FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 1.2.0

Threshold is Low

Effort is Default

Summary

Classes Bugs Errors Missing Classes
431 33 0 0

Files

Class Bugs
com.atlassian.security.auth.trustedapps.UIDGenerator 2
com.atlassian.seraph.auth.DefaultAuthenticator 1
com.atlassian.seraph.config.SecurityConfigImpl 11
com.atlassian.seraph.cookie.EncryptedCookieEncoder 1
com.atlassian.seraph.filter.BaseLoginFilter 2
com.atlassian.seraph.filter.HttpAuthFilter 1
com.atlassian.seraph.filter.SecurityFilter 1
com.atlassian.seraph.filter.TrustedApplicationsFilter 1
com.atlassian.seraph.logout.LogoutServlet 1
com.atlassian.seraph.service.PathService 3
com.atlassian.seraph.service.WebworkService 1
com.atlassian.seraph.util.CachedPathMapper 1
com.atlassian.seraph.util.CookieUtils 1
com.atlassian.seraph.util.EncryptionUtils 4
com.atlassian.seraph.util.PathMapper 1
com.atlassian.seraph.util.XMLUtils 1

com.atlassian.security.auth.trustedapps.UIDGenerator

Bug Category Details Line
Use of non-localized String.toUpperCase() or String.toLowerCase I18N DM_CONVERT_CASE 67
Method com.atlassian.security.auth.trustedapps.UIDGenerator.generateUID() concatenates strings using + in a loop PERFORMANCE SBSC_USE_STRINGBUFFER_CONCATENATION 37

com.atlassian.seraph.auth.DefaultAuthenticator

Bug Category Details Line
com.atlassian.seraph.auth.DefaultAuthenticator is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.config.SecurityConfigImpl

Bug Category Details Line
Redundant nullcheck of com.atlassian.seraph.config.SecurityConfigImpl.instance which is known to be null in com.atlassian.seraph.config.SecurityConfigImpl.getInstance() STYLE RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE 385
Exception is caught when Exception is not thrown in com.atlassian.seraph.config.SecurityConfigImpl.configureAuthenticator(Element) STYLE REC_CATCH_EXCEPTION 128
Exception is caught when Exception is not thrown in com.atlassian.seraph.config.SecurityConfigImpl.configureClass(Element, String) STYLE REC_CATCH_EXCEPTION 173
Exception is caught when Exception is not thrown in com.atlassian.seraph.config.SecurityConfigImpl.configureInterceptors(Element) STYLE REC_CATCH_EXCEPTION 279
Exception is caught when Exception is not thrown in com.atlassian.seraph.config.SecurityConfigImpl.configureServices(Element) STYLE REC_CATCH_EXCEPTION 241
Exception is caught when Exception is not thrown in com.atlassian.seraph.config.SecurityConfigImpl.init() STYLE REC_CATCH_EXCEPTION 99
Class com.atlassian.seraph.config.SecurityConfigImpl defines non-transient non-serializable instance field controller BAD_PRACTICE SE_BAD_FIELD Not available
Class com.atlassian.seraph.config.SecurityConfigImpl defines non-transient non-serializable instance field loginUrlStrategy BAD_PRACTICE SE_BAD_FIELD Not available
Class com.atlassian.seraph.config.SecurityConfigImpl defines non-transient non-serializable instance field roleMapper BAD_PRACTICE SE_BAD_FIELD Not available
com.atlassian.seraph.config.DefaultLoginUrlStrategy stored into non-transient field SecurityConfigImpl.loginUrlStrategy BAD_PRACTICE SE_BAD_FIELD_STORE 112
com.atlassian.seraph.config.SecurityConfigImpl is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.cookie.EncryptedCookieEncoder

Bug Category Details Line
Should com.atlassian.seraph.cookie.EncryptedCookieEncoder.decodePasswordCookie(String, String) return a zero length array rather than null? STYLE PZLA_PREFER_ZERO_LENGTH_ARRAYS 58

com.atlassian.seraph.filter.BaseLoginFilter

Bug Category Details Line
Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest in com.atlassian.seraph.filter.BaseLoginFilter.doFilter(ServletRequest, ServletResponse, FilterChain) STYLE BC_UNCONFIRMED_CAST 93
Comparison of String objects using == or != in com.atlassian.seraph.filter.BaseLoginFilter.doFilter(ServletRequest, ServletResponse, FilterChain) BAD_PRACTICE ES_COMPARING_STRINGS_WITH_EQ 119

com.atlassian.seraph.filter.HttpAuthFilter

Bug Category Details Line
Use of non-localized String.toUpperCase() or String.toLowerCase I18N DM_CONVERT_CASE 41

com.atlassian.seraph.filter.SecurityFilter

Bug Category Details Line
Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest in com.atlassian.seraph.filter.SecurityFilter.doFilter(ServletRequest, ServletResponse, FilterChain) STYLE BC_UNCONFIRMED_CAST 105

com.atlassian.seraph.filter.TrustedApplicationsFilter

Bug Category Details Line
Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest in com.atlassian.seraph.filter.TrustedApplicationsFilter.doFilter(ServletRequest, ServletResponse, FilterChain) STYLE BC_UNCONFIRMED_CAST 96

com.atlassian.seraph.logout.LogoutServlet

Bug Category Details Line
com.atlassian.seraph.logout.LogoutServlet is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.service.PathService

Bug Category Details Line
Redundant nullcheck of constraintMatches, which is known to be non-null in com.atlassian.seraph.service.PathService.getRequiredRoles(String) STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 151
Exception is caught when Exception is not thrown in com.atlassian.seraph.service.PathService.configurePathMapper() STYLE REC_CATCH_EXCEPTION 117
com.atlassian.seraph.service.PathService is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.service.WebworkService

Bug Category Details Line
com.atlassian.seraph.service.WebworkService is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.util.CachedPathMapper

Bug Category Details Line
com.atlassian.seraph.util.CachedPathMapper is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.util.CookieUtils

Bug Category Details Line
Should com.atlassian.seraph.util.CookieUtils.decodePasswordCookie(String, String) return a zero length array rather than null? STYLE PZLA_PREFER_ZERO_LENGTH_ARRAYS 184

com.atlassian.seraph.util.EncryptionUtils

Bug Category Details Line
Method com.atlassian.seraph.util.EncryptionUtils.encodePageNumber(int) uses the nextDouble method of Random to generate a random integer; using nextInt is more efficient PERFORMANCE DM_NEXTINT_VIA_NEXTDOUBLE 182
Method com.atlassian.seraph.util.EncryptionUtils.encodePageNumber(int) uses the nextDouble method of Random to generate a random integer; using nextInt is more efficient PERFORMANCE DM_NEXTINT_VIA_NEXTDOUBLE 183
Possible null pointer dereference in com.atlassian.seraph.util.EncryptionUtils.main(String[]) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 271
Possible null pointer dereference in com.atlassian.seraph.util.EncryptionUtils.main(String[]) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 265

com.atlassian.seraph.util.PathMapper

Bug Category Details Line
com.atlassian.seraph.util.PathMapper is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID Not available

com.atlassian.seraph.util.XMLUtils

Bug Category Details Line
Exception is caught when Exception is not thrown in com.atlassian.seraph.util.XMLUtils.getContainedText(Node, String) STYLE REC_CATCH_EXCEPTION 24