Apache Software Foundation
Apache Tiles™
SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.10.2
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 34 | 42 | 8 | 0 |
Files
org.apache.tiles.servlet.context.ExternalWriterHttpServletResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.tiles.servlet.context.ExternalWriterHttpServletResponse.getWriter() may expose internal representation by returning ExternalWriterHttpServletResponse.writer | MALICIOUS_CODE | EI_EXPOSE_REP | 59 | Medium |
| new org.apache.tiles.servlet.context.ExternalWriterHttpServletResponse(HttpServletResponse, PrintWriter) may expose internal representation by storing an externally mutable object into ExternalWriterHttpServletResponse.writer | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
org.apache.tiles.servlet.context.ServletApplicationScopeMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletApplicationScopeMap assumes the argument is of type ServletApplicationScopeMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 113 | Medium |
| org.apache.tiles.servlet.context.ServletApplicationScopeMap.putAll(Map) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 176 | Medium |
org.apache.tiles.servlet.context.ServletHeaderMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletHeaderMap assumes the argument is of type ServletHeaderMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 124 | Medium |
org.apache.tiles.servlet.context.ServletHeaderValuesMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletHeaderValuesMap assumes the argument is of type ServletHeaderValuesMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 121 | Medium |
org.apache.tiles.servlet.context.ServletInitParamMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletInitParamMap assumes the argument is of type ServletInitParamMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 104 | Medium |
org.apache.tiles.servlet.context.ServletParamMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletParamMap assumes the argument is of type ServletParamMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 105 | Medium |
org.apache.tiles.servlet.context.ServletParamValuesMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletParamValuesMap assumes the argument is of type ServletParamValuesMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 119 | Medium |
| Using .equals to compare two String[]'s, (equivalent to ==) in org.apache.tiles.servlet.context.ServletParamValuesMap.equals(Object) | CORRECTNESS | EC_BAD_ARRAY_COMPARE | 126 | Medium |
org.apache.tiles.servlet.context.ServletRequestScopeMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Equals method for org.apache.tiles.servlet.context.ServletRequestScopeMap assumes the argument is of type ServletRequestScopeMap | BAD_PRACTICE | BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS | 112 | Medium |
| org.apache.tiles.servlet.context.ServletRequestScopeMap.putAll(Map) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 175 | Medium |
org.apache.tiles.servlet.context.ServletSessionScopeMap
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Nullcheck of session at line 127 of value previously dereferenced in org.apache.tiles.servlet.context.ServletSessionScopeMap.equals(Object) | CORRECTNESS | RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | 127 | High |
| org.apache.tiles.servlet.context.ServletSessionScopeMap.putAll(Map) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 209 | Medium |
org.apache.tiles.servlet.context.ServletTilesApplicationContext
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getResources(String) is or uses a map or set of URLs, which can be a performance hog | PERFORMANCE | DMI_COLLECTION_OF_URLS | 105 | High |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getResources(String) is or uses a map or set of URLs, which can be a performance hog | PERFORMANCE | DMI_COLLECTION_OF_URLS | 106 | High |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getApplicationScope() may expose internal representation by returning ServletTilesApplicationContext.applicationScope | MALICIOUS_CODE | EI_EXPOSE_REP | 83 | Medium |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getContext() may expose internal representation by returning ServletTilesApplicationContext.servletContext | MALICIOUS_CODE | EI_EXPOSE_REP | 74 | Medium |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getInitParams() may expose internal representation by returning ServletTilesApplicationContext.initParam | MALICIOUS_CODE | EI_EXPOSE_REP | 94 | Medium |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.getServletContext() may expose internal representation by returning ServletTilesApplicationContext.servletContext | MALICIOUS_CODE | EI_EXPOSE_REP | 117 | Medium |
| org.apache.tiles.servlet.context.ServletTilesApplicationContext.initialize(ServletContext) may expose internal representation by storing an externally mutable object into ServletTilesApplicationContext.servletContext | MALICIOUS_CODE | EI_EXPOSE_REP2 | 129 | Medium |
