SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is max
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 485 | 676 | 0 | 3 |
Files
psiprobe.AbstractTomcatContainer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.AbstractTomcatContainer.compileItem(String, Options, Context, JspRuntimeContext, Summary, URLClassLoader, int, boolean) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 549 | Medium |
| psiprobe.AbstractTomcatContainer.listContextJsps(Context, Summary, boolean) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block | MALICIOUS_CODE | DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED | 423 | Medium |
| psiprobe.AbstractTomcatContainer.recompileJsps(Context, Summary, List) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block | MALICIOUS_CODE | DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED | 355 | Medium |
| Class psiprobe.AbstractTomcatContainer uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 402 | Medium |
| Class psiprobe.AbstractTomcatContainer uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 346 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 317 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 121 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 123 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 140 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 463 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 208 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 211 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 220 | Medium |
| To prevent illegal usage, logger should be private field. Change this field (logger) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 110 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 385 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 428 | Medium |
psiprobe.AwtAppContextClassloaderListenerTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.AwtAppContextClassloaderListenerTest.contextInitializedErrorTest() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 61 | Medium |
| Method psiprobe.AwtAppContextClassloaderListenerTest.contextInitializedTest() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 48 | Medium |
psiprobe.ProbeConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 196 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 219 | Medium |
psiprobe.ProbeConfigScheduler
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getAppStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 194 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getClusterStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 155 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getConnectorStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 142 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getDatasourceStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 207 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getMemoryStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 168 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getRuntimeStatsTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 181 | Medium |
| Possible null pointer dereference in psiprobe.ProbeConfigScheduler.getStatsSerializerTrigger() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 220 | Medium |
psiprobe.ProbeServlet
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.ProbeServlet.getWrapper() may expose internal representation by returning ProbeServlet.wrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 48 | Medium |
| psiprobe.ProbeServlet.setWrapper(Wrapper) may expose internal representation by storing an externally mutable object into ProbeServlet.wrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
| Possible null pointer dereference in psiprobe.ProbeServlet.getContainerWrapperBean() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 101 | Medium |
psiprobe.Utils
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.Utils.delete(File) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 131 | Medium |
| java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder; is potentially injected into an XML string in method psiprobe.Utils.highlightStream(String, InputStream, String, String). | SECURITY | POTENTIAL_XML_INJECTION | 466 | Medium |
| java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder; is potentially injected into an XML string in method psiprobe.Utils.highlightStream(String, InputStream, String, String). | SECURITY | POTENTIAL_XML_INJECTION | 468 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 342 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 352 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 568 | Medium |
| This method psiprobe.Utils.getJspEncoding(InputStream) continues a loop after finding an equality condition | CORRECTNESS | SLS_SUSPICIOUS_LOOP_SEARCH | 289 | Medium |
psiprobe.beans.ClusterWrapperBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.beans.ClusterWrapperBean.getCluster(String, String, boolean) excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 47-188 | Medium |
psiprobe.beans.ContainerListenerBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.ContainerListenerBean.getContainerWrapper() may expose internal representation by returning ContainerListenerBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 78 | Medium |
| psiprobe.beans.ContainerListenerBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into ContainerListenerBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 87 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 360 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 379 | Medium |
psiprobe.beans.ContainerWrapperBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible exposure of partially initialized object in psiprobe.beans.ContainerWrapperBean.setWrapper(Wrapper) | MT_CORRECTNESS | DC_PARTIALLY_CONSTRUCTED | 107 | Medium |
| psiprobe.beans.ContainerWrapperBean.getAdapterClasses() may expose internal representation by returning ContainerWrapperBean.adapterClasses | MALICIOUS_CODE | EI_EXPOSE_REP | 153 | Medium |
| psiprobe.beans.ContainerWrapperBean.getResourceResolvers() may expose internal representation by returning ContainerWrapperBean.resourceResolvers | MALICIOUS_CODE | EI_EXPOSE_REP | 189 | Medium |
| psiprobe.beans.ContainerWrapperBean.getTomcatContainer() may expose internal representation by returning ContainerWrapperBean.tomcatContainer | MALICIOUS_CODE | EI_EXPOSE_REP | 144 | Medium |
| psiprobe.beans.ContainerWrapperBean.setAdapterClasses(List) may expose internal representation by storing an externally mutable object into ContainerWrapperBean.adapterClasses | MALICIOUS_CODE | EI_EXPOSE_REP2 | 162 | Medium |
| psiprobe.beans.ContainerWrapperBean.setResourceResolvers(Map) may expose internal representation by storing an externally mutable object into ContainerWrapperBean.resourceResolvers | MALICIOUS_CODE | EI_EXPOSE_REP2 | 198 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 116 | Medium |
psiprobe.beans.JBossResourceResolverBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.beans.JBossResourceResolverBean.resetResource(Context, String, ContainerWrapperBean) throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 179 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 178 | Medium |
psiprobe.beans.LogResolverBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.LogResolverBean.getContainerWrapper() may expose internal representation by returning LogResolverBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 81 | Medium |
| psiprobe.beans.LogResolverBean.getStdoutFiles() may expose internal representation by returning LogResolverBean.stdoutFiles | MALICIOUS_CODE | EI_EXPOSE_REP | 99 | Medium |
| psiprobe.beans.LogResolverBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into LogResolverBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 90 | Medium |
| psiprobe.beans.LogResolverBean.setStdoutFiles(List) may expose internal representation by storing an externally mutable object into LogResolverBean.stdoutFiles | MALICIOUS_CODE | EI_EXPOSE_REP2 | 110 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 489 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 368 | Medium |
psiprobe.beans.ResourceResolverBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.ResourceResolverBean.getDatasourceMappers() may expose internal representation by returning ResourceResolverBean.datasourceMappers | MALICIOUS_CODE | EI_EXPOSE_REP | 248 | Medium |
| psiprobe.beans.ResourceResolverBean.setDatasourceMappers(List) may expose internal representation by storing an externally mutable object into ResourceResolverBean.datasourceMappers | MALICIOUS_CODE | EI_EXPOSE_REP2 | 257 | Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection | SECURITY | LDAP_INJECTION | 229 | Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection | SECURITY | LDAP_INJECTION | 156 | Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection | SECURITY | LDAP_INJECTION | 199 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 114 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 206 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 331 | Medium |
psiprobe.beans.RuntimeInfoAccessorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 84 | Medium |
psiprobe.beans.accessors.OracleDatasourceAccessorTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.beans.accessors.OracleDatasourceAccessorTest.getInfoTest() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 76 | Medium |
psiprobe.beans.accessors.OracleDatasourceAccessorTest$1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.beans.accessors.OracleDatasourceAccessorTest$1 at new psiprobe.beans.accessors.OracleDatasourceAccessorTest$1(OracleDatasourceAccessorTest) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 78 | Medium |
psiprobe.beans.stats.collectors.AbstractStatsCollectorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.getListeners() may expose internal representation by returning AbstractStatsCollectorBean.listeners | MALICIOUS_CODE | EI_EXPOSE_REP | 89 | Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.getStatsCollection() may expose internal representation by returning AbstractStatsCollectorBean.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP | 53 | Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.setListeners(List) may expose internal representation by storing an externally mutable object into AbstractStatsCollectorBean.listeners | MALICIOUS_CODE | EI_EXPOSE_REP2 | 98 | Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into AbstractStatsCollectorBean.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP2 | 62 | Medium |
