SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.8
Threshold is medium
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 495 |
536 |
0 |
0 |
psiprobe.AbstractTomcatContainer
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.AbstractTomcatContainer.compileItem(String, Options, Context, JspRuntimeContext, Summary, URLClassLoader, int, boolean) accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
560 |
Medium |
| Class psiprobe.AbstractTomcatContainer uses non owned variables to synchronize on |
STYLE |
NOS_NON_OWNED_SYNCHRONIZATION |
413 |
Medium |
| Class psiprobe.AbstractTomcatContainer uses non owned variables to synchronize on |
STYLE |
NOS_NON_OWNED_SYNCHRONIZATION |
357 |
Medium |
| Method psiprobe.AbstractTomcatContainer.remove(String) appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
222 |
Medium |
|
To prevent illegal usage, logger should be private field. Change this field (logger) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
111 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
396 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
439 |
Medium |
psiprobe.ProbeConfig
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
195 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
218 |
Medium |
psiprobe.ProbeServlet
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.ProbeServlet.getWrapper() may expose internal representation by returning ProbeServlet.wrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
48 |
Medium |
| psiprobe.ProbeServlet.setWrapper(Wrapper) may expose internal representation by storing an externally mutable object into ProbeServlet.wrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
psiprobe.Utils
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in psiprobe.Utils.delete(File) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
130 |
Medium |
| java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder; is potentially injected into an XML string in method psiprobe.Utils.highlightStream(String, InputStream, String, String). |
SECURITY |
POTENTIAL_XML_INJECTION |
469 |
Medium |
| java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder; is potentially injected into an XML string in method psiprobe.Utils.highlightStream(String, InputStream, String, String). |
SECURITY |
POTENTIAL_XML_INJECTION |
471 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
341 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
351 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
565 |
Medium |
| This method psiprobe.Utils.getJspEncoding(InputStream) continues a loop after finding an equality condition |
CORRECTNESS |
SLS_SUSPICIOUS_LOOP_SEARCH |
288 |
Medium |
psiprobe.beans.ClusterWrapperBean
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.beans.ClusterWrapperBean.getCluster(String, String, boolean) excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
47-186 |
Medium |
| Method psiprobe.beans.ClusterWrapperBean.getCluster(String, String, boolean) uses instanceof on multiple types to arbitrate logic |
STYLE |
ITC_INHERITANCE_TYPE_CHECKING |
154 |
Medium |
psiprobe.beans.ClusterWrapperBeanTest
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.beans.ClusterWrapperBeanTest.testGetClusterReturnsClusterWhenJmxPresent() needlessly boxes a boolean constant |
PERFORMANCE |
NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION |
68 |
Medium |
psiprobe.beans.ContainerListenerBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.ContainerListenerBean.getContainerWrapper() may expose internal representation by returning ContainerListenerBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
78 |
Medium |
| psiprobe.beans.ContainerListenerBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into ContainerListenerBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
87 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
360 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
380 |
Medium |
psiprobe.beans.ContainerWrapperBean
| Bug |
Category |
Details |
Line |
Priority |
| Shared primitive variable "forceFirstAdapter" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
83 |
Medium |
| psiprobe.beans.ContainerWrapperBean.getAdapterClasses() may expose internal representation by returning ContainerWrapperBean.adapterClasses |
MALICIOUS_CODE |
EI_EXPOSE_REP |
156 |
Medium |
| psiprobe.beans.ContainerWrapperBean.getResourceResolvers() may expose internal representation by returning ContainerWrapperBean.resourceResolvers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
192 |
Medium |
| psiprobe.beans.ContainerWrapperBean.getTomcatContainer() may expose internal representation by returning ContainerWrapperBean.tomcatContainer |
MALICIOUS_CODE |
EI_EXPOSE_REP |
147 |
Medium |
| psiprobe.beans.ContainerWrapperBean.setAdapterClasses(List) may expose internal representation by storing an externally mutable object into ContainerWrapperBean.adapterClasses |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
165 |
Medium |
| psiprobe.beans.ContainerWrapperBean.setResourceResolvers(Map) may expose internal representation by storing an externally mutable object into ContainerWrapperBean.resourceResolvers |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
201 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
117 |
Medium |
psiprobe.beans.JBossResourceResolverBean
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.beans.JBossResourceResolverBean.resetResource(Context, String, ContainerWrapperBean) throws alternative exception from catch block without history |
CORRECTNESS |
LEST_LOST_EXCEPTION_STACK_TRACE |
179 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
178 |
Medium |
psiprobe.beans.LogResolverBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.LogResolverBean.getContainerWrapper() may expose internal representation by returning LogResolverBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
82 |
Medium |
| psiprobe.beans.LogResolverBean.getStdoutFiles() may expose internal representation by returning LogResolverBean.stdoutFiles |
MALICIOUS_CODE |
EI_EXPOSE_REP |
100 |
Medium |
| psiprobe.beans.LogResolverBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into LogResolverBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
91 |
Medium |
| psiprobe.beans.LogResolverBean.setStdoutFiles(List) may expose internal representation by storing an externally mutable object into LogResolverBean.stdoutFiles |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
111 |
Medium |
| Method psiprobe.beans.LogResolverBean.interrogateContext(Context, List) allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
338 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
359 |
Medium |
psiprobe.beans.LogResolverBeanTest
psiprobe.beans.ResourceResolverBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.ResourceResolverBean.getDatasourceMappers() may expose internal representation by returning ResourceResolverBean.datasourceMappers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
248 |
Medium |
| psiprobe.beans.ResourceResolverBean.setDatasourceMappers(List) may expose internal representation by storing an externally mutable object into ResourceResolverBean.datasourceMappers |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
257 |
Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection |
SECURITY |
LDAP_INJECTION |
229 |
Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection |
SECURITY |
LDAP_INJECTION |
156 |
Medium |
| This use of javax/naming/Context.lookup(Ljava/lang/String;)Ljava/lang/Object; can be vulnerable to LDAP injection |
SECURITY |
LDAP_INJECTION |
199 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
114 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
206 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
331 |
Medium |
psiprobe.beans.RuntimeInfoAccessorBean
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
84 |
Medium |
psiprobe.beans.stats.collectors.AbstractStatsCollectorBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.getListeners() may expose internal representation by returning AbstractStatsCollectorBean.listeners |
MALICIOUS_CODE |
EI_EXPOSE_REP |
89 |
Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.getStatsCollection() may expose internal representation by returning AbstractStatsCollectorBean.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP |
53 |
Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.setListeners(List) may expose internal representation by storing an externally mutable object into AbstractStatsCollectorBean.listeners |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
98 |
Medium |
| psiprobe.beans.stats.collectors.AbstractStatsCollectorBean.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into AbstractStatsCollectorBean.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
62 |
Medium |
psiprobe.beans.stats.collectors.AppStatsCollectorBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.getContainerWrapper() may expose internal representation by returning AppStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
54 |
Medium |
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into AppStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
63 |
Medium |
| psiprobe.beans.stats.collectors.AppStatsCollectorBean.setServletContext(ServletContext) may expose internal representation by storing an externally mutable object into AppStatsCollectorBean.servletContext |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
96 |
Medium |
psiprobe.beans.stats.collectors.ClusterStatsCollectorBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.collectors.ClusterStatsCollectorBean.getContainerWrapper() may expose internal representation by returning ClusterStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
42 |
Medium |
| psiprobe.beans.stats.collectors.ClusterStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into ClusterStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
51 |
Medium |
psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean.getListenerBean() may expose internal representation by returning ConnectorStatsCollectorBean.listenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.beans.stats.collectors.ConnectorStatsCollectorBean.setListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ConnectorStatsCollectorBean.listenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean.getContainerWrapper() may expose internal representation by returning DatasourceStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
50 |
Medium |
| psiprobe.beans.stats.collectors.DatasourceStatsCollectorBean.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into DatasourceStatsCollectorBean.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
59 |
Medium |
psiprobe.beans.stats.listeners.AbstractStatsCollectionListener
| Bug |
Category |
Details |
Line |
Priority |
| Empty method psiprobe.beans.stats.listeners.AbstractStatsCollectionListener.reset() could be declared abstract |
STYLE |
ACEM_ABSTRACT_CLASS_EMPTY_METHODS |
119 |
Medium |
|
To prevent illegal usage, logger should be private field. Change this field (logger) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
psiprobe.beans.stats.listeners.AbstractThresholdListener
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
145 |
Medium |
psiprobe.beans.stats.listeners.FlapListenerTests
| Bug |
Category |
Details |
Line |
Priority |
| Instance field psiprobe.beans.stats.listeners.FlapListenerTests.defaultInterval likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| Instance field psiprobe.beans.stats.listeners.FlapListenerTests.defaultThreshold likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultHighWeight; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
37 |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultInterval; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
25 |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultLowWeight; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
34 |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultStartThreshold; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
28 |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultStopThreshold; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
31 |
Medium |
| Unread field: psiprobe.beans.stats.listeners.FlapListenerTests.defaultThreshold; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
22 |
Medium |
psiprobe.beans.stats.listeners.MemoryPoolMailingListener
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.listeners.MemoryPoolMailingListener.getMailer() may expose internal representation by returning MemoryPoolMailingListener.mailer |
MALICIOUS_CODE |
EI_EXPOSE_REP |
64 |
Medium |
| psiprobe.beans.stats.listeners.MemoryPoolMailingListener.setMailer(Mailer) may expose internal representation by storing an externally mutable object into MemoryPoolMailingListener.mailer |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
73 |
Medium |
psiprobe.beans.stats.listeners.StatsCollectionEvent
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.listeners.StatsCollectionEvent.getData() may expose internal representation by returning StatsCollectionEvent.data |
MALICIOUS_CODE |
EI_EXPOSE_REP |
79 |
Medium |
| new psiprobe.beans.stats.listeners.StatsCollectionEvent(String, XYDataItem) may expose internal representation by storing an externally mutable object into StatsCollectionEvent.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
| psiprobe.beans.stats.listeners.StatsCollectionEvent.setData(XYDataItem) may expose internal representation by storing an externally mutable object into StatsCollectionEvent.data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
88 |
Medium |
psiprobe.beans.stats.listeners.ThresholdListenerTests
| Bug |
Category |
Details |
Line |
Priority |
| Instance field psiprobe.beans.stats.listeners.ThresholdListenerTests.defaultThreshold likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| Unread field: psiprobe.beans.stats.listeners.ThresholdListenerTests.defaultThreshold; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
22 |
Medium |
psiprobe.beans.stats.providers.AbstractSeriesProvider
| Bug |
Category |
Details |
Line |
Priority |
|
To prevent illegal usage, logger should be private field. Change this field (logger) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
psiprobe.beans.stats.providers.ConnectorSeriesProvider
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
50 |
Medium |
psiprobe.beans.stats.providers.MultipleSeriesProvider
| Bug |
Category |
Details |
Line |
Priority |
| Shared primitive variable "movingAvgFrame" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
99 |
Medium |
| Shared primitive variable "top" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
78 |
Medium |
psiprobe.beans.stats.providers.StandardSeriesProvider
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.beans.stats.providers.StandardSeriesProvider.getStatNames() may expose internal representation by returning StandardSeriesProvider.statNames |
MALICIOUS_CODE |
EI_EXPOSE_REP |
40 |
Medium |
| psiprobe.beans.stats.providers.StandardSeriesProvider.setStatNames(List) may expose internal representation by storing an externally mutable object into StandardSeriesProvider.statNames |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
49 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
60 |
Medium |
psiprobe.controllers.AbstractTomcatContainerController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.AbstractTomcatContainerController.getContainerWrapper() may expose internal representation by returning AbstractTomcatContainerController.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP |
48 |
Medium |
| psiprobe.controllers.AbstractTomcatContainerController.setContainerWrapper(ContainerWrapperBean) may expose internal representation by storing an externally mutable object into AbstractTomcatContainerController.containerWrapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
|
To prevent illegal usage, logger should be private field. Change this field (logger) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
psiprobe.controllers.BeanToXmlController
psiprobe.controllers.DecoratorController
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.controllers.DecoratorController.handleRequestInternal(HttpServletRequest, HttpServletResponse) calls InetAddress.getLocalHost(), which may be a security risk |
CORRECTNESS |
MDM_INETADDRESS_GETLOCALHOST |
70 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
62 |
High |
| Method psiprobe.controllers.DecoratorController.setMessagesBasename(String) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
55 |
Medium |
psiprobe.controllers.RememberVisibilityController
psiprobe.controllers.RenderChartController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.RenderChartController.getStatsCollection() may expose internal representation by returning RenderChartController.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
| psiprobe.controllers.RenderChartController.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into RenderChartController.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
90 |
High |
| Method psiprobe.controllers.RenderChartController.setStatsCollection(StatsCollection) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
83 |
Medium |
psiprobe.controllers.WhoisController
psiprobe.controllers.apps.AjaxReloadContextController
psiprobe.controllers.apps.AjaxToggleContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
57 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
62 |
High |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
41 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
70 |
Medium |
psiprobe.controllers.apps.AjaxUptimeController
| Bug |
Category |
Details |
Line |
Priority |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
54 |
Medium |
psiprobe.controllers.apps.AllAppStatsController
psiprobe.controllers.apps.BaseGetApplicationController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.apps.BaseGetApplicationController.getStatsCollection() may expose internal representation by returning BaseGetApplicationController.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP |
67 |
Medium |
| psiprobe.controllers.apps.BaseGetApplicationController.setStatsCollection(StatsCollection) may expose internal representation by storing an externally mutable object into BaseGetApplicationController.statsCollection |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
76 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
113 |
Medium |
psiprobe.controllers.apps.BaseReloadContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
37 |
High |
psiprobe.controllers.apps.BaseStartContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
34 |
High |
psiprobe.controllers.apps.BaseStopContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
34 |
High |
psiprobe.controllers.apps.BaseViewXmlConfController
| Bug |
Category |
Details |
Line |
Priority |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
99 |
Medium |
psiprobe.controllers.apps.DownloadContextXmlConfController
psiprobe.controllers.apps.DownloadWebXmlConfController
psiprobe.controllers.apps.GetApplicationProcDetailsController
psiprobe.controllers.apps.GetApplicationRequestDetailsController
psiprobe.controllers.apps.GetApplicationRuntimeInfoController
psiprobe.controllers.apps.GetApplicationSummaryController
psiprobe.controllers.apps.ListAppAttributesController
psiprobe.controllers.apps.ListAppInitParamsController
psiprobe.controllers.apps.ListApplicationResourcesController
psiprobe.controllers.apps.ListWebappsController
| Bug |
Category |
Details |
Line |
Priority |
| Do not catch NullPointerException like in psiprobe.controllers.apps.ListWebappsController.handleRequestInternal(HttpServletRequest, HttpServletResponse) |
STYLE |
DCN_NULLPOINTER_EXCEPTION |
54 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
41 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
70 |
Medium |
psiprobe.controllers.apps.ReloadContextController
psiprobe.controllers.apps.ReloadSummaryContextController
psiprobe.controllers.apps.RemoveApplicationAttributeController
psiprobe.controllers.apps.ResetAppStatsController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.apps.ResetAppStatsController.getStatsCollector() may expose internal representation by returning ResetAppStatsController.statsCollector |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.controllers.apps.ResetAppStatsController.setStatsCollector(AppStatsCollectorBean) may expose internal representation by storing an externally mutable object into ResetAppStatsController.statsCollector |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
| Method psiprobe.controllers.apps.ResetAppStatsController.setStatsCollector(AppStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
45 |
Medium |
psiprobe.controllers.apps.StartContextController
psiprobe.controllers.apps.StartSummaryContextController
psiprobe.controllers.apps.StopContextController
psiprobe.controllers.apps.StopSummaryContextController
psiprobe.controllers.apps.ViewContextXmlConfController
psiprobe.controllers.apps.ViewWebXmlConfController
psiprobe.controllers.certificates.ListCertificatesController
psiprobe.controllers.certificates.SslHostConfigHelper
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.controllers.certificates.SslHostConfigHelper at new psiprobe.controllers.certificates.SslHostConfigHelper(AbstractHttp11Protocol, ConnectorInfo) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
46 |
Medium |
psiprobe.controllers.certificates.SslHostConfigInfoTest
psiprobe.controllers.cluster.BaseClusterStatsController
| Bug |
Category |
Details |
Line |
Priority |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
100 |
Medium |
psiprobe.controllers.cluster.ClusterMembersStatsController
psiprobe.controllers.cluster.ClusterRequestsStatsController
psiprobe.controllers.cluster.ClusterStatsController
psiprobe.controllers.cluster.ClusterTrafficStatsController
psiprobe.controllers.connectors.BaseGetConnectorController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.connectors.BaseGetConnectorController.getContainerListenerBean() may expose internal representation by returning BaseGetConnectorController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
41 |
Medium |
| psiprobe.controllers.connectors.BaseGetConnectorController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into BaseGetConnectorController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
50 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
69 |
Medium |
psiprobe.controllers.connectors.GetConnectorProcTimeController
psiprobe.controllers.connectors.GetConnectorRequestController
psiprobe.controllers.connectors.GetConnectorTrafficController
psiprobe.controllers.connectors.ListConnectorsController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.connectors.ListConnectorsController.getContainerListenerBean() may expose internal representation by returning ListConnectorsController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
52 |
Medium |
| psiprobe.controllers.connectors.ListConnectorsController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ListConnectorsController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
61 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
115 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
133 |
Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setCollectionPeriod(long) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
79 |
Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setCollectionPeriod(String) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
89 |
Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setContainerListenerBean(ContainerListenerBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
61 |
Medium |
| Method psiprobe.controllers.connectors.ListConnectorsController.setIncludeRequestProcessors(boolean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
108 |
Medium |
psiprobe.controllers.connectors.ResetConnectorStatsController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.connectors.ResetConnectorStatsController.getCollectorBean() may expose internal representation by returning ResetConnectorStatsController.collectorBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
43 |
Medium |
| psiprobe.controllers.connectors.ResetConnectorStatsController.setCollectorBean(ConnectorStatsCollectorBean) may expose internal representation by storing an externally mutable object into ResetConnectorStatsController.collectorBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
52 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
59 |
High |
| Method psiprobe.controllers.connectors.ResetConnectorStatsController.setCollectorBean(ConnectorStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
52 |
Medium |
psiprobe.controllers.connectors.ToggleConnectorStatusController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.connectors.ToggleConnectorStatusController.getCollectorBean() may expose internal representation by returning ToggleConnectorStatusController.collectorBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
54 |
Medium |
| psiprobe.controllers.connectors.ToggleConnectorStatusController.setCollectorBean(ConnectorStatsCollectorBean) may expose internal representation by storing an externally mutable object into ToggleConnectorStatusController.collectorBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
63 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
70 |
High |
| Method psiprobe.controllers.connectors.ToggleConnectorStatusController.setCollectorBean(ConnectorStatsCollectorBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
63 |
Medium |
psiprobe.controllers.connectors.ZoomChartController
psiprobe.controllers.datasources.ListAllJdbcResourceGroupsController
psiprobe.controllers.datasources.ListAllJdbcResourcesController
psiprobe.controllers.datasources.ResetDataSourceController
psiprobe.controllers.deploy.BaseUndeployContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
70 |
High |
psiprobe.controllers.deploy.CopySingleFileController
| Bug |
Category |
Details |
Line |
Priority |
| Do not catch NullPointerException like in psiprobe.controllers.deploy.CopySingleFileController.handleFileUpload(MultipartFile, String, String, String, String, HttpServletRequest) |
STYLE |
DCN_NULLPOINTER_EXCEPTION |
77 |
Medium |
| Null passed for non-null parameter of java.nio.file.Files.delete(Path) in psiprobe.controllers.deploy.CopySingleFileController.handleFileUpload(MultipartFile, String, String, String, String, HttpServletRequest) |
CORRECTNESS |
NP_NULL_PARAM_DEREF |
123 |
Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
155 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
163 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
172 |
High |
psiprobe.controllers.deploy.DeployConfigController
psiprobe.controllers.deploy.DeployContextController
| Bug |
Category |
Details |
Line |
Priority |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
55 |
High |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
63 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
37 |
High |
psiprobe.controllers.deploy.DeployController
psiprobe.controllers.deploy.UndeployContextController
psiprobe.controllers.deploy.UndeploySummaryContextController
psiprobe.controllers.deploy.UploadWarController
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleUpload(MultipartFile, String, String, String, String, HttpServletRequest) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
111 |
Medium |
| Possible null pointer dereference in psiprobe.controllers.deploy.UploadWarController.handleUpload(MultipartFile, String, String, String, String, HttpServletRequest) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
119 |
Medium |
| Null passed for non-null parameter of java.nio.file.Files.delete(Path) in psiprobe.controllers.deploy.UploadWarController.handleUpload(MultipartFile, String, String, String, String, HttpServletRequest) |
CORRECTNESS |
NP_NULL_PARAM_DEREF |
107 |
Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
171 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
178 |
High |
psiprobe.controllers.error.Error403Controller
psiprobe.controllers.error.Error404Controller
psiprobe.controllers.filters.ListAppFilterMapsController
psiprobe.controllers.filters.ListAppFiltersController
psiprobe.controllers.help.HelpApplicationsController
psiprobe.controllers.help.HelpDatasourceTestController
psiprobe.controllers.help.HelpDatasourcesController
psiprobe.controllers.help.HelpSessionSearchController
psiprobe.controllers.help.HelpThreads2Controller
psiprobe.controllers.help.HelpThreadsController
psiprobe.controllers.jsp.DiscardCompiledJspController
psiprobe.controllers.jsp.DisplayJspController
psiprobe.controllers.jsp.DownloadServletController
psiprobe.controllers.jsp.RecompileJspController
psiprobe.controllers.jsp.ViewServletSourceController
psiprobe.controllers.jsp.ViewSourceController
psiprobe.controllers.logs.AbstractLogHandlerController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.logs.AbstractLogHandlerController.getLogResolver() may expose internal representation by returning AbstractLogHandlerController.logResolver |
MALICIOUS_CODE |
EI_EXPOSE_REP |
44 |
Medium |
| psiprobe.controllers.logs.AbstractLogHandlerController.setLogResolver(LogResolverBean) may expose internal representation by storing an externally mutable object into AbstractLogHandlerController.logResolver |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
psiprobe.controllers.logs.ChangeLogLevelController
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.controllers.logs.ChangeLogLevelController.handleLogFile(HttpServletRequest, HttpServletResponse, LogDestination) uses instanceof on multiple types to arbitrate logic |
STYLE |
ITC_INHERITANCE_TYPE_CHECKING |
52 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
43 |
High |
psiprobe.controllers.logs.DownloadLogController
psiprobe.controllers.logs.FollowController
psiprobe.controllers.logs.FollowedFileInfoController
psiprobe.controllers.logs.ListLogsController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.logs.ListLogsController.getLogResolver() may expose internal representation by returning ListLogsController.logResolver |
MALICIOUS_CODE |
EI_EXPOSE_REP |
67 |
Medium |
| psiprobe.controllers.logs.ListLogsController.setLogResolver(LogResolverBean) may expose internal representation by storing an externally mutable object into ListLogsController.logResolver |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
76 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
83 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
93 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
95 |
Medium |
| Method psiprobe.controllers.logs.ListLogsController.setErrorView(String) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
58 |
Medium |
| Method psiprobe.controllers.logs.ListLogsController.setLogResolver(LogResolverBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
76 |
Medium |
psiprobe.controllers.logs.SetupFollowController
psiprobe.controllers.oshi.OshiController
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.controllers.oshi.OshiController.printCpu(CentralProcessor) accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
341 |
Medium |
| Method psiprobe.controllers.oshi.OshiController.printCpu(CentralProcessor) accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
342 |
Medium |
| Method psiprobe.controllers.oshi.OshiController.initialize() calls equals on an enum instance |
CORRECTNESS |
ENMI_EQUALS_ON_ENUM |
164 |
Medium |
| Method psiprobe.controllers.oshi.OshiController.printServices(OperatingSystem) calls equals on an enum instance |
CORRECTNESS |
ENMI_EQUALS_ON_ENUM |
418 |
Medium |
| Method psiprobe.controllers.oshi.OshiController.printServices(OperatingSystem) calls equals on an enum instance |
CORRECTNESS |
ENMI_EQUALS_ON_ENUM |
424 |
Medium |
| Class psiprobe.controllers.oshi.OshiController defines static field "psiprobe.controllers.oshi.OshiController.oshi" which appears to allow memory bloat |
CORRECTNESS |
PMB_POSSIBLE_MEMORY_BLOAT |
Not available |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
106 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
114 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
131 |
Medium |
psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.handleRequestInternal(HttpServletRequest, HttpServletResponse) is excessively complex, with a cyclomatic complexity of 53 |
STYLE |
CC_CYCLOMATIC_COMPLEXITY |
67 |
Medium |
| psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.getContainerListenerBean() may expose internal representation by returning BaseTomcatAvailabilityController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
51 |
Medium |
| psiprobe.controllers.quickcheck.BaseTomcatAvailabilityController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into BaseTomcatAvailabilityController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
60 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
120 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
140 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
146 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
175 |
Medium |
psiprobe.controllers.quickcheck.TomcatAvailabilityController
psiprobe.controllers.quickcheck.TomcatAvailabilityXmlController
psiprobe.controllers.servlets.ListServletMapsController
psiprobe.controllers.servlets.ListServletsController
psiprobe.controllers.servlets.ServletsController
psiprobe.controllers.sessions.ExpireSessionController
psiprobe.controllers.sessions.ExpireSessionsController
psiprobe.controllers.sessions.ListSessionAttributesController
psiprobe.controllers.sessions.ListSessionsController
psiprobe.controllers.sessions.ListSessionsControllerTest
| Bug |
Category |
Details |
Line |
Priority |
| Dead store to unused in psiprobe.controllers.sessions.ListSessionsControllerTest.testHandleContextWithNoContextListsAllSessions() |
STYLE |
DLS_DEAD_LOCAL_STORE |
120 |
Medium |
| Method psiprobe.controllers.sessions.ListSessionsControllerTest.testMatchSession() uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
157 |
Medium |
psiprobe.controllers.sessions.RemoveSessAttributeController
psiprobe.controllers.sql.CachedRecordSetController
psiprobe.controllers.sql.ConnectionTestController
psiprobe.controllers.sql.DataSourceTestController
psiprobe.controllers.sql.ExecuteSqlController
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.controllers.sql.ExecuteSqlController uses non owned variables to synchronize on |
STYLE |
NOS_NON_OWNED_SYNCHRONIZATION |
84 |
Medium |
| Class psiprobe.controllers.sql.ExecuteSqlController uses non owned variables to synchronize on |
STYLE |
NOS_NON_OWNED_SYNCHRONIZATION |
163 |
Medium |
| Method psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
148 |
Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
175 |
High |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
104 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
57 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
71 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
167 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
180 |
Medium |
| This use of java/sql/Connection.prepareStatement(Ljava/lang/String;)Ljava/sql/PreparedStatement; can be vulnerable to SQL injection (with JDBC) |
SECURITY |
SQL_INJECTION_JDBC |
119 |
Medium |
| Method psiprobe.controllers.sql.ExecuteSqlController.handleContext(String, Context, HttpServletRequest, HttpServletResponse) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
146 |
Medium |
psiprobe.controllers.sql.QueryHistoryController
psiprobe.controllers.sql.QueryHistoryItemController
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
68 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
43 |
High |
| This use of java/io/PrintWriter.print(Ljava/lang/String;)V could be vulnerable to XSS in the Servlet |
SECURITY |
XSS_SERVLET |
65 |
Medium |
psiprobe.controllers.system.AdviseGarbageCollectionController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.system.AdviseGarbageCollectionController.handleRequestInternal(HttpServletRequest, HttpServletResponse) forces garbage collection; extremely dubious except in benchmarking code |
PERFORMANCE |
DM_GC |
82 |
High |
| Method psiprobe.controllers.system.AdviseGarbageCollectionController.handleRequestInternal(HttpServletRequest, HttpServletResponse) triggers finalization when calling Runtime.runFinalization() |
CORRECTNESS |
MDM_RUNFINALIZATION |
79 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
62 |
High |
| Method psiprobe.controllers.system.AdviseGarbageCollectionController.setReplacePattern(String) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
55 |
Medium |
psiprobe.controllers.system.BaseMemoryStatsController
| Bug |
Category |
Details |
Line |
Priority |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
74 |
Medium |
psiprobe.controllers.system.BaseSysInfoController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.system.BaseSysInfoController.getFilterOutKeys() may expose internal representation by returning BaseSysInfoController.filterOutKeys |
MALICIOUS_CODE |
EI_EXPOSE_REP |
50 |
Medium |
| psiprobe.controllers.system.BaseSysInfoController.setFilterOutKeys(List) may expose internal representation by storing an externally mutable object into BaseSysInfoController.filterOutKeys |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
59 |
Medium |
| Method psiprobe.controllers.system.BaseSysInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
110 |
Medium |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
121 |
Medium |
psiprobe.controllers.system.MemoryStatsAjaxController
psiprobe.controllers.system.MemoryStatsController
psiprobe.controllers.system.OsInfoAjaxController
psiprobe.controllers.system.OsInfoController
psiprobe.controllers.system.SysInfoController
psiprobe.controllers.system.SysPropsController
psiprobe.controllers.threads.GetClassLoaderUrlsController
psiprobe.controllers.threads.ImplSelectorController
psiprobe.controllers.threads.KillThreadController
psiprobe.controllers.threads.ListSunThreadsController
psiprobe.controllers.threads.ListThreadPoolsController
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.controllers.threads.ListThreadPoolsController.getContainerListenerBean() may expose internal representation by returning ListThreadPoolsController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
44 |
Medium |
| psiprobe.controllers.threads.ListThreadPoolsController.setContainerListenerBean(ContainerListenerBean) may expose internal representation by storing an externally mutable object into ListThreadPoolsController.containerListenerBean |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
60 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
68 |
Medium |
| Method psiprobe.controllers.threads.ListThreadPoolsController.setContainerListenerBean(ContainerListenerBean) of Singleton class writes to a field in an unsynchronized manner |
CORRECTNESS |
USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES |
53 |
Medium |
psiprobe.controllers.threads.ListThreadsController
psiprobe.controllers.threads.ThreadStackController
psiprobe.controllers.truststore.TrustStoreController
psiprobe.controllers.wrapper.RestartJvmController
psiprobe.controllers.wrapper.StopJvmController
psiprobe.controllers.wrapper.ThreadDumpController
psiprobe.controllers.wrapper.WrapperInfoController
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.controllers.wrapper.WrapperInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
54 |
Medium |
| Method psiprobe.controllers.wrapper.WrapperInfoController.handleRequestInternal(HttpServletRequest, HttpServletResponse) appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
56 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
66 |
Medium |
| Unrestricted Spring's RequestMapping makes the method vulnerable to CSRF attacks |
SECURITY |
SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING |
40 |
High |
| ModelAndView populated with user controlled parameters |
SECURITY |
SPRING_FILE_DISCLOSURE |
69 |
Medium |
psiprobe.jfreechart.XYLine3DRenderer
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.jfreechart.XYLine3DRenderer defines a computed serialVersionUID that doesn't equate to the calculated value |
CORRECTNESS |
IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID |
Not available |
Medium |
| Method psiprobe.jfreechart.XYLine3DRenderer.hashCode() stores return result in local before immediately returning it |
STYLE |
USBR_UNNECESSARY_STORE_BEFORE_RETURN |
272 |
Medium |
psiprobe.jfreechart.XYLine3DRendererTest
| Bug |
Category |
Details |
Line |
Priority |
| Object deserialization is used in psiprobe.jfreechart.XYLine3DRendererTest.testSerialization() |
SECURITY |
OBJECT_DESERIALIZATION |
104 |
High |
| Object deserialization is used in psiprobe.jfreechart.XYLine3DRendererTest.testSerializationWithNullWallPaint() |
SECURITY |
OBJECT_DESERIALIZATION |
245 |
High |
| Method psiprobe.jfreechart.XYLine3DRendererTest.testHashCodeConsistency() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
149 |
Medium |
| Method psiprobe.jfreechart.XYLine3DRendererTest.testIsLinePass() uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
283 |
Medium |
psiprobe.jsp.VisualScoreTag
psiprobe.jsp.VisualScoreTagTest
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.jsp.VisualScoreTagTest.callCalculateSuffix(int, int, int, int) excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
120-136 |
Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
99 |
High |
psiprobe.model.ApplicationResource
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.ApplicationResource.getDataSourceInfo() may expose internal representation by returning ApplicationResource.dataSourceInfo |
MALICIOUS_CODE |
EI_EXPOSE_REP |
159 |
Medium |
| psiprobe.model.ApplicationResource.setDataSourceInfo(DataSourceInfo) may expose internal representation by storing an externally mutable object into ApplicationResource.dataSourceInfo |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
168 |
Medium |
psiprobe.model.ApplicationSession
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.ApplicationSession.getAttributes() may expose internal representation by returning ApplicationSession.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
206 |
Medium |
| psiprobe.model.ApplicationSession.setAttributes(List) may expose internal representation by storing an externally mutable object into ApplicationSession.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
215 |
Medium |
psiprobe.model.Connector
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.Connector.getRequestProcessors() may expose internal representation by returning Connector.requestProcessors |
MALICIOUS_CODE |
EI_EXPOSE_REP |
195 |
Medium |
| psiprobe.model.Connector.setRequestProcessors(List) may expose internal representation by storing an externally mutable object into Connector.requestProcessors |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
204 |
Medium |
psiprobe.model.DisconnectedLogDestination
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.DisconnectedLogDestination.getApplication() may expose internal representation by returning DisconnectedLogDestination.application |
MALICIOUS_CODE |
EI_EXPOSE_REP |
98 |
Medium |
psiprobe.model.SessionSearchInfo
psiprobe.model.SunThread
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.SunThread.getExecutionPoint() may expose internal representation by returning SunThread.executionPoint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
237 |
Medium |
| psiprobe.model.SunThread.setExecutionPoint(ThreadStackElement) may expose internal representation by storing an externally mutable object into SunThread.executionPoint |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
246 |
Medium |
psiprobe.model.SystemInformation
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.SystemInformation.getSystemProperties() may expose internal representation by returning SystemInformation.systemProperties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
143 |
Medium |
| psiprobe.model.SystemInformation.setSystemProperties(Map) may expose internal representation by storing an externally mutable object into SystemInformation.systemProperties |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
152 |
Medium |
psiprobe.model.certificates.Cert
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.model.certificates.Cert defines a computed serialVersionUID that doesn't equate to the calculated value |
CORRECTNESS |
IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID |
Not available |
Medium |
psiprobe.model.certificates.CertificateInfo
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.model.certificates.CertificateInfo defines a computed serialVersionUID that doesn't equate to the calculated value |
CORRECTNESS |
IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID |
Not available |
Medium |
psiprobe.model.certificates.ConnectorInfo
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.model.certificates.ConnectorInfo defines a computed serialVersionUID that doesn't equate to the calculated value |
CORRECTNESS |
IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID |
Not available |
Medium |
psiprobe.model.certificates.SslHostConfigInfo
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.model.certificates.SslHostConfigInfo defines a computed serialVersionUID that doesn't equate to the calculated value |
CORRECTNESS |
IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID |
Not available |
Medium |
psiprobe.model.jmx.ThreadPoolObjectName
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.jmx.ThreadPoolObjectName.getGlobalRequestProcessorName() may expose internal representation by returning ThreadPoolObjectName.globalRequestProcessorName |
MALICIOUS_CODE |
EI_EXPOSE_REP |
50 |
Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.getThreadPoolName() may expose internal representation by returning ThreadPoolObjectName.threadPoolName |
MALICIOUS_CODE |
EI_EXPOSE_REP |
41 |
Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.setGlobalRequestProcessorName(ObjectName) may expose internal representation by storing an externally mutable object into ThreadPoolObjectName.globalRequestProcessorName |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
78 |
Medium |
| psiprobe.model.jmx.ThreadPoolObjectName.setThreadPoolName(ObjectName) may expose internal representation by storing an externally mutable object into ThreadPoolObjectName.threadPoolName |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
69 |
Medium |
psiprobe.model.jsp.Item
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.jsp.Item.getException() may expose internal representation by returning Item.exception |
MALICIOUS_CODE |
EI_EXPOSE_REP |
88 |
Medium |
| psiprobe.model.jsp.Item.setException(Exception) may expose internal representation by storing an externally mutable object into Item.exception |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
97 |
Medium |
psiprobe.model.sql.DataSourceTestInfo
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.sql.DataSourceTestInfo.getQueryHistory() may expose internal representation by returning DataSourceTestInfo.queryHistory |
MALICIOUS_CODE |
EI_EXPOSE_REP |
89 |
Medium |
| psiprobe.model.sql.DataSourceTestInfo.getResults() may expose internal representation by returning DataSourceTestInfo.results |
MALICIOUS_CODE |
EI_EXPOSE_REP |
71 |
Medium |
| psiprobe.model.sql.DataSourceTestInfo.setResults(List) may expose internal representation by storing an externally mutable object into DataSourceTestInfo.results |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
psiprobe.model.sql.DataSourceTestInfoTest
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.model.sql.DataSourceTestInfoTest.testAddQueryToHistory() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
39-67 |
Medium |
psiprobe.model.stats.StatsCollection
| Bug |
Category |
Details |
Line |
Priority |
| Shared primitive variable "maxFiles" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
138 |
Medium |
| Method psiprobe.model.stats.StatsCollection.shiftFiles(int) appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
236 |
Medium |
psiprobe.model.wrapper.WrapperInfo
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.model.wrapper.WrapperInfo.getProperties() may expose internal representation by returning WrapperInfo.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
165 |
Medium |
| psiprobe.model.wrapper.WrapperInfo.setProperties(Set) may expose internal representation by storing an externally mutable object into WrapperInfo.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
174 |
Medium |
psiprobe.tokenizer.StringTokenizer
psiprobe.tokenizer.Tokenizer
psiprobe.tools.ApplicationUtils
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.tools.ApplicationUtils.getApplication(Context, ResourceResolver, boolean, ContainerWrapperBean) accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
146 |
Medium |
| Method psiprobe.tools.ApplicationUtils.getApplicationDataSourceUsageScores(Context, ResourceResolver, ContainerWrapperBean) accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
247 |
Medium |
| Unconstrained method psiprobe.tools.ApplicationUtils.getApplicationDataSourceUsageScores(Context, ResourceResolver, ContainerWrapperBean) converts checked exception to unchecked |
STYLE |
EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS |
242 |
High |
| Method psiprobe.tools.ApplicationUtils.collectApplicationServletStats(Context, Application) uses instanceof on multiple types to arbitrate logic |
STYLE |
ITC_INHERITANCE_TYPE_CHECKING |
204 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
322 |
Medium |
psiprobe.tools.AsyncSocketFactory
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
70 |
Medium |
psiprobe.tools.AsyncSocketFactory$SocketRunnable
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
206 |
Medium |
| Unencrypted socket to psiprobe.tools.AsyncSocketFactory$SocketRunnable (instead of SSLSocket) |
SECURITY |
UNENCRYPTED_SOCKET |
199 |
Medium |
psiprobe.tools.AsyncSocketFactory$TimeoutRunnable
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
254 |
Medium |
psiprobe.tools.BackwardsFileStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.BackwardsFileStream at new psiprobe.tools.BackwardsFileStream(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
38 |
Medium |
psiprobe.tools.JmxTools
| Bug |
Category |
Details |
Line |
Priority |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
58 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
61 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
64 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
67 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
89 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
92 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
245 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
248 |
Medium |
psiprobe.tools.JmxToolsTest
psiprobe.tools.LogOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Constructor new psiprobe.tools.LogOutputStream(Logger, int) declares a Logger parameter |
CORRECTNESS |
LO_SUSPECT_LOG_PARAMETER |
66-72 |
Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
169 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
172 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
175 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
178 |
High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance |
CORRECTNESS |
SLF4J_FORMAT_SHOULD_BE_CONST |
181 |
High |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
87 |
Medium |
psiprobe.tools.LogOutputStreamTest
| Bug |
Category |
Details |
Line |
Priority |
|
Logger should be final field. Change this field (log) to final field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_FINAL |
Not available |
Medium |
|
To prevent illegal usage, logger should be private field. Change this field (log) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
psiprobe.tools.MailMessage
psiprobe.tools.SimpleAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.tools.SimpleAccessor.post(Field, boolean) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
86 |
Medium |
| Method psiprobe.tools.SimpleAccessor.pre(Object, Field) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
69 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
32 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
71 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
88 |
Medium |
psiprobe.tools.SizeExpressionTests
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.tools.SizeExpressionTests.formatNoDecimalBase10Test() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
65-73 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.formatNoDecimalBase2Test() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
50-58 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.formatOneDecimalBase10Test() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
95-103 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.formatOneDecimalBase2Test() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
80-88 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.parseWithUnitTest() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
136-148 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.parseWithoutUnitTest() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
155-167 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.setUp() calls Locale.setDefault(), changing locale for all threads |
MT_CORRECTNESS |
MDM_SETDEFAULTLOCALE |
34 |
Medium |
| Method psiprobe.tools.SizeExpressionTests.tearDown() calls Locale.setDefault(), changing locale for all threads |
MT_CORRECTNESS |
MDM_SETDEFAULTLOCALE |
42 |
Medium |
psiprobe.tools.Whois$Response
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.Whois$Response.getData() may expose internal representation by returning Whois$Response.data |
MALICIOUS_CODE |
EI_EXPOSE_REP |
177 |
Medium |
psiprobe.tools.logging.DefaultAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.DefaultAccessor.getApplication() may expose internal representation by returning DefaultAccessor.application |
MALICIOUS_CODE |
EI_EXPOSE_REP |
43 |
Medium |
| psiprobe.tools.logging.DefaultAccessor.setApplication(Application) may expose internal representation by storing an externally mutable object into DefaultAccessor.application |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
52 |
Medium |
| Class psiprobe.tools.logging.DefaultAccessor defines a non private logger using a static class context |
CORRECTNESS |
LO_NON_PRIVATE_STATIC_LOGGER |
29 |
Medium |
|
To prevent illegal usage, logger should be private field. Change this field (logger) to private field.
|
STYLE |
SLF4J_LOGGER_SHOULD_BE_PRIVATE |
Not available |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
101 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
137 |
Medium |
psiprobe.tools.logging.commons.AbstractLoggerAccessorVisitor
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.tools.logging.commons.AbstractLoggerAccessorVisitor.visit() orders expressions in a conditional in a sub optimal way |
PERFORMANCE |
SEO_SUBOPTIMAL_EXPRESSION_ORDER |
44 |
Medium |
psiprobe.tools.logging.commons.GetAllDestinationsVisitor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.commons.GetAllDestinationsVisitor.getDestinations() may expose internal representation by returning GetAllDestinationsVisitor.destinations |
MALICIOUS_CODE |
EI_EXPOSE_REP |
34 |
Medium |
psiprobe.tools.logging.jdk.Jdk14HandlerAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.jdk.Jdk14HandlerAccessor.getLoggerAccessor() may expose internal representation by returning Jdk14HandlerAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
34 |
Medium |
| psiprobe.tools.logging.jdk.Jdk14HandlerAccessor.setLoggerAccessor(Jdk14LoggerAccessor) may expose internal representation by storing an externally mutable object into Jdk14HandlerAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
43 |
Medium |
psiprobe.tools.logging.jdk.Jdk14LoggerAccessor
psiprobe.tools.logging.jdk.Jdk14LoggerAccessorTest
| Bug |
Category |
Details |
Line |
Priority |
| The mockLogger field in class psiprobe.tools.logging.jdk.Jdk14LoggerAccessorTest is used only as a local, but defined on class level |
CORRECTNESS |
FCBL_FIELD_COULD_BE_LOCAL |
38 |
Medium |
psiprobe.tools.logging.jdk.Jdk14ManagerAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.jdk.Jdk14ManagerAccessor at new psiprobe.tools.logging.jdk.Jdk14ManagerAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
42 |
Medium |
psiprobe.tools.logging.jdk.JuliHandlerAccessorTest
| Bug |
Category |
Details |
Line |
Priority |
| Method psiprobe.tools.logging.jdk.JuliHandlerAccessorTest.testGetFile_MissingField_ReturnsStdoutFile() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
84 |
Medium |
psiprobe.tools.logging.log4j.Log4JAppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.log4j.Log4JAppenderAccessor.getLoggerAccessor() may expose internal representation by returning Log4JAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
32 |
Medium |
| psiprobe.tools.logging.log4j.Log4JAppenderAccessor.setLoggerAccessor(Log4JLoggerAccessor) may expose internal representation by storing an externally mutable object into Log4JAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
psiprobe.tools.logging.log4j.Log4JLoggerAccessor
psiprobe.tools.logging.log4j.Log4JManagerAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.log4j.Log4JManagerAccessor at new psiprobe.tools.logging.log4j.Log4JManagerAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
36 |
Medium |
| Method psiprobe.tools.logging.log4j.Log4JManagerAccessor.getAppenders() allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
112 |
Medium |
psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor.getLoggerAccessor() may expose internal representation by returning Log4J2AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
32 |
Medium |
| psiprobe.tools.logging.log4j2.Log4J2AppenderAccessor.setLoggerAccessor(Log4J2LoggerConfigAccessor) may expose internal representation by storing an externally mutable object into Log4J2AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor.setLoggerContext(Log4J2LoggerContextAccessor) may expose internal representation by storing an externally mutable object into Log4J2LoggerConfigAccessor.loggerContext |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
136 |
Medium |
| Class psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessor has a circular dependency with other classes |
CORRECTNESS |
FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY |
28-243 |
Medium |
psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessorTest
| Bug |
Category |
Details |
Line |
Priority |
| The mockLoggerContext field in class psiprobe.tools.logging.log4j2.Log4J2LoggerConfigAccessorTest is used only as a local, but defined on class level |
CORRECTNESS |
FCBL_FIELD_COULD_BE_LOCAL |
49 |
Medium |
psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor at new psiprobe.tools.logging.log4j2.Log4J2WebLoggerContextUtilsAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
41 |
Medium |
psiprobe.tools.logging.logback.LogbackAppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.logback.LogbackAppenderAccessor.getLoggerAccessor() may expose internal representation by returning LogbackAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.tools.logging.logback.LogbackAppenderAccessor.setLoggerAccessor(LogbackLoggerAccessor) may expose internal representation by storing an externally mutable object into LogbackAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
psiprobe.tools.logging.logback.LogbackFactoryAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.logback.LogbackFactoryAccessor at new psiprobe.tools.logging.logback.LogbackFactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
| Method psiprobe.tools.logging.logback.LogbackFactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
115 |
Medium |
psiprobe.tools.logging.logback.LogbackLoggerAccessor
psiprobe.tools.logging.logback13.Logback13AppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.logback13.Logback13AppenderAccessor.getLoggerAccessor() may expose internal representation by returning Logback13AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.tools.logging.logback13.Logback13AppenderAccessor.setLoggerAccessor(Logback13LoggerAccessor) may expose internal representation by storing an externally mutable object into Logback13AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
psiprobe.tools.logging.logback13.Logback13FactoryAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.logback13.Logback13FactoryAccessor at new psiprobe.tools.logging.logback13.Logback13FactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
| Method new psiprobe.tools.logging.logback13.Logback13FactoryAccessor(ClassLoader) declares RuntimeException in throws clause |
STYLE |
DRE_DECLARED_RUNTIME_EXCEPTION |
49-75 |
Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
129 |
Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
161 |
Medium |
| Method psiprobe.tools.logging.logback13.Logback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
163 |
Medium |
psiprobe.tools.logging.logback13.Logback13LoggerAccessor
psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor.getLoggerAccessor() may expose internal representation by returning TomcatSlf4jLogbackAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor.setLoggerAccessor(TomcatSlf4jLogbackLoggerAccessor) may expose internal representation by storing an externally mutable object into TomcatSlf4jLogbackAppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
| Class psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackAppenderAccessor has a circular dependency with other classes |
CORRECTNESS |
FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY |
25-133 |
Medium |
psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor at new psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
49 |
Medium |
| Method psiprobe.tools.logging.slf4jlogback.TomcatSlf4jLogbackFactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
120 |
Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor
| Bug |
Category |
Details |
Line |
Priority |
| psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor.getLoggerAccessor() may expose internal representation by returning TomcatSlf4jLogback13AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
36 |
Medium |
| psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13AppenderAccessor.setLoggerAccessor(TomcatSlf4jLogback13LoggerAccessor) may expose internal representation by storing an externally mutable object into TomcatSlf4jLogback13AppenderAccessor.loggerAccessor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor at new psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor(ClassLoader) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
53 |
Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.getAppenders() allocates an object that is used in a constant way in a loop |
PERFORMANCE |
PCAIL_POSSIBLE_CONSTANT_ALLOCATION_IN_LOOP |
134 |
Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
166 |
Medium |
| Method psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13FactoryAccessor.findServiceProviders(ClassLoader) uses AccessibleObject.setAccessible to modify accessibility of classes |
CORRECTNESS |
RFI_SET_ACCESSIBLE |
168 |
Medium |
psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13LoggerAccessor
| Bug |
Category |
Details |
Line |
Priority |
| Class psiprobe.tools.logging.slf4jlogback13.TomcatSlf4jLogback13LoggerAccessor has a circular dependency with other classes |
CORRECTNESS |
FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY |
28-201 |
Medium |
psiprobe.tools.url.UrlParser
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class psiprobe.tools.url.UrlParser at new psiprobe.tools.url.UrlParser(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
| Method new psiprobe.tools.url.UrlParser(String) throws alternative exception from catch block without history |
CORRECTNESS |
LEST_LOST_EXCEPTION_STACK_TRACE |
75 |
Medium |
| To make log readable, log format () should contain non-sign character. |
BAD_PRACTICE |
SLF4J_SIGN_ONLY_FORMAT |
74 |
Medium |