org.apache.tiles.servlet.context.ServletTilesContextFactory
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| instanceof will always return true for all non-null values in org.apache.tiles.servlet.context.ServletTilesContextFactory.init(Map), since all org.apache.tiles.servlet.context.ServletTilesApplicationContextFactory are instances of org.apache.tiles.Initializable | STYLE | BC_VACUOUS_INSTANCEOF | 80 | Medium |
org.apache.tiles.servlet.context.ServletTilesRequestContext
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getHeader() may expose internal representation by returning ServletTilesRequestContext.header | MALICIOUS_CODE | EI_EXPOSE_REP | 153 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getHeaderValues() may expose internal representation by returning ServletTilesRequestContext.headerValues | MALICIOUS_CODE | EI_EXPOSE_REP | 164 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getOutputStream() may expose internal representation by returning ServletTilesRequestContext.outputStream | MALICIOUS_CODE | EI_EXPOSE_REP | 272 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getParam() may expose internal representation by returning ServletTilesRequestContext.param | MALICIOUS_CODE | EI_EXPOSE_REP | 175 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getParamValues() may expose internal representation by returning ServletTilesRequestContext.paramValues | MALICIOUS_CODE | EI_EXPOSE_REP | 186 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getPrintWriter() may expose internal representation by returning ServletTilesRequestContext.writer | MALICIOUS_CODE | EI_EXPOSE_REP | 285 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getRequestObjects() may expose internal representation by returning ServletTilesRequestContext.requestObjects | MALICIOUS_CODE | EI_EXPOSE_REP | 310 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getRequestScope() may expose internal representation by returning ServletTilesRequestContext.requestScope | MALICIOUS_CODE | EI_EXPOSE_REP | 197 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getResponse() may expose internal representation by returning ServletTilesRequestContext.response | MALICIOUS_CODE | EI_EXPOSE_REP | 320 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.getSessionScope() may expose internal representation by returning ServletTilesRequestContext.sessionScope | MALICIOUS_CODE | EI_EXPOSE_REP | 208 | Medium |
| org.apache.tiles.servlet.context.ServletTilesRequestContext.initialize(HttpServletRequest, HttpServletResponse) may expose internal representation by storing an externally mutable object into ServletTilesRequestContext.response | MALICIOUS_CODE | EI_EXPOSE_REP2 | 335 | Medium |
| RequestDispatcher populated with user controlled parameters | SECURITY | REQUESTDISPATCHER_FILE_DISCLOSURE | 241 | Medium |
| RequestDispatcher populated with user controlled parameters | SECURITY | REQUESTDISPATCHER_FILE_DISCLOSURE | 260 | Medium |
org.apache.tiles.web.startup.TilesFilter$ServletConfigAdapter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Should org.apache.tiles.web.startup.TilesFilter$ServletConfigAdapter be a _static_ inner class? | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC | 159 | Medium |
org.apache.tiles.web.util.ServletContextAdapter$CompositeEnumeration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Should org.apache.tiles.web.util.ServletContextAdapter$CompositeEnumeration be a _static_ inner class? | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC | 233 | Medium |
org.apache.tiles.web.util.TilesDispatchServlet
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This use of org/slf4j/Logger.info(Ljava/lang/String;)V might be used to include CRLF characters into log messages | SECURITY | CRLF_INJECTION_LOGS | 98 | Medium |
org.apache.tiles.web.util.TilesDispatchServlet$DefaultMutator
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Should org.apache.tiles.web.util.TilesDispatchServlet$DefaultMutator be a _static_ inner class? | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC | 131 | Medium |
org.apache.tiles.servlet.context.wildcard.WildcardServletTilesApplicationContext
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The class name org.apache.tiles.servlet.context.wildcard.WildcardServletTilesApplicationContext shadows the simple name of the superclass org.apache.tiles.servlet.wildcard.WildcardServletTilesApplicationContext | BAD_PRACTICE | NM_SAME_SIMPLE_NAME_AS_SUPERCLASS | 48 | High |
org.apache.tiles.servlet.wildcard.WildcardServletTilesApplicationContext
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.tiles.servlet.wildcard.WildcardServletTilesApplicationContext.getResources(String) is or uses a map or set of URLs, which can be a performance hog | PERFORMANCE | DMI_COLLECTION_OF_URLS | 85 | High |
| org.apache.tiles.servlet.wildcard.WildcardServletTilesApplicationContext.getResources(String) is or uses a map or set of URLs, which can be a performance hog | PERFORMANCE | DMI_COLLECTION_OF_URLS | 90 | High |