psiprobe.beans.stats.collectors.AppStatsCollectorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.getContainerWrapper() may expose internal representation by returning AppStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 54 | Medium |
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into AppStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 63 | Medium |
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.setServletContext(ServletContext) may expose internal representation by storing an externally mutable object into AppStatsCollectorBean.servletContext | MALICIOUS_CODE | EI_EXPOSE_REP2 | 96 | Medium |
psiprobe.beans.stats.collectors.ClusterStatsCollectorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.collectors.ClusterStatsCollectorBean.getContainerWrapper() may expose internal representation by returning ClusterStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 42 | Medium |
| psiprobe.beans.stats.collectors.ClusterStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into ClusterStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean.getListenerBean() may expose internal representation by returning ConnectorStatsCollectorBean.listenerBean | MALICIOUS_CODE | EI_EXPOSE_REP | 36 | Medium |
| psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean.setListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ConnectorStatsCollectorBean.listenerBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean.getContainerWrapper() may expose internal representation by returning DatasourceStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
| psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into DatasourceStatsCollectorBean.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 59 | Medium |
psiprobe.beans.stats.listeners.AbstractStatsCollectionListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Empty method psiprobe.beans.stats.listeners.AbstractStatsCollectionListener.reset() could be declared abstract | STYLE | ACEM_ABSTRACT_CLASS_EMPTY_METHODS | 119 | Medium |
| To prevent illegal usage, logger should be private field. Change this field (logger) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
psiprobe.beans.stats.listeners.AbstractThresholdListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 143 | Medium |
psiprobe.beans.stats.listeners.FlapListenerTests
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultHighWeight; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 37 | Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultInterval; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 25 | Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultLowWeight; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 34 | Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultStartThreshold; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 28 | Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultStopThreshold; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 31 | Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultThreshold; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 22 | Medium |
psiprobe.beans.stats.listeners.MemoryPoolMailingListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.listeners.MemoryPoolMailingListener.getMailer() may expose internal representation by returning MemoryPoolMailingListener.mailer | MALICIOUS_CODE | EI_EXPOSE_REP | 64 | Medium |
| psiprobe.beans.stats.listeners.MemoryPoolMailingListener.setMailer(Mailer) may expose internal representation by storing an externally mutable object into MemoryPoolMailingListener.mailer | MALICIOUS_CODE | EI_EXPOSE_REP2 | 73 | Medium |
psiprobe.beans.stats.listeners.StatsCollectionEvent
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.listeners.StatsCollectionEvent.getData() may expose internal representation by returning StatsCollectionEvent.data | MALICIOUS_CODE | EI_EXPOSE_REP | 79 | Medium |
| new psiprobe.beans.stats.listeners.StatsCollectionEvent(String, XYDataItem) may expose internal representation by storing an externally mutable object into StatsCollectionEvent.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 41 | Medium |
| psiprobe.beans.stats.listeners.StatsCollectionEvent.setData(XYDataItem) may expose internal representation by storing an externally mutable object into StatsCollectionEvent.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 88 | Medium |
psiprobe.beans.stats.listeners.ThresholdListenerTests
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unread field: psiprobe.beans.stats.listeners.ThresholdListenerTests.defaultThreshold; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 22 | Medium |
psiprobe.beans.stats.providers.AbstractSeriesProvider
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To prevent illegal usage, logger should be private field. Change this field (logger) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
psiprobe.beans.stats.providers.ConnectorSeriesProvider
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 50 | Medium |
psiprobe.beans.stats.providers.StandardSeriesProvider
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.beans.stats.providers.StandardSeriesProvider.getStatNames() may expose internal representation by returning StandardSeriesProvider.statNames | MALICIOUS_CODE | EI_EXPOSE_REP | 40 | Medium |
| psiprobe.beans.stats.providers.StandardSeriesProvider.setStatNames(List) may expose internal representation by storing an externally mutable object into StandardSeriesProvider.statNames | MALICIOUS_CODE | EI_EXPOSE_REP2 | 49 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 60 | Medium |
psiprobe.controllers.AbstractContextHandlerController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.AbstractContextHandlerController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 41 | Medium |
psiprobe.controllers.AbstractTomcatContainerController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.AbstractTomcatContainerController.getContainerWrapper() may expose internal representation by returning AbstractTomcatContainerController.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP | 54 | Medium |
| psiprobe.controllers.AbstractTomcatContainerController.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into AbstractTomcatContainerController.containerWrapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 63 | Medium |
| To prevent illegal usage, logger should be private field. Change this field (logger) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
psiprobe.controllers.BeanToXmlController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.BeanToXmlController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 73 | Medium |
| Possible null pointer dereference in psiprobe.controllers.BeanToXmlController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 76 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 63 | High |
| Method psiprobe.controllers.BeanToXmlController.setXmlMarker(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 56 | Medium |
psiprobe.controllers.DecoratorController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.controllers.DecoratorController.handleRequestInternal(HttpServletRequest, HttpServletResponse) calls InetAddress.getLocalHost(), which may be a security risk | CORRECTNESS | MDM_INETADDRESS_GETLOCALHOST | 70 | Medium |
| Possible null pointer dereference in psiprobe.controllers.DecoratorController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 76 | Medium |
| Possible null pointer dereference in psiprobe.controllers.DecoratorController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 85 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 62 | High |
| Method psiprobe.controllers.DecoratorController.setMessagesBasename(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 55 | Medium |
psiprobe.controllers.RememberVisibilityController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 40 | High |
psiprobe.controllers.RenderChartController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.RenderChartController.getStatsCollection() may expose internal representation by returning RenderChartController.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP | 74 | Medium |
| psiprobe.controllers.RenderChartController.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into RenderChartController.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP2 | 83 | Medium |
| Possible null pointer dereference in psiprobe.controllers.RenderChartController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 146 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 90 | High |
| Method psiprobe.controllers.RenderChartController.setStatsCollection(StatsCollection) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 83 | Medium |
psiprobe.controllers.WhoisController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.WhoisController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 157 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.WhoisController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 157 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 132 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 154 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 116 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 157 | Medium |
| Method psiprobe.controllers.WhoisController.setDefaultPort(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 109 | Medium |
| Method psiprobe.controllers.WhoisController.setDefaultServer(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 90 | Medium |
| Method psiprobe.controllers.WhoisController.setLookupTimeout(long) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 71 | Medium |
psiprobe.controllers.apps.AbstractNoSelfContextHandlerController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.AbstractNoSelfContextHandlerController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 63 | Medium |
psiprobe.controllers.apps.AjaxReloadContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.AjaxReloadContextController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 56 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 56 | High |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 63 | Medium |
psiprobe.controllers.apps.AjaxToggleContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.AjaxToggleContextController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 57 | Medium |
| Possible null pointer dereference in psiprobe.controllers.apps.AjaxToggleContextController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 62 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 57 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 62 | High |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 70 | Medium |
psiprobe.controllers.apps.AjaxUptimeController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.AjaxUptimeController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 54 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 54 | Medium |
psiprobe.controllers.apps.AllAppStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.AllAppStatsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 71 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 65 | High |
| Method psiprobe.controllers.apps.AllAppStatsController.setCollectionPeriod(long) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 48 | Medium |
| Method psiprobe.controllers.apps.AllAppStatsController.setCollectionPeriod(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 58 | Medium |
psiprobe.controllers.apps.BaseDownloadXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 83 | Medium |
psiprobe.controllers.apps.BaseGetApplicationController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.apps.BaseGetApplicationController.getStatsCollection() may expose internal representation by returning BaseGetApplicationController.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP | 67 | Medium |
| psiprobe.controllers.apps.BaseGetApplicationController.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into BaseGetApplicationController.statsCollection | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
| Possible null pointer dereference in psiprobe.controllers.apps.BaseGetApplicationController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 102 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 113 | Medium |
psiprobe.controllers.apps.BaseReloadContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.BaseReloadContextController.executeAction(String) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 37 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 37 | High |
psiprobe.controllers.apps.BaseStartContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.BaseStartContextController.executeAction(String) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 34 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 34 | High |
psiprobe.controllers.apps.BaseStopContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.BaseStopContextController.executeAction(String) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 34 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 34 | High |
psiprobe.controllers.apps.BaseViewXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.BaseViewXmlConfController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 105 | Medium |
| Possible null pointer dereference in psiprobe.controllers.apps.BaseViewXmlConfController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 114 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 103 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 98 | Medium |
psiprobe.controllers.apps.DownloadContextXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.DownloadWebXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.GetApplicationProcDetailsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.GetApplicationRequestDetailsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.GetApplicationRuntimeInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.GetApplicationSummaryController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.apps.ListAppAttributesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.ListAppAttributesController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 49 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 47 | Medium |
psiprobe.controllers.apps.ListAppInitParamsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.apps.ListAppInitParamsController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 45 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 36 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 44 | Medium |
psiprobe.controllers.apps.ListApplicationResourcesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 34 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 42 | Medium |
psiprobe.controllers.apps.ListWebappsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Do not catch NullPointerException like in psiprobe.controllers.apps.ListWebappsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | STYLE | DCN_NULLPOINTER_EXCEPTION | 54 | Medium |
| Possible null pointer dereference in psiprobe.controllers.apps.ListWebappsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 49 | Medium |
| Possible null pointer dereference in psiprobe.controllers.apps.ListWebappsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 56 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 70 | Medium |
psiprobe.controllers.apps.ReloadContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.ReloadSummaryContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.RemoveApplicationAttributeController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 36 | High |
psiprobe.controllers.apps.ResetAppStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.apps.ResetAppStatsController.getStatsCollector() may expose internal representation by returning ResetAppStatsController.statsCollector | MALICIOUS_CODE | EI_EXPOSE_REP | 36 | Medium |
| psiprobe.controllers.apps.ResetAppStatsController.setStatsCollector(AppStatsCollectorBean) may expose internal representation by storing an externally mutable object into ResetAppStatsController.statsCollector | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
| Method psiprobe.controllers.apps.ResetAppStatsController.setStatsCollector(AppStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 45 | Medium |
psiprobe.controllers.apps.StartContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.StartSummaryContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.StopContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.StopSummaryContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.ViewContextXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.apps.ViewWebXmlConfController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.certificates.ListCertificatesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 208 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 214 | Medium |
| Method psiprobe.controllers.certificates.ListCertificatesController.toConnectorInfo(AbstractHttp11JsseProtocol) uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 247 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 62 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 69 | Medium |
| Method psiprobe.controllers.certificates.ListCertificatesController.getStoreInputStream(String) constructs a File object, merely to convert it to a Path object | CORRECTNESS | UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH | 210 | Medium |
| Method psiprobe.controllers.certificates.ListCertificatesController.getStoreInputStream(String) constructs a File object, merely to convert it to a Path object | CORRECTNESS | UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH | 216 | Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. | SECURITY | URLCONNECTION_SSRF_FD | 223 | Medium |
psiprobe.controllers.certificates.SslHostConfigHelper
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| JavaBeans property name populated with user controlled parameters | SECURITY | BEAN_PROPERTY_INJECTION | 89 | Medium |
| JavaBeans property name populated with user controlled parameters | SECURITY | BEAN_PROPERTY_INJECTION | 64 | Medium |
| Exception thrown in class psiprobe.controllers.certificates.SslHostConfigHelper at new psiprobe.controllers.certificates.SslHostConfigHelper(AbstractHttp11JsseProtocol, ConnectorInfo) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 46 | Medium |
psiprobe.controllers.cluster.BaseClusterStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 100 | Medium |
psiprobe.controllers.cluster.ClusterMembersStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.cluster.ClusterRequestsStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.cluster.ClusterStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 49 | High |
psiprobe.controllers.cluster.ClusterTrafficStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.connectors.BaseGetConnectorController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.connectors.BaseGetConnectorController.getContainerListenerBean() may expose internal representation by returning BaseGetConnectorController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP | 41 | Medium |
| psiprobe.controllers.connectors.BaseGetConnectorController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into BaseGetConnectorController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 50 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.connectors.BaseGetConnectorController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 69 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 69 | Medium |
psiprobe.controllers.connectors.GetConnectorProcTimeController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.connectors.GetConnectorRequestController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.connectors.GetConnectorTrafficController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.connectors.ListConnectorsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.connectors.ListConnectorsController.getContainerListenerBean() may expose internal representation by returning ListConnectorsController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP | 52 | Medium |
| psiprobe.controllers.connectors.ListConnectorsController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ListConnectorsController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 61 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 115 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 133 | Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setCollectionPeriod(long) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 79 | Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setCollectionPeriod(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 89 | Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setContainerListenerBean(ContainerListenerBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 61 | Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setIncludeRequestProcessors(boolean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 108 | Medium |
psiprobe.controllers.connectors.ResetConnectorStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.connectors.ResetConnectorStatsController.getCollectorBean() may expose internal representation by returning ResetConnectorStatsController.collectorBean | MALICIOUS_CODE | EI_EXPOSE_REP | 43 | Medium |
| psiprobe.controllers.connectors.ResetConnectorStatsController.setCollectorBean(ConnectorStatsCollectorBean) may expose internal representation by storing an externally mutable object into ResetConnectorStatsController.collectorBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 59 | High |
| Method psiprobe.controllers.connectors.ResetConnectorStatsController.setCollectorBean(ConnectorStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 52 | Medium |
psiprobe.controllers.connectors.ToggleConnectorStatusController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.connectors.ToggleConnectorStatusController.getCollectorBean() may expose internal representation by returning ToggleConnectorStatusController.collectorBean | MALICIOUS_CODE | EI_EXPOSE_REP | 54 | Medium |
| psiprobe.controllers.connectors.ToggleConnectorStatusController.setCollectorBean(ConnectorStatsCollectorBean) may expose internal representation by storing an externally mutable object into ToggleConnectorStatusController.collectorBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 63 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 70 | High |
| Method psiprobe.controllers.connectors.ToggleConnectorStatusController.setCollectorBean(ConnectorStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 63 | Medium |
psiprobe.controllers.connectors.ZoomChartController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.connectors.ZoomChartController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 71 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 65 | High |
| Method psiprobe.controllers.connectors.ZoomChartController.setCollectionPeriod(long) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 48 | Medium |
| Method psiprobe.controllers.connectors.ZoomChartController.setCollectionPeriod(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 58 | Medium |
psiprobe.controllers.datasources.ListAllJdbcResourceGroupsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 81 | Medium |
psiprobe.controllers.datasources.ListAllJdbcResourcesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 36 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 50 | Medium |
psiprobe.controllers.datasources.ResetDataSourceController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.datasources.ResetDataSourceController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 88 | Medium |
| Possible null pointer dereference in psiprobe.controllers.datasources.ResetDataSourceController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 93 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 89 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 65 | High |
| Method psiprobe.controllers.datasources.ResetDataSourceController.setReplacePattern(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 58 | Medium |
psiprobe.controllers.deploy.BaseUndeployContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.deploy.BaseUndeployContextController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 62 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.BaseUndeployContextController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 70 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 70 | High |
psiprobe.controllers.deploy.CopySingleFileController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Do not catch NullPointerException like in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | STYLE | DCN_NULLPOINTER_EXCEPTION | 75 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 77 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 127 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 165 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 171 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 178 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 182 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 185 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 188 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 192 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 195 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 151 | Medium |
| Method psiprobe.controllers.deploy.CopySingleFileController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 111 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 165 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 171 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 178 | High |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 60 | High |
psiprobe.controllers.deploy.DeployConfigController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 32 | High |
psiprobe.controllers.deploy.DeployContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.deploy.DeployContextController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 50 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.DeployContextController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 55 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.DeployContextController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 59 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 55 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 63 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.deploy.DeployController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Do not catch NullPointerException like in psiprobe.controllers.deploy.DeployController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | STYLE | DCN_NULLPOINTER_EXCEPTION | 51 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.DeployController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 53 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 67 | Medium |
psiprobe.controllers.deploy.UndeployContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.deploy.UndeploySummaryContextController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.deploy.UploadWarController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 105 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 159 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 167 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 171 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 184 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 188 | Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 191 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 144 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 153 | Medium |
| Method psiprobe.controllers.deploy.UploadWarController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 89 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 167 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 171 | High |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 58 | High |
psiprobe.controllers.error.Error403Controller
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 99 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 108 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 110 | Medium |
| Method psiprobe.controllers.error.Error403Controller.setAjaxExtension(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 92 | Medium |
| Method psiprobe.controllers.error.Error403Controller.setAjaxViewName(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 73 | Medium |
| Method psiprobe.controllers.error.Error403Controller.setViewName(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 54 | Medium |
psiprobe.controllers.error.Error404Controller
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 32 | High |
psiprobe.controllers.filters.ListAppFilterMapsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 47 | Medium |
psiprobe.controllers.filters.ListAppFiltersController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 38 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 48 | Medium |
psiprobe.controllers.help.HelpApplicationsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.help.HelpDatasourceTestController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.help.HelpDatasourcesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.help.HelpSessionSearchController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.help.HelpThreads2Controller
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.help.HelpThreadsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.jsp.DiscardCompiledJspController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 35 | High |
psiprobe.controllers.jsp.DisplayJspController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 63 | Medium |
psiprobe.controllers.jsp.DownloadServletController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 50 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.jsp.RecompileJspController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 47 | High |
psiprobe.controllers.jsp.ViewServletSourceController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.jsp.ViewServletSourceController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 71 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 63 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 44 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 71 | Medium |
| Method psiprobe.controllers.jsp.ViewServletSourceController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) constructs a File object, merely to convert it to a Path object | CORRECTNESS | UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH | 65 | Medium |
psiprobe.controllers.jsp.ViewSourceController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 49 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 122 | Medium |
psiprobe.controllers.logs.AbstractLogHandlerController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.logs.AbstractLogHandlerController.getLogResolver() may expose internal representation by returning AbstractLogHandlerController.logResolver | MALICIOUS_CODE | EI_EXPOSE_REP | 44 | Medium |
| psiprobe.controllers.logs.AbstractLogHandlerController.setLogResolver(LogResolverBean) may expose internal representation by storing an externally mutable object into AbstractLogHandlerController.logResolver | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
psiprobe.controllers.logs.ChangeLogLevelController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 43 | High |
psiprobe.controllers.logs.DownloadLogController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 42 | High |
psiprobe.controllers.logs.FollowController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.logs.FollowController.handleLogFile(HttpServletRequest, HttpServletResponse, LogDestination) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 46 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 46 | Medium |
psiprobe.controllers.logs.FollowedFileInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.logs.FollowedFileInfoController.handleLogFile(HttpServletRequest, HttpServletResponse, LogDestination) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 39 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 39 | Medium |
psiprobe.controllers.logs.ListLogsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.logs.ListLogsController.getLogResolver() may expose internal representation by returning ListLogsController.logResolver | MALICIOUS_CODE | EI_EXPOSE_REP | 67 | Medium |
| psiprobe.controllers.logs.ListLogsController.setLogResolver(LogResolverBean) may expose internal representation by storing an externally mutable object into ListLogsController.logResolver | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
| Possible null pointer dereference in psiprobe.controllers.logs.ListLogsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 93 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 83 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 93 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 95 | Medium |
| Method psiprobe.controllers.logs.ListLogsController.setErrorView(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 58 | Medium |
| Method psiprobe.controllers.logs.ListLogsController.setLogResolver(LogResolverBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 76 | Medium |
psiprobe.controllers.logs.SetupFollowController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.logs.SetupFollowController.handleLogFile(HttpServletRequest, HttpServletResponse, LogDestination) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 45 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 36 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 45 | Medium |
psiprobe.controllers.oshi.OshiController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.controllers.oshi.OshiController.printCpu(CentralProcessor) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 341 | Medium |
| Method psiprobe.controllers.oshi.OshiController.printCpu(CentralProcessor) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 342 | Medium |
| Method psiprobe.controllers.oshi.OshiController.initialize() calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 164 | Medium |
| Method psiprobe.controllers.oshi.OshiController.printServices(OperatingSystem) calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 418 | Medium |
| Method psiprobe.controllers.oshi.OshiController.printServices(OperatingSystem) calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 424 | Medium |
| Class psiprobe.controllers.oshi.OshiController defines static field "psiprobe.controllers.oshi.OshiController.oshi" which appears to allow memory bloat | CORRECTNESS | PMB_POSSIBLE_MEMORY_BLOAT | Not available | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 106 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 114 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 131 | Medium |
psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.handleRequestInternal(HttpServletRequest, HttpServletResponse) is excessively complex, with a cyclomatic complexity of 53 | STYLE | CC_CYCLOMATIC_COMPLEXITY | 66 | Medium |
| psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.getContainerListenerBean() may expose internal representation by returning BaseTomcatAvailabilityController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
| psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into BaseTomcatAvailabilityController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 59 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 130 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 119 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 140 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 146 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 175 | Medium |
| Method psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.handleRequestInternal(HttpServletRequest, HttpServletResponse) constructs a File object, merely to convert it to a Path object | CORRECTNESS | UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH | 131 | Medium |
psiprobe.controllers.quickcheck.TomcatAvailabilityController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.quickcheck.TomcatAvailabilityXmlController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.servlets.ListServletMapsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 40 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 60 | Medium |
psiprobe.controllers.servlets.ListServletsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 67 | Medium |
psiprobe.controllers.servlets.ServletsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 32 | High |
psiprobe.controllers.sessions.ExpireSessionController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.sessions.ExpireSessionsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
psiprobe.controllers.sessions.ListSessionAttributesController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.sessions.ListSessionAttributesController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 45 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 38 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 55 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 57 | Medium |
psiprobe.controllers.sessions.ListSessionsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.controllers.sessions.ListSessionsController uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 125 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sessions.ListSessionsController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 58 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 50 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 130 | Medium |
psiprobe.controllers.sessions.RemoveSessAttributeController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
psiprobe.controllers.sql.CachedRecordSetController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.controllers.sql.CachedRecordSetController uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 71 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 59 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 67 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 79 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 87 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 87 | High |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.sql.CachedRecordSetController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 87 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 45 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 87 | Medium |
psiprobe.controllers.sql.ConnectionTestController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.sql.ConnectionTestController.addDbMetaDataEntry(Collection, String, String) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 121 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ConnectionTestController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 67 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ConnectionTestController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 73 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ConnectionTestController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 97 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 99 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 69 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 53 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 94 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 104 | Medium |
psiprobe.controllers.sql.DataSourceTestController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.sql.DataSourceTestController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 75 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 52 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 75 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setCollectionPeriod(long) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 100 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setCollectionPeriod(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 110 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setHistorySize(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 167 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setMaxRows(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 129 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setReplacePattern(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 186 | Medium |
| Method psiprobe.controllers.sql.DataSourceTestController.setRowsPerPage(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 148 | Medium |
psiprobe.controllers.sql.ExecuteSqlController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.controllers.sql.ExecuteSqlController uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 84 | Medium |
| Class psiprobe.controllers.sql.ExecuteSqlController uses non owned variables to synchronize on | STYLE | NOS_NON_OWNED_SYNCHRONIZATION | 163 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 69 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 102 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 108 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 138 | Medium |
| Possible null pointer dereference in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 174 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 167 | Medium |
| Method psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 148 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 175 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 104 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 57 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 71 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 167 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 180 | Medium |
| This use of java/sql/Connection.prepareStatement(Ljava/lang/String;)Ljava/sql/PreparedStatement; can be vulnerable to SQL injection (with JDBC) | SECURITY | SQL_INJECTION_JDBC | 119 | Medium |
| Method psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 146 | Medium |
psiprobe.controllers.sql.QueryHistoryController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.sql.QueryHistoryController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 56 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.sql.QueryHistoryController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 56 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 37 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 56 | Medium |
psiprobe.controllers.sql.QueryHistoryItemController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 68 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 43 | High |
