FindBugs Report

Project Information

Project:

FindBugs version: 3.0.1

Code analyzed:



Metrics

1056 lines of code analyzed, in 41 classes, in 8 packages.

Metric Total Density*
High Priority Warnings 0.00
Medium Priority Warnings 15 14.20
Low Priority Warnings 11 10.42
Total Warnings 26 24.62

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 6
Experimental Warnings 3
Internationalization Warnings 1
Malicious code vulnerability Warnings 4
Performance Warnings 6
Dodgy code Warnings 6
Total 26

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
OS au.com.mountainpass.hyperstate.server.config.HyperstateTestConfiguration.trustStore() may fail to close stream
OS au.com.mountainpass.hyperstate.server.config.HyperstateTestKeyStoreManager.createKeyStore(String, String, String, String, String, String, String, String) may fail to close stream on exception
OS au.com.mountainpass.hyperstate.server.config.HyperstateTestKeyStoreManager.createSelfSignedCertificate(KeyPair, String, String, String, String, String) may fail to close stream on exception
Se Class au.com.mountainpass.hyperstate.client.AutowiringDeserializer defines non-transient non-serializable instance field context
Se Class au.com.mountainpass.hyperstate.client.EntityWrapperProxyDeserializer defines non-transient non-serializable instance field context
Se Class au.com.mountainpass.hyperstate.server.entities.AccountProperties defines non-transient non-serializable instance field LOGGER

Experimental Warnings

Code Warning
OBL au.com.mountainpass.hyperstate.server.config.HyperstateTestConfiguration.trustStore() may fail to clean up java.io.InputStream
OBL au.com.mountainpass.hyperstate.server.config.HyperstateTestKeyStoreManager.createKeyStore(String, String, String, String, String, String, String, String) may fail to clean up java.io.OutputStream on checked exception
OBL au.com.mountainpass.hyperstate.server.config.HyperstateTestKeyStoreManager.createSelfSignedCertificate(KeyPair, String, String, String, String, String) may fail to clean up java.io.OutputStream on checked exception

Internationalization Warnings

Code Warning
Dm Use of non-localized String.toUpperCase() or String.toLowerCase() in au.com.mountainpass.hyperstate.client.webdriver.WebDriverResolver$2$1.intercept(Object, Method, Object[], MethodProxy)

Malicious code vulnerability Warnings

Code Warning
EI2 au.com.mountainpass.hyperstate.client.builder.EntityRelationshipBuilder.setClass(String[]) may expose internal representation by storing an externally mutable object into EntityRelationshipBuilder.entityNatures
EI2 au.com.mountainpass.hyperstate.client.builder.EntityRelationshipBuilder.setRel(String[]) may expose internal representation by storing an externally mutable object into EntityRelationshipBuilder.relationshipNatures
EI2 au.com.mountainpass.hyperstate.client.builder.NavigationalRelationshipBuilder.setHref(String[]) may expose internal representation by storing an externally mutable object into NavigationalRelationshipBuilder.natures
EI2 au.com.mountainpass.hyperstate.client.builder.RestActionBuilder.setFields(Parameter[]) may expose internal representation by storing an externally mutable object into RestActionBuilder.fields

Performance Warnings

Code Warning
SIC The class au.com.mountainpass.hyperstate.client.EntityWrapperProxyDeserializer$1 could be refactored into a named _static_ inner class
UrF Unread field: au.com.mountainpass.hyperstate.client.builder.EntityRelationshipBuilder.type
UrF Unread field: au.com.mountainpass.hyperstate.client.SpringBeanHandlerInstantiator.applicationContext
UrF Unread field: au.com.mountainpass.hyperstate.client.webdriver.WebDriverResolver.LOGGER
UrF Unread field: au.com.mountainpass.hyperstate.server.InMemoryRepository.children
UrF Unread field: au.com.mountainpass.hyperstate.server.StepDefs$AccountBuilder.path

Dodgy code Warnings

Code Warning
NP driver must be non-null but is marked as nullable
UrF Unread public/protected field: au.com.mountainpass.hyperstate.server.config.HyperstateTestKeyStoreManager.LOGGER
UrF Unread public/protected field: au.com.mountainpass.hyperstate.server.StepDefs.LOGGER
UwF RestActionBuilder.method not initialized in constructor and dereferenced in au.com.mountainpass.hyperstate.client.builder.RestActionBuilder.build()
UwF RestLink.restTemplate not initialized in constructor and dereferenced in au.com.mountainpass.hyperstate.client.RestLink.resolve(Class)
UwF RestLink.restTemplate not initialized in constructor and dereferenced in au.com.mountainpass.hyperstate.client.RestLink.resolve(ParameterizedTypeReference)

Details

DM_CONVERT_CASE: Consider using Locale parameterized version of invoked method

A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

versions instead.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE: Parameter must be non-null but is marked as nullable

This parameter is always used in a way that requires it to be non-null, but the parameter is explicitly annotated as being Nullable. Either the use of the parameter or the annotation is wrong.

OBL_UNSATISFIED_OBLIGATION: Method may fail to clean up stream or resource

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. To send feedback, either:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a description of the analysis technique.

OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE: Method may fail to clean up stream or resource on checked exception

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. To send feedback, either:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a description of the analysis technique.

OS_OPEN_STREAM: Method may fail to close stream

The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

OS_OPEN_STREAM_EXCEPTION_PATH: Method may fail to close stream on exception

The method creates an IO stream object, does not assign it to any fields, pass it to other methods, or return it, and does not appear to close it on all possible exception paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

SE_BAD_FIELD: Non-transient non-serializable instance field in serializable class

This Serializable class defines a non-primitive instance field which is neither transient, Serializable, or java.lang.Object, and does not appear to implement the Externalizable interface or the readObject() and writeObject() methods.  Objects of this class will not be deserialized correctly if a non-Serializable object is stored in this field.

SIC_INNER_SHOULD_BE_STATIC_ANON: Could be refactored into a named static inner class

This class is an inner class, but does not use its embedded reference to the object which created it.  This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary.  If possible, the class should be made into a static inner class. Since anonymous inner classes cannot be marked as static, doing this will require refactoring the inner class so that it is a named inner class.

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.

URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD: Unread public/protected field

This field is never read.  The field is public or protected, so perhaps it is intended to be used with classes not seen as part of the analysis. If not, consider removing it from the class.

UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR: Field not initialized in constructor but dereferenced without null check

This field is never initialized within any constructor, and is therefore could be null after the object is constructed. Elsewhere, it is loaded and dereferenced without a null check. This could be a either an error or a questionable design, since it means a null pointer exception will be generated if that field is dereferenced before being initialized.