Details |
Line |
Priority |
| waffle.mock.http.SimpleHttpResponse.getOutputStream() may expose internal representation by returning SimpleHttpResponse.out |
MALICIOUS_CODE |
EI_EXPOSE_REP |
203 |
Medium |
| waffle.mock.http.SimpleHttpResponse.getWriter() may expose internal representation by returning SimpleHttpResponse.writer |
MALICIOUS_CODE |
EI_EXPOSE_REP |
198 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
142 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
145 |
Medium |
waffle.mock.http.SimpleRequestDispatcher
| Bug |
Category |
Details |
Line |
Priority |
| The following redirection could be used by an attacker to redirect users to a phishing website. |
SECURITY |
UNVALIDATED_REDIRECT |
57 |
Medium |
waffle.servlet.ImpersonateTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.servlet.ImpersonateTest.testImpersonateDisabled() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
185 |
High |
| Method waffle.servlet.ImpersonateTest.testImpersonateEnabled() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
139 |
High |
waffle.servlet.NegotiateSecurityFilterTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
112 |
Medium |
| Method waffle.servlet.NegotiateSecurityFilterTest.testChallengeGET() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
113 |
Medium |
waffle.servlet.WindowsPrincipalTest
| Bug |
Category |
Details |
Line |
Priority |
| Object deserialization is used in waffle.servlet.WindowsPrincipalTest.testIsSerializable() |
SECURITY |
OBJECT_DESERIALIZATION |
78 |
High |
waffle.util.AuthorizationHeaderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.util.AuthorizationHeaderTest.testGetSecurityPackage() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
65 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1Message() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
77 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsNtlmType1PostAuthorizationHeader() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
96 |
Medium |
| Method waffle.util.AuthorizationHeaderTest.testIsSPNegoPostAuthorizationHeader() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
132 |
Medium |
waffle.windows.auth.WindowsAuthProviderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method waffle.windows.auth.WindowsAuthProviderTest.testImpersonateLoggedOnUser() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
115 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
199 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
306 |
High |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
129 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
131 |
Medium |
| To make log readable, log format ({}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
132 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
137 |
Medium |
| To make log readable, log format ({}: {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
154 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
201 |
Medium |
| To make log readable, log format ( {}) should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
308 |
Medium |