psiprobe.controllers.system.AdviseGarbageCollectionController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.system.AdviseGarbageCollectionController.handleRequestInternal(HttpServletRequest, HttpServletResponse) forces garbage collection; extremely dubious except in benchmarking code | PERFORMANCE | DM_GC | 82 | High |
| Method psiprobe.controllers.system.AdviseGarbageCollectionController.handleRequestInternal(HttpServletRequest, HttpServletResponse) triggers finalization when calling Runtime.runFinalization() | CORRECTNESS | MDM_RUNFINALIZATION | 79 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 62 | High |
| Method psiprobe.controllers.system.AdviseGarbageCollectionController.setReplacePattern(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 55 | Medium |
psiprobe.controllers.system.BaseMemoryStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.system.BaseMemoryStatsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 74 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 74 | Medium |
psiprobe.controllers.system.BaseSysInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.system.BaseSysInfoController.getFilterOutKeys() may expose internal representation by returning BaseSysInfoController.filterOutKeys | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
| psiprobe.controllers.system.BaseSysInfoController.setFilterOutKeys(List) may expose internal representation by storing an externally mutable object into BaseSysInfoController.filterOutKeys | MALICIOUS_CODE | EI_EXPOSE_REP2 | 59 | Medium |
| Possible null pointer dereference in psiprobe.controllers.system.BaseSysInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 113 | Medium |
| Method psiprobe.controllers.system.BaseSysInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 110 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 121 | Medium |
psiprobe.controllers.system.MemoryStatsAjaxController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.system.MemoryStatsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 43 | High |
psiprobe.controllers.system.OsInfoAjaxController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.system.OsInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 33 | High |
psiprobe.controllers.system.SysInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 31 | High |
psiprobe.controllers.system.SysPropsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
psiprobe.controllers.threads.GetClassLoaderUrlsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.threads.GetClassLoaderUrlsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 66 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 43 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 66 | Medium |
psiprobe.controllers.threads.ImplSelectorController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 79 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 87 | Medium |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 89 | Medium |
| Method psiprobe.controllers.threads.ImplSelectorController.setImpl1Controller(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 53 | Medium |
| Method psiprobe.controllers.threads.ImplSelectorController.setImpl2Controller(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 72 | Medium |
psiprobe.controllers.threads.KillThreadController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 58 | High |
| Method psiprobe.controllers.threads.KillThreadController.setReplacePattern(String) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 51 | Medium |
psiprobe.controllers.threads.ListSunThreadsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.threads.ListSunThreadsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 99 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.threads.ListSunThreadsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 99 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 45 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 99 | Medium |
psiprobe.controllers.threads.ListThreadPoolsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.controllers.threads.ListThreadPoolsController.getContainerListenerBean() may expose internal representation by returning ListThreadPoolsController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP | 44 | Medium |
| psiprobe.controllers.threads.ListThreadPoolsController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ListThreadPoolsController.containerListenerBean | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 60 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 68 | Medium |
| Method psiprobe.controllers.threads.ListThreadPoolsController.setContainerListenerBean(ContainerListenerBean) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 53 | Medium |
psiprobe.controllers.threads.ListThreadsController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.controllers.threads.ListThreadsController.enumerateThreads(Map) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 106 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 41 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 60 | Medium |
psiprobe.controllers.threads.ThreadStackController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Collection variable stack is named with a different type of collection in the name | STYLE | CNC_COLLECTION_NAMING_CONFUSION | 97 | Medium |
| Possible null pointer dereference in psiprobe.controllers.threads.ThreadStackController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 120 | Medium |
| Null passed for non-null parameter of new org.springframework.web.servlet.ModelAndView(String, String, Object) in psiprobe.controllers.threads.ThreadStackController.handleRequestInternal(HttpServletRequest, HttpServletResponse) | CORRECTNESS | NP_NULL_PARAM_DEREF | 120 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 68 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 120 | Medium |
| Method psiprobe.controllers.threads.ThreadStackController.setStackElementCount(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 61 | Medium |
psiprobe.controllers.truststore.TrustStoreController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 75 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 54 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 94 | Medium |
psiprobe.controllers.wrapper.RestartJvmController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.wrapper.RestartJvmController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 56 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 54 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 56 | Medium |
psiprobe.controllers.wrapper.StopJvmController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.wrapper.StopJvmController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 77 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 75 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 60 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 77 | Medium |
| Method psiprobe.controllers.wrapper.StopJvmController.setStopExitCode(int) of Singleton class writes to a field in an unsynchronized manner | CORRECTNESS | USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES | 53 | Medium |
psiprobe.controllers.wrapper.ThreadDumpController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.wrapper.ThreadDumpController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 56 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 54 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 39 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 56 | Medium |
psiprobe.controllers.wrapper.WrapperInfoController
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.controllers.wrapper.WrapperInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 69 | Medium |
| Method psiprobe.controllers.wrapper.WrapperInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 54 | Medium |
| Method psiprobe.controllers.wrapper.WrapperInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 56 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 66 | Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks | SECURITY | SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING | 40 | High |
| ModelAndView populated with user controlled parameters | SECURITY | SPRING_FILE_DISCLOSURE | 69 | Medium |
psiprobe.jfreechart.XYLine3DRenderer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.jfreechart.XYLine3DRenderer defines equals but not hashCode | BAD_PRACTICE | HE_EQUALS_NO_HASHCODE | 245-256 | Medium |
| Class psiprobe.jfreechart.XYLine3DRenderer defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.jsp.VisualScoreTag
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.jsp.VisualScoreTag defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.jsp.VisualScoreTagTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.jsp.VisualScoreTagTest.callCalculateSuffix(int, int, int, int) excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 120-136 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 99 | High |
psiprobe.mappers.AjaxDecoratorMapperTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.mappers.AjaxDecoratorMapperTest.ajaxDecoratorMapperTest() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 74 | Medium |
psiprobe.model.ApplicationResource
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.ApplicationResource.getDataSourceInfo() may expose internal representation by returning ApplicationResource.dataSourceInfo | MALICIOUS_CODE | EI_EXPOSE_REP | 159 | Medium |
| psiprobe.model.ApplicationResource.setDataSourceInfo(DataSourceInfo) may expose internal representation by storing an externally mutable object into ApplicationResource.dataSourceInfo | MALICIOUS_CODE | EI_EXPOSE_REP2 | 168 | Medium |
psiprobe.model.ApplicationSession
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.ApplicationSession.getAttributes() may expose internal representation by returning ApplicationSession.attributes | MALICIOUS_CODE | EI_EXPOSE_REP | 206 | Medium |
| psiprobe.model.ApplicationSession.setAttributes(List) may expose internal representation by storing an externally mutable object into ApplicationSession.attributes | MALICIOUS_CODE | EI_EXPOSE_REP2 | 215 | Medium |
psiprobe.model.Connector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.Connector.getRequestProcessors() may expose internal representation by returning Connector.requestProcessors | MALICIOUS_CODE | EI_EXPOSE_REP | 195 | Medium |
| psiprobe.model.Connector.setRequestProcessors(List) may expose internal representation by storing an externally mutable object into Connector.requestProcessors | MALICIOUS_CODE | EI_EXPOSE_REP2 | 204 | Medium |
psiprobe.model.DisconnectedLogDestination
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.DisconnectedLogDestination.getApplication() may expose internal representation by returning DisconnectedLogDestination.application | MALICIOUS_CODE | EI_EXPOSE_REP | 98 | Medium |
psiprobe.model.SessionSearchInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 326 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 378 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 426 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 462 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 498 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 534 | Medium |
psiprobe.model.SunThread
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.SunThread.getExecutionPoint() may expose internal representation by returning SunThread.executionPoint | MALICIOUS_CODE | EI_EXPOSE_REP | 237 | Medium |
| psiprobe.model.SunThread.setExecutionPoint(ThreadStackElement) may expose internal representation by storing an externally mutable object into SunThread.executionPoint | MALICIOUS_CODE | EI_EXPOSE_REP2 | 246 | Medium |
psiprobe.model.SystemInformation
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.SystemInformation.getSystemProperties() may expose internal representation by returning SystemInformation.systemProperties | MALICIOUS_CODE | EI_EXPOSE_REP | 143 | Medium |
| psiprobe.model.SystemInformation.setSystemProperties(Map) may expose internal representation by storing an externally mutable object into SystemInformation.systemProperties | MALICIOUS_CODE | EI_EXPOSE_REP2 | 152 | Medium |
psiprobe.model.certificates.Cert
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.model.certificates.Cert defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.model.certificates.CertificateInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.model.certificates.CertificateInfo defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.model.certificates.ConnectorInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.model.certificates.ConnectorInfo defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.model.certificates.SslHostConfigInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.model.certificates.SslHostConfigInfo defines a computed serialVersionUID that doesn't equate to the calculated value | CORRECTNESS | IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID | Not available | Medium |
psiprobe.model.jmx.ThreadPoolObjectName
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.jmx.ThreadPoolObjectName.getGlobalRequestProcessorName() may expose internal representation by returning ThreadPoolObjectName.globalRequestProcessorName | MALICIOUS_CODE | EI_EXPOSE_REP | 50 | Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.getThreadPoolName() may expose internal representation by returning ThreadPoolObjectName.threadPoolName | MALICIOUS_CODE | EI_EXPOSE_REP | 41 | Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.setGlobalRequestProcessorName(ObjectName) may expose internal representation by storing an externally mutable object into ThreadPoolObjectName.globalRequestProcessorName | MALICIOUS_CODE | EI_EXPOSE_REP2 | 78 | Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.setThreadPoolName(ObjectName) may expose internal representation by storing an externally mutable object into ThreadPoolObjectName.threadPoolName | MALICIOUS_CODE | EI_EXPOSE_REP2 | 69 | Medium |
psiprobe.model.jsp.Item
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.jsp.Item.getException() may expose internal representation by returning Item.exception | MALICIOUS_CODE | EI_EXPOSE_REP | 88 | Medium |
| psiprobe.model.jsp.Item.setException(Exception) may expose internal representation by storing an externally mutable object into Item.exception | MALICIOUS_CODE | EI_EXPOSE_REP2 | 97 | Medium |
psiprobe.model.sql.DataSourceTestInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.sql.DataSourceTestInfo.getQueryHistory() may expose internal representation by returning DataSourceTestInfo.queryHistory | MALICIOUS_CODE | EI_EXPOSE_REP | 89 | Medium |
| psiprobe.model.sql.DataSourceTestInfo.getResults() may expose internal representation by returning DataSourceTestInfo.results | MALICIOUS_CODE | EI_EXPOSE_REP | 71 | Medium |
| psiprobe.model.sql.DataSourceTestInfo.setResults(List) may expose internal representation by storing an externally mutable object into DataSourceTestInfo.results | MALICIOUS_CODE | EI_EXPOSE_REP2 | 80 | Medium |
psiprobe.model.stats.StatsCollection
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in psiprobe.model.stats.StatsCollection.setApplicationContext(ApplicationContext) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 376 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 352 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 223 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 224 | Medium |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 235 | Medium |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 236 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 240 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 244 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 246 | Medium |
psiprobe.model.wrapper.WrapperInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.model.wrapper.WrapperInfo.getProperties() may expose internal representation by returning WrapperInfo.properties | MALICIOUS_CODE | EI_EXPOSE_REP | 165 | Medium |
| psiprobe.model.wrapper.WrapperInfo.setProperties(Set) may expose internal representation by storing an externally mutable object into WrapperInfo.properties | MALICIOUS_CODE | EI_EXPOSE_REP2 | 174 | Medium |
psiprobe.tokenizer.StringTokenizer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constructor new psiprobe.tokenizer.StringTokenizer(String) makes call to non-final method | CORRECTNESS | PCOA_PARTIALLY_CONSTRUCTED_OBJECT_ACCESS | 40 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 57 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 67 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 77 | Medium |
psiprobe.tokenizer.Tokenizer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constructor new psiprobe.tokenizer.Tokenizer(Reader, int) makes call to non-final method | CORRECTNESS | PCOA_PARTIALLY_CONSTRUCTED_OBJECT_ACCESS | 95 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 406 | Medium |
psiprobe.tools.ApplicationUtils
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.tools.ApplicationUtils.getServletInfo(Wrapper, String) excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 372-390 | Medium |
| Method psiprobe.tools.ApplicationUtils.getApplication(Context, ResourceResolver, boolean, ContainerWrapperBean) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 146 | Medium |
| Method psiprobe.tools.ApplicationUtils.getApplicationDataSourceUsageScores(Context, ResourceResolver, ContainerWrapperBean) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 214 | Medium |
| Unconstrained method psiprobe.tools.ApplicationUtils.getApplicationDataSourceUsageScores(Context, ResourceResolver, ContainerWrapperBean) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 209 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 298 | Medium |
psiprobe.tools.AsyncSocketFactory
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 68 | Medium |
psiprobe.tools.AsyncSocketFactory$SocketRunnable
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 202 | Medium |
| Unencrypted socket to psiprobe.tools.AsyncSocketFactory$SocketRunnable (instead of SSLSocket) | SECURITY | UNENCRYPTED_SOCKET | 195 | Medium |
psiprobe.tools.AsyncSocketFactory$TimeoutRunnable
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 244 | Medium |
psiprobe.tools.BackwardsFileStream
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.BackwardsFileStream at new psiprobe.tools.BackwardsFileStream(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 38 | Medium |
psiprobe.tools.JmxTools
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 58 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 61 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 64 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 67 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 89 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 92 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 245 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 248 | Medium |
psiprobe.tools.LogOutputStream
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constructor new psiprobe.tools.LogOutputStream(Logger, int) declares a Logger parameter | CORRECTNESS | LO_SUSPECT_LOG_PARAMETER | 66-72 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 169 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 172 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 175 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 178 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 181 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 87 | Medium |
psiprobe.tools.LogOutputStreamTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Logger should be final field. Change this field (log) to final field. | STYLE | SLF4J_LOGGER_SHOULD_BE_FINAL | Not available | Medium |
| To prevent illegal usage, logger should be private field. Change this field (log) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
psiprobe.tools.MailMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constructor new psiprobe.tools.MailMessage(String, String, String) makes call to non-final method | CORRECTNESS | PCOA_PARTIALLY_CONSTRUCTED_OBJECT_ACCESS | 54 | Medium |
psiprobe.tools.SimpleAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.tools.SimpleAccessor.post(Field, boolean) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 85 | Medium |
| Method psiprobe.tools.SimpleAccessor.pre(Field) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 68 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 32 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 70 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 87 | Medium |
psiprobe.tools.SizeExpressionTests
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.tools.SizeExpressionTests.formatNoDecimalBase10Test() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 65-73 | Medium |
| Method psiprobe.tools.SizeExpressionTests.formatNoDecimalBase2Test() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 50-58 | Medium |
| Method psiprobe.tools.SizeExpressionTests.formatOneDecimalBase10Test() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 95-103 | Medium |
| Method psiprobe.tools.SizeExpressionTests.formatOneDecimalBase2Test() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 80-88 | Medium |
| Method psiprobe.tools.SizeExpressionTests.parseWithUnitTest() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 136-148 | Medium |
| Method psiprobe.tools.SizeExpressionTests.parseWithoutUnitTest() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 155-167 | Medium |
| Method psiprobe.tools.SizeExpressionTests.setUp() calls Locale.setDefault(), changing locale for all threads | MT_CORRECTNESS | MDM_SETDEFAULTLOCALE | 34 | Medium |
| Method psiprobe.tools.SizeExpressionTests.tearDown() calls Locale.setDefault(), changing locale for all threads | MT_CORRECTNESS | MDM_SETDEFAULTLOCALE | 42 | Medium |
psiprobe.tools.Whois$Response
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.Whois$Response.getData() may expose internal representation by returning Whois$Response.data | MALICIOUS_CODE | EI_EXPOSE_REP | 177 | Medium |
psiprobe.tools.logging.DefaultAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.DefaultAccessor.getApplication() may expose internal representation by returning DefaultAccessor.application | MALICIOUS_CODE | EI_EXPOSE_REP | 43 | Medium |
| psiprobe.tools.logging.DefaultAccessor.setApplication(Application) may expose internal representation by storing an externally mutable object into DefaultAccessor.application | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
| Class psiprobe.tools.logging.DefaultAccessor defines a non private logger using a static class context | CORRECTNESS | LO_NON_PRIVATE_STATIC_LOGGER | 29 | Medium |
| To prevent illegal usage, logger should be private field. Change this field (logger) to private field. | STYLE | SLF4J_LOGGER_SHOULD_BE_PRIVATE | Not available | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 101 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 137 | Medium |
psiprobe.tools.logging.catalina.CatalinaLoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 48 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 50 | Medium |
psiprobe.tools.logging.commons.AbstractLoggerAccessorVisitor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method psiprobe.tools.logging.commons.AbstractLoggerAccessorVisitor.visit() orders expressions in a conditional in a sub optimal way | PERFORMANCE | SEO_SUBOPTIMAL_EXPRESSION_ORDER | 44 | Medium |
psiprobe.tools.logging.commons.GetAllDestinationsVisitor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.commons.GetAllDestinationsVisitor.getDestinations() may expose internal representation by returning GetAllDestinationsVisitor.destinations | MALICIOUS_CODE | EI_EXPOSE_REP | 34 | Medium |
psiprobe.tools.logging.jdk.Jdk14HandlerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.jdk.Jdk14HandlerAccessor.getLoggerAccessor() may expose internal representation by returning Jdk14HandlerAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 34 | Medium |
| psiprobe.tools.logging.jdk.Jdk14HandlerAccessor.setLoggerAccessor(Jdk14LoggerAccessor) may expose internal representation by storing an externally mutable object into Jdk14HandlerAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 43 | Medium |
psiprobe.tools.logging.jdk.Jdk14LoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.tools.logging.jdk.Jdk14LoggerAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 27-220 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 112 | Medium |
psiprobe.tools.logging.jdk.Jdk14ManagerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.jdk.Jdk14ManagerAccessor at new psiprobe.tools.logging.jdk.Jdk14ManagerAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 42 | Medium |
psiprobe.tools.logging.jdk.JuliHandlerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 29 | Medium |
psiprobe.tools.logging.log4j.Log4JAppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.log4j.Log4JAppenderAccessor.getLoggerAccessor() may expose internal representation by returning Log4JAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 31 | Medium |
| psiprobe.tools.logging.log4j.Log4JAppenderAccessor.setLoggerAccessor(Log4JLoggerAccessor) may expose internal representation by storing an externally mutable object into Log4JAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 40 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 80 | Medium |
psiprobe.tools.logging.log4j.Log4JLoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.tools.logging.log4j.Log4JLoggerAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 25-155 | Medium |
psiprobe.tools.logging.log4j.Log4JManagerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.log4j.Log4JManagerAccessor at new psiprobe.tools.logging.log4j.Log4JManagerAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 36 | Medium |
| Method psiprobe.tools.logging.log4j.Log4JManagerAccessor.getAppenders() allocates an object that is used in a constant way in a loop | PERFORMANCE | PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP | 112 | Medium |
psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor.getLoggerAccessor() may expose internal representation by returning Log4J2AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 31 | Medium |
| psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor.setLoggerAccessor(Log4J2LoggerConfigAccessor) may expose internal representation by storing an externally mutable object into Log4J2AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 40 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 82 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 108 | Medium |
psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor.setLoggerContext(Log4J2LoggerContextAccessor) may expose internal representation by storing an externally mutable object into Log4J2LoggerConfigAccessor.loggerContext | MALICIOUS_CODE | EI_EXPOSE_REP2 | 111 | Medium |
| Class psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 26-183 | Medium |
psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor at new psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 41 | Medium |
psiprobe.tools.logging.logback.LogbackAppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.logback.LogbackAppenderAccessor.getLoggerAccessor() may expose internal representation by returning LogbackAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 35 | Medium |
| psiprobe.tools.logging.logback.LogbackAppenderAccessor.setLoggerAccessor(LogbackLoggerAccessor) may expose internal representation by storing an externally mutable object into LogbackAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
psiprobe.tools.logging.logback.LogbackFactoryAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.logback.LogbackFactoryAccessor at new psiprobe.tools.logging.logback.LogbackFactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 48 | Medium |
| Method psiprobe.tools.logging.logback.LogbackFactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop | PERFORMANCE | PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP | 115 | Medium |
psiprobe.tools.logging.logback.LogbackLoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.tools.logging.logback.LogbackLoggerAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 28-194 | Medium |
psiprobe.tools.logging.logback13.Logback13AppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.logback13.Logback13AppenderAccessor.getLoggerAccessor() may expose internal representation by returning Logback13AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 35 | Medium |
| psiprobe.tools.logging.logback13.Logback13AppenderAccessor.setLoggerAccessor(Logback13LoggerAccessor) may expose internal representation by storing an externally mutable object into Logback13AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
psiprobe.tools.logging.logback13.Logback13FactoryAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.logback13.Logback13FactoryAccessor at new psiprobe.tools.logging.logback13.Logback13FactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 52 | Medium |
| Method new psiprobe.tools.logging.logback13.Logback13FactoryAccessor(ClassLoader) declares RuntimeException in throws clause | STYLE | DRE_DECLARED_RUNTIME_EXCEPTION | 49-75 | Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop | PERFORMANCE | PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP | 129 | Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 161 | Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 163 | Medium |
psiprobe.tools.logging.logback13.Logback13LoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.tools.logging.logback13.Logback13LoggerAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 28-192 | Medium |
psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor.getLoggerAccessor() may expose internal representation by returning TomcatSlf4jLogbackAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 35 | Medium |
| psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor.setLoggerAccessor(TomcatSlf4jLogbackLoggerAccessor) may expose internal representation by storing an externally mutable object into TomcatSlf4jLogbackAppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
| Class psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 24-134 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor at new psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 49 | Medium |
| Method psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop | PERFORMANCE | PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP | 120 | Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor.getLoggerAccessor() may expose internal representation by returning TomcatSlf4jLogback13AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP | 35 | Medium |
| psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor.setLoggerAccessor(TomcatSlf4jLogback13LoggerAccessor) may expose internal representation by storing an externally mutable object into TomcatSlf4jLogback13AppenderAccessor.loggerAccessor | MALICIOUS_CODE | EI_EXPOSE_REP2 | 44 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor at new psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 53 | Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop | PERFORMANCE | PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP | 134 | Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 166 | Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 168 | Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13LoggerAccessor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13LoggerAccessor has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 28-201 | Medium |
psiprobe.tools.url.UrlParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class psiprobe.tools.url.UrlParser at new psiprobe.tools.url.UrlParser(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 47 | Medium |
| Method new psiprobe.tools.url.UrlParser(String) throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 75 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 74 | Medium |