The following document contains the results of FindBugs Report
FindBugs Version is 1.2.0
Threshold is Low
Effort is Default
Classes | Bugs | Errors | Missing Classes |
---|---|---|---|
442 | 95 | 0 | 0 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.bean.EntityObject.getCreationDate() may expose internal representation by returning EntityObject.creationDate | MALICIOUS_CODE | EI_EXPOSE_REP | 31 |
com.atlassian.core.bean.EntityObject.getLastModificationDate() may expose internal representation by returning EntityObject.creationDate | MALICIOUS_CODE | EI_EXPOSE_REP | 41 |
com.atlassian.core.bean.EntityObject.setCreationDate(Date) may expose internal representation by storing an externally mutable object into EntityObject.creationDate | MALICIOUS_CODE | EI_EXPOSE_REP2 | 36 |
com.atlassian.core.bean.EntityObject.setLastModificationDate(Date) may expose internal representation by storing an externally mutable object into EntityObject.lastModificationDate | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 |
Bug | Category | Details | Line |
---|---|---|---|
Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest in com.atlassian.core.filters.AbstractEncodingFilter.doFilter(ServletRequest, ServletResponse, FilterChain) | STYLE | BC_UNCONFIRMED_CAST | 27 |
com.atlassian.core.filters.AbstractEncodingFilter.isNonCachableUri(HttpServletRequest) checks to see if result of String.indexOf is positive | STYLE | RV_CHECK_FOR_POSITIVE_INDEXOF | 113 |
Bug | Category | Details | Line |
---|---|---|---|
The class com.atlassian.core.filters.AbstractEncodingFilter$1 could be refactored into a named _static_ inner class | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC_ANON | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest in com.atlassian.core.filters.AbstractEncodingFilter$WordCurlyQuotesRequestWrapper.WordCurlyQuotesRequestWrapper(AbstractEncodingFilter, ServletRequest) | STYLE | BC_UNCONFIRMED_CAST | 127 |
Should com.atlassian.core.filters.AbstractEncodingFilter$WordCurlyQuotesRequestWrapper.getParameterValues(String) return a zero length array rather than null? | STYLE | PZLA_PREFER_ZERO_LENGTH_ARRAYS | 168 |
Bug | Category | Details | Line |
---|---|---|---|
Result of integer multiplication cast to long in com.atlassian.core.filters.ExpiresFilter.doFilter(ServletRequest, ServletResponse, FilterChain) | STYLE | ICAST_INTEGER_MULTIPLY_CAST_TO_LONG | 39 |
Bug | Category | Details | Line |
---|---|---|---|
Unchecked/unconfirmed cast from javax.servlet.ServletResponse to javax.servlet.http.HttpServletResponse in com.atlassian.core.filters.gzip.GzipFilter.doFilter(ServletRequest, ServletResponse, FilterChain) | STYLE | BC_UNCONFIRMED_CAST | 48 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.propertyset.CachingPropertySet.exists(String) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 425 |
com.atlassian.core.propertyset.CachingPropertySet.getAsActualType(String) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 121 |
Class com.atlassian.core.propertyset.CachingPropertySet defines non-transient non-serializable instance field decoratedPS | BAD_PRACTICE | SE_BAD_FIELD | Not available |
com.atlassian.core.propertyset.CachingPropertySet is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | Not available |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.spool.BufferedFileSpool.spool(InputStream) may fail to close stream on exception | BAD_PRACTICE | OS_OPEN_STREAM_EXCEPTION_PATH | 36 |
Bug | Category | Details | Line |
---|---|---|---|
Should com.atlassian.core.spool.DeferredFileOutputStream.getData() return a zero length array rather than null? | STYLE | PZLA_PREFER_ZERO_LENGTH_ARRAYS | 149 |
Bug | Category | Details | Line |
---|---|---|---|
AbstractErrorQueuedTaskQueue.failed not initialized in constructor | STYLE | UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR | Not available |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.task.AbstractErrorQueuedTaskQueue$TaskDecorator is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | Not available |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.test.util.DuckTypeProxy.THROW isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 62 |
com.atlassian.core.test.util.DuckTypeProxy.RETURN_NULL isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 51 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.test.util.DuckTypeProxy$DuckTypeInvocationHandler.invoke(Object, Method, Object[]) invokes java.lang.reflect.Method.setAccessible(boolean), which should be invoked from within a doPrivileged block | BAD_PRACTICE | DP_DO_INSIDE_DO_PRIVILEGED | 151 |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 47 |
com.atlassian.core.user.BestNameComparator implements Comparator but not Serializable | BAD_PRACTICