SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 462 |
131 |
0 |
0 |
org.apache.bval.cdi.BValAnnotatedType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.cdi.BValAnnotatedType.getAnnotations() may expose internal representation by returning BValAnnotatedType.annotations |
MALICIOUS_CODE |
EI_EXPOSE_REP |
80 |
Medium |
org.apache.bval.cdi.BValExtension
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.cdi.BValExtension.getGlobalExecutableTypes() may expose internal representation by returning BValExtension.globalExecutableTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
108 |
Medium |
org.apache.bval.cdi.BValExtension$Releasable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.cdi.BValExtension$Releasable.release() might ignore java.lang.Exception |
BAD_PRACTICE |
DE_MIGHT_IGNORE |
316 |
Medium |
org.apache.bval.cdi.BValInterceptor
| Bug |
Category |
Details |
Line |
Priority |
| Return value of putIfAbsent is ignored, but mapped is reused in org.apache.bval.cdi.BValInterceptor.getTargetClass(InvocationContext) |
MT_CORRECTNESS |
RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
184 |
High |
| Class org.apache.bval.cdi.BValInterceptor defines non-transient non-serializable instance field globalConfiguration |
BAD_PRACTICE |
SE_BAD_FIELD |
|
High |
| Class org.apache.bval.cdi.BValInterceptor defines non-transient non-serializable instance field validator |
BAD_PRACTICE |
SE_BAD_FIELD |
|
Medium |
| org.apache.bval.cdi.BValInterceptor is Serializable; consider declaring a serialVersionUID |
BAD_PRACTICE |
SE_NO_SERIALVERSIONID |
75 |
Medium |
org.apache.bval.cdi.ValidatorBean
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.cdi.ValidatorBean.getQualifiers() may expose internal representation by returning ValidatorBean.qualifiers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
63 |
Medium |
| org.apache.bval.cdi.ValidatorBean.getTypes() may expose internal representation by returning ValidatorBean.types |
MALICIOUS_CODE |
EI_EXPOSE_REP |
58 |
Medium |
org.apache.bval.cdi.ValidatorFactoryBean
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.cdi.ValidatorFactoryBean.getQualifiers() may expose internal representation by returning ValidatorFactoryBean.qualifiers |
MALICIOUS_CODE |
EI_EXPOSE_REP |
63 |
Medium |
| org.apache.bval.cdi.ValidatorFactoryBean.getTypes() may expose internal representation by returning ValidatorFactoryBean.types |
MALICIOUS_CODE |
EI_EXPOSE_REP |
58 |
Medium |
org.apache.bval.jsr.ApacheFactoryContext
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.ApacheFactoryContext.getFactory() may expose internal representation by returning ApacheFactoryContext.factory |
MALICIOUS_CODE |
EI_EXPOSE_REP |
191 |
Medium |
| org.apache.bval.jsr.ApacheFactoryContext.getValueExtractors() may expose internal representation by returning ApacheFactoryContext.valueExtractors |
MALICIOUS_CODE |
EI_EXPOSE_REP |
174 |
Medium |
| new org.apache.bval.jsr.ApacheFactoryContext(ApacheValidatorFactory) may expose internal representation by storing an externally mutable object into ApacheFactoryContext.factory |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
65 |
Medium |
org.apache.bval.jsr.ApacheValidatorFactory
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.ApacheValidatorFactory.getConstraintsCache() may expose internal representation by returning ApacheValidatorFactory.constraintsCache |
MALICIOUS_CODE |
EI_EXPOSE_REP |
333 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.getDescriptorManager() may expose internal representation by returning ApacheValidatorFactory.descriptorManager |
MALICIOUS_CODE |
EI_EXPOSE_REP |
351 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.getGroupsComputer() may expose internal representation by returning ApacheValidatorFactory.groupsComputer |
MALICIOUS_CODE |
EI_EXPOSE_REP |
368 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.getProperties() may expose internal representation by returning ApacheValidatorFactory.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
151 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.getUnwrappedClassCache() may expose internal representation by returning ApacheValidatorFactory.unwrappedClassCache |
MALICIOUS_CODE |
EI_EXPOSE_REP |
142 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.getValueExtractors() may expose internal representation by returning ApacheValidatorFactory.valueExtractors |
MALICIOUS_CODE |
EI_EXPOSE_REP |
360 |
Medium |
| org.apache.bval.jsr.ApacheValidatorFactory.setDefault(ApacheValidatorFactory) may expose internal static state by storing a mutable object into a static field org.apache.bval.jsr.ApacheValidatorFactory.DEFAULT_FACTORY |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
89 |
Medium |
| Public static org.apache.bval.jsr.ApacheValidatorFactory.getDefault() may expose internal representation by returning ApacheValidatorFactory.DEFAULT_FACTORY |
MALICIOUS_CODE |
MS_EXPOSE_REP |
80 |
Medium |
org.apache.bval.jsr.ConfigurationImpl
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.ConfigurationImpl at new org.apache.bval.jsr.ConfigurationImpl(BootstrapState, ValidationProvider) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
168 |
Medium |
| org.apache.bval.jsr.ConfigurationImpl.getDefaultMessageInterpolator() may expose internal representation by returning ConfigurationImpl.defaultMessageInterpolator |
MALICIOUS_CODE |
EI_EXPOSE_REP |
262 |
Medium |
| org.apache.bval.jsr.ConfigurationImpl.getMappingStreams() may expose internal representation by returning ConfigurationImpl.mappingStreams |
MALICIOUS_CODE |
EI_EXPOSE_REP |
313 |
Medium |
| org.apache.bval.jsr.ConfigurationImpl.getProperties() may expose internal representation by returning ConfigurationImpl.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
293 |
Medium |
org.apache.bval.jsr.ConstraintCached
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.ConstraintCached.getValidators() may expose internal representation by returning ConstraintCached.validators |
MALICIOUS_CODE |
EI_EXPOSE_REP |
110 |
Medium |
org.apache.bval.jsr.ConstraintCached$ConstraintValidatorInfo
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.ConstraintCached$ConstraintValidatorInfo.getSupportedTargets() may expose internal representation by returning ConstraintCached$ConstraintValidatorInfo.supportedTargets |
MALICIOUS_CODE |
EI_EXPOSE_REP |
85 |
Medium |
org.apache.bval.jsr.ConstraintViolationImpl
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.ConstraintViolationImpl.getExecutableParameters() may expose internal representation by returning ConstraintViolationImpl.parameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
136 |
Medium |
| new org.apache.bval.jsr.ConstraintViolationImpl(String, String, Object, Object, Path, Object, ConstraintDescriptor, Class, ElementType, Object, Object[]) may expose internal representation by storing an externally mutable object into ConstraintViolationImpl.parameters |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
| Class org.apache.bval.jsr.ConstraintViolationImpl defines non-transient non-serializable instance field constraintDescriptor |
BAD_PRACTICE |
SE_BAD_FIELD |
|
Medium |
org.apache.bval.jsr.DefaultMessageInterpolator
| Bug |
Category |
Details |
Line |
Priority |
| Return value of putIfAbsent is ignored, but method is reused in org.apache.bval.jsr.DefaultMessageInterpolator.getToStringMethod(Object) |
MT_CORRECTNESS |
RV_RETURN_VALUE_OF_PUTIFABSENT_IGNORED |
333 |
High |
org.apache.bval.jsr.DefaultValidationProviderResolver
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.bval.jsr.DefaultValidationProviderResolver.getValidationProviders(): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
59 |
High |
org.apache.bval.jsr.GraphContext
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.GraphContext.getValidatorContext() may expose internal representation by returning GraphContext.validatorContext |
MALICIOUS_CODE |
EI_EXPOSE_REP |
55 |
Medium |
org.apache.bval.jsr.ParticipantFactory
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.bval.jsr.ParticipantFactory.read(URL): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
93 |
High |
org.apache.bval.jsr.descriptor.BeanD
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.descriptor.BeanD.getConstrainedConstructors() may expose internal representation by returning BeanD.constrainedConstructors |
MALICIOUS_CODE |
EI_EXPOSE_REP |
116 |
Medium |
| org.apache.bval.jsr.descriptor.BeanD.getConstrainedProperties() may expose internal representation by returning BeanD.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
86 |
Medium |
org.apache.bval.jsr.descriptor.CascadableContainerD
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.descriptor.CascadableContainerD.getConstrainedContainerElementTypes() may expose internal representation by returning CascadableContainerD.containerElementTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
68 |
Medium |
| org.apache.bval.jsr.descriptor.CascadableContainerD.getGroupConversions() may expose internal representation by returning CascadableContainerD.groupConversions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
63 |
Medium |
org.apache.bval.jsr.descriptor.ConstraintD
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.descriptor.ConstraintD at new org.apache.bval.jsr.descriptor.ConstraintD(Annotation, Scope, Meta, ApacheValidatorFactory) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
91 |
Medium |
| org.apache.bval.jsr.descriptor.ConstraintD.getAttributes() may expose internal representation by returning ConstraintD.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
125 |
Medium |
| org.apache.bval.jsr.descriptor.ConstraintD.getComposingConstraints() may expose internal representation by returning ConstraintD.composingConstraints |
MALICIOUS_CODE |
EI_EXPOSE_REP |
130 |
Medium |
| org.apache.bval.jsr.descriptor.ConstraintD.getConstraintValidatorClasses() may expose internal representation by returning ConstraintD.constraintValidatorClasses |
MALICIOUS_CODE |
EI_EXPOSE_REP |
120 |
Medium |
| org.apache.bval.jsr.descriptor.ConstraintD.getGroups() may expose internal representation by returning ConstraintD.groups |
MALICIOUS_CODE |
EI_EXPOSE_REP |
110 |
Medium |
| org.apache.bval.jsr.descriptor.ConstraintD.getPayload() may expose internal representation by returning ConstraintD.payload |
MALICIOUS_CODE |
EI_EXPOSE_REP |
115 |
Medium |
org.apache.bval.jsr.descriptor.ElementD
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.descriptor.ElementD.getConstraintDescriptors() may expose internal representation by returning ElementD.constraints |
MALICIOUS_CODE |
EI_EXPOSE_REP |
98 |
Medium |
org.apache.bval.jsr.descriptor.ExecutableD
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.descriptor.ExecutableD.getParameterDescriptors() may expose internal representation by returning ExecutableD.parameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
60 |
Medium |
org.apache.bval.jsr.descriptor.ParameterD
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.descriptor.ParameterD at new org.apache.bval.jsr.descriptor.ParameterD(Meta$ForParameter, int, MetadataReader$ForContainer, ExecutableD) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
49 |
Medium |
org.apache.bval.jsr.descriptor.ReturnValueD
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.descriptor.ReturnValueD at new org.apache.bval.jsr.descriptor.ReturnValueD(MetadataReader$ForContainer, ExecutableD) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
62 |
Medium |
| org.apache.bval.jsr.descriptor.ReturnValueD.getConstraintDescriptors() may expose internal representation by returning ReturnValueD.constraints |
MALICIOUS_CODE |
EI_EXPOSE_REP |
96 |
Medium |
org.apache.bval.jsr.groups.Group$Sequence
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.groups.Group$Sequence doesn't override GroupStrategy$Composite.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
org.apache.bval.jsr.groups.GroupConversion
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.groups.GroupConversion.equals(Object) is unusual |
STYLE |
EQ_UNUSUAL |
71 |
Medium |
org.apache.bval.jsr.groups.GroupStrategy$Simple
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.groups.GroupStrategy$Simple.getGroups() may expose internal representation by returning GroupStrategy$Simple.groups |
MALICIOUS_CODE |
EI_EXPOSE_REP |
46 |
Medium |
org.apache.bval.jsr.groups.GroupsComputer
| Bug |
Category |
Details |
Line |
Priority |
| Call to java.util.Arrays$ArrayList.equals(java.util.Set<org.apache.bval.jsr.groups.Group>) in org.apache.bval.jsr.groups.GroupsComputer.computeGroups(Stream) |
CORRECTNESS |
EC_UNRELATED_TYPES |
169 |
High |
| org.apache.bval.jsr.groups.GroupsComputer.DEFAULT_GROUP is a mutable array |
MALICIOUS_CODE |
MS_MUTABLE_ARRAY |
47 |
High |
org.apache.bval.jsr.job.ConstraintValidatorContextImpl$ConstraintViolationBuilderImpl
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.job.ConstraintValidatorContextImpl$ConstraintViolationBuilderImpl.addConstraintViolation(PathImpl) may expose internal representation by returning ConstraintValidatorContextImpl$ConstraintViolationBuilderImpl.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP |
111 |
Medium |
org.apache.bval.jsr.job.ValidateExecutable
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateExecutable at new org.apache.bval.jsr.job.ValidateExecutable(ApacheFactoryContext, Class[], Meta) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
51 |
Medium |
org.apache.bval.jsr.job.ValidateParameters
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateParameters at new org.apache.bval.jsr.job.ValidateParameters(ApacheFactoryContext, Object, Executable, Object[], Class[], Meta) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
170 |
Medium |
org.apache.bval.jsr.job.ValidateParameters$ForMethod
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateParameters$ForMethod at new org.apache.bval.jsr.job.ValidateParameters$ForMethod(ApacheFactoryContext, Object, Method, Object[], Class[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
61 |
Medium |
org.apache.bval.jsr.job.ValidateReturnValue
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateReturnValue at new org.apache.bval.jsr.job.ValidateReturnValue(ApacheFactoryContext, Meta, Object, Class[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
121 |
Medium |
org.apache.bval.jsr.job.ValidateReturnValue$ForConstructor
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateReturnValue$ForConstructor at new org.apache.bval.jsr.job.ValidateReturnValue$ForConstructor(ApacheFactoryContext, Constructor, Object, Class[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
84 |
Medium |
org.apache.bval.jsr.job.ValidateReturnValue$ForMethod
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.job.ValidateReturnValue$ForMethod at new org.apache.bval.jsr.job.ValidateReturnValue$ForMethod(ApacheFactoryContext, Object, Method, Object, Class[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
org.apache.bval.jsr.metadata.ContainerElementKey
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.metadata.ContainerElementKey.equals(Object) is unusual |
STYLE |
EQ_UNUSUAL |
153 |
Medium |
org.apache.bval.jsr.metadata.Signature
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.metadata.Signature.equals(Object) is unusual |
STYLE |
EQ_UNUSUAL |
68 |
Medium |
org.apache.bval.jsr.metadata.ValidatorMapping
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.metadata.ValidatorMapping.getValidatorTypes() may expose internal representation by returning ValidatorMapping.validatorTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
79 |
Medium |
org.apache.bval.jsr.util.AnnotationProxy
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.util.AnnotationProxy at new org.apache.bval.jsr.util.AnnotationProxy(AnnotationProxyBuilder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
66 |
Medium |
org.apache.bval.jsr.util.AnnotationProxyBuilder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.util.AnnotationProxyBuilder.getMethods() may expose internal representation by returning AnnotationProxyBuilder.methods |
MALICIOUS_CODE |
EI_EXPOSE_REP |
81 |
Medium |
org.apache.bval.jsr.util.AnnotationsManager$Composition
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.util.AnnotationsManager$Composition at new org.apache.bval.jsr.util.AnnotationsManager$Composition(AnnotationsManager, Class) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
141 |
Medium |
org.apache.bval.jsr.util.NodeBuilderDefinedContextImpl
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.bval.jsr.util.NodeBuilderDefinedContextImpl(PathImpl, ConstraintValidatorContextImpl$ConstraintViolationBuilderImpl) may expose internal representation by storing an externally mutable object into NodeBuilderDefinedContextImpl.path |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
org.apache.bval.jsr.util.NodeImpl
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.util.NodeImpl.getParameterTypes() may expose internal representation by returning NodeImpl.parameterTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
372 |
Medium |
| org.apache.bval.jsr.util.NodeImpl.setParameterTypes(List) may expose internal representation by storing an externally mutable object into NodeImpl.parameterTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
376 |
Medium |
org.apache.bval.jsr.util.PathImpl$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.util.PathImpl$Builder.result() may expose internal representation by returning PathImpl$Builder.result |
MALICIOUS_CODE |
EI_EXPOSE_REP |
85 |
Medium |
org.apache.bval.jsr.util.PathNavigation
| Bug |
Category |
Details |
Line |
Priority |
| Switch statement found in org.apache.bval.jsr.util.PathNavigation.parse(CharSequence, PathNavigation$PathPosition) where one case falls through to the next case |
STYLE |
SF_SWITCH_FALLTHROUGH |
203 |
Medium |
org.apache.bval.jsr.valueextraction.ValueExtractors
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.valueextraction.ValueExtractors.<static initializer for ValueExtractors>() may fail to clean up java.io.InputStream |
EXPERIMENTAL |
OBL_UNSATISFIED_OBLIGATION |
120 |
Medium |
| org.apache.bval.jsr.valueextraction.ValueExtractors.<static initializer for ValueExtractors>() may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
120 |
Medium |
org.apache.bval.jsr.xml.AnnotationType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.AnnotationType.getElement() may expose internal representation by returning AnnotationType.element |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
org.apache.bval.jsr.xml.BeanType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.BeanType.getClassType() may expose internal representation by returning BeanType.classType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
| org.apache.bval.jsr.xml.BeanType.getConstructor() may expose internal representation by returning BeanType.constructor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
182 |
Medium |
| org.apache.bval.jsr.xml.BeanType.getField() may expose internal representation by returning BeanType.field |
MALICIOUS_CODE |
EI_EXPOSE_REP |
118 |
Medium |
| org.apache.bval.jsr.xml.BeanType.getGetter() may expose internal representation by returning BeanType.getter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
150 |
Medium |
| org.apache.bval.jsr.xml.BeanType.getMethod() may expose internal representation by returning BeanType.method |
MALICIOUS_CODE |
EI_EXPOSE_REP |
214 |
Medium |
| org.apache.bval.jsr.xml.BeanType.setClassType(ClassType) may expose internal representation by storing an externally mutable object into BeanType.classType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
org.apache.bval.jsr.xml.ClassType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ClassType.getConstraint() may expose internal representation by returning ClassType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
106 |
Medium |
org.apache.bval.jsr.xml.ConstraintDefinitionType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ConstraintDefinitionType.getValidatedBy() may expose internal representation by returning ConstraintDefinitionType.validatedBy |
MALICIOUS_CODE |
EI_EXPOSE_REP |
57 |
Medium |
| org.apache.bval.jsr.xml.ConstraintDefinitionType.setValidatedBy(ValidatedByType) may expose internal representation by storing an externally mutable object into ConstraintDefinitionType.validatedBy |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
69 |
Medium |
org.apache.bval.jsr.xml.ConstraintMappingsType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ConstraintMappingsType.getBean() may expose internal representation by returning ConstraintMappingsType.bean |
MALICIOUS_CODE |
EI_EXPOSE_REP |
113 |
Medium |
| org.apache.bval.jsr.xml.ConstraintMappingsType.getConstraintDefinition() may expose internal representation by returning ConstraintMappingsType.constraintDefinition |
MALICIOUS_CODE |
EI_EXPOSE_REP |
145 |
Medium |
org.apache.bval.jsr.xml.ConstraintType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ConstraintType.getElement() may expose internal representation by returning ConstraintType.element |
MALICIOUS_CODE |
EI_EXPOSE_REP |
158 |
Medium |
org.apache.bval.jsr.xml.ConstructorType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ConstructorType.getCrossParameter() may expose internal representation by returning ConstructorType.crossParameter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
98 |
Medium |
| org.apache.bval.jsr.xml.ConstructorType.getParameter() may expose internal representation by returning ConstructorType.parameter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
86 |
Medium |
| org.apache.bval.jsr.xml.ConstructorType.getReturnValue() may expose internal representation by returning ConstructorType.returnValue |
MALICIOUS_CODE |
EI_EXPOSE_REP |
122 |
Medium |
| org.apache.bval.jsr.xml.ConstructorType.setCrossParameter(CrossParameterType) may expose internal representation by storing an externally mutable object into ConstructorType.crossParameter |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
110 |
Medium |
| org.apache.bval.jsr.xml.ConstructorType.setReturnValue(ReturnValueType) may expose internal representation by storing an externally mutable object into ConstructorType.returnValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
134 |
Medium |
org.apache.bval.jsr.xml.ContainerElementTypeType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ContainerElementTypeType.getConstraint() may expose internal representation by returning ContainerElementTypeType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
183 |
Medium |
| org.apache.bval.jsr.xml.ContainerElementTypeType.getContainerElementType() may expose internal representation by returning ContainerElementTypeType.containerElementType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
151 |
Medium |
| org.apache.bval.jsr.xml.ContainerElementTypeType.getConvertGroup() may expose internal representation by returning ContainerElementTypeType.convertGroup |
MALICIOUS_CODE |
EI_EXPOSE_REP |
119 |
Medium |
org.apache.bval.jsr.xml.CrossParameterType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.CrossParameterType.getConstraint() may expose internal representation by returning CrossParameterType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
77 |
Medium |
org.apache.bval.jsr.xml.DefaultValidatedExecutableTypesType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.DefaultValidatedExecutableTypesType.getExecutableType() may expose internal representation by returning DefaultValidatedExecutableTypesType.executableType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
88 |
Medium |
org.apache.bval.jsr.xml.ElementType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ElementType.getContent() may expose internal representation by returning ElementType.content |
MALICIOUS_CODE |
EI_EXPOSE_REP |
90 |
Medium |
org.apache.bval.jsr.xml.FieldType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.FieldType.getConstraint() may expose internal representation by returning FieldType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
180 |
Medium |
| org.apache.bval.jsr.xml.FieldType.getContainerElementType() may expose internal representation by returning FieldType.containerElementType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
148 |
Medium |
| org.apache.bval.jsr.xml.FieldType.getConvertGroup() may expose internal representation by returning FieldType.convertGroup |
MALICIOUS_CODE |
EI_EXPOSE_REP |
116 |
Medium |
org.apache.bval.jsr.xml.GetterType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.GetterType.getConstraint() may expose internal representation by returning GetterType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
180 |
Medium |
| org.apache.bval.jsr.xml.GetterType.getContainerElementType() may expose internal representation by returning GetterType.containerElementType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
148 |
Medium |
| org.apache.bval.jsr.xml.GetterType.getConvertGroup() may expose internal representation by returning GetterType.convertGroup |
MALICIOUS_CODE |
EI_EXPOSE_REP |
116 |
Medium |
org.apache.bval.jsr.xml.GroupSequenceType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.GroupSequenceType.getValue() may expose internal representation by returning GroupSequenceType.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
org.apache.bval.jsr.xml.GroupsType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.GroupsType.getValue() may expose internal representation by returning GroupsType.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
org.apache.bval.jsr.xml.MappingValidator
| Bug |
Category |
Details |
Line |
Priority |
| Dead store to constructors in org.apache.bval.jsr.xml.MappingValidator.applyChecks(BeanType) |
STYLE |
DLS_DEAD_LOCAL_STORE |
88 |
Medium |
org.apache.bval.jsr.xml.MethodType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.MethodType.getCrossParameter() may expose internal representation by returning MethodType.crossParameter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
101 |
Medium |
| org.apache.bval.jsr.xml.MethodType.getParameter() may expose internal representation by returning MethodType.parameter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
89 |
Medium |
| org.apache.bval.jsr.xml.MethodType.getReturnValue() may expose internal representation by returning MethodType.returnValue |
MALICIOUS_CODE |
EI_EXPOSE_REP |
125 |
Medium |
| org.apache.bval.jsr.xml.MethodType.setCrossParameter(CrossParameterType) may expose internal representation by storing an externally mutable object into MethodType.crossParameter |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
113 |
Medium |
| org.apache.bval.jsr.xml.MethodType.setReturnValue(ReturnValueType) may expose internal representation by storing an externally mutable object into MethodType.returnValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
137 |
Medium |
org.apache.bval.jsr.xml.ParameterType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ParameterType.getConstraint() may expose internal representation by returning ParameterType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
180 |
Medium |
| org.apache.bval.jsr.xml.ParameterType.getContainerElementType() may expose internal representation by returning ParameterType.containerElementType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
148 |
Medium |
| org.apache.bval.jsr.xml.ParameterType.getConvertGroup() may expose internal representation by returning ParameterType.convertGroup |
MALICIOUS_CODE |
EI_EXPOSE_REP |
116 |
Medium |
org.apache.bval.jsr.xml.PayloadType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.PayloadType.getValue() may expose internal representation by returning PayloadType.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
org.apache.bval.jsr.xml.ReturnValueType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ReturnValueType.getConstraint() may expose internal representation by returning ReturnValueType.constraint |
MALICIOUS_CODE |
EI_EXPOSE_REP |
177 |
Medium |
| org.apache.bval.jsr.xml.ReturnValueType.getContainerElementType() may expose internal representation by returning ReturnValueType.containerElementType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
145 |
Medium |
| org.apache.bval.jsr.xml.ReturnValueType.getConvertGroup() may expose internal representation by returning ReturnValueType.convertGroup |
MALICIOUS_CODE |
EI_EXPOSE_REP |
113 |
Medium |
org.apache.bval.jsr.xml.SchemaManager
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.bval.jsr.xml.SchemaManager at new org.apache.bval.jsr.xml.SchemaManager(Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
264 |
Medium |
org.apache.bval.jsr.xml.SchemaManager$Key
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.SchemaManager$Key.equals(Object) is unusual |
STYLE |
EQ_UNUSUAL |
98 |
Medium |
org.apache.bval.jsr.xml.ValidatedByType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ValidatedByType.getValue() may expose internal representation by returning ValidatedByType.value |
MALICIOUS_CODE |
EI_EXPOSE_REP |
77 |
Medium |
org.apache.bval.jsr.xml.ValidationConfigType
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.bval.jsr.xml.ValidationConfigType.getConstraintMapping() may expose internal representation by returning ValidationConfigType.constraintMapping |
MALICIOUS_CODE |
EI_EXPOSE_REP |
317 |
Medium |
| org.apache.bval.jsr.xml.ValidationConfigType.getExecutableValidation() may expose internal representation by returning ValidationConfigType.executableValidation |
MALICIOUS_CODE |
EI_EXPOSE_REP |
273 |
Medium |
| org.apache.bval.jsr.xml.ValidationConfigType.getProperty() may expose internal representation by returning ValidationConfigType.property |
MALICIOUS_CODE |
EI_EXPOSE_REP |
349 |
Medium |
| org.apache.bval.jsr.xml.ValidationConfigType.getValueExtractor() may expose internal representation by returning ValidationConfigType.valueExtractor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
261 |
Medium |
| org.apache.bval.jsr.xml.ValidationConfigType.setExecutableValidation(ExecutableValidationType) may expose internal representation by storing an externally mutable object into ValidationConfigType.executableValidation |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
285 |
Medium |
org.apache.bval.util.Lazy
| Bug |
Category |
Details |
Line |
Priority |
| Inconsistent synchronization of org.apache.bval.util.Lazy.value; locked 50% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
58 |
Medium |
org.apache.bval.util.LazyInt
| Bug |
Category |
Details |
Line |
Priority |
| Inconsistent synchronization of org.apache.bval.util.LazyInt.value; locked 66% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
43 |
Medium |
org.apache.bval.util.ObjectUtils
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference of array in org.apache.bval.util.ObjectUtils.arrayAdd(Object[], Object) |
CORRECTNESS |
NP_NULL_ON_SOME_PATH |
89 |
Medium |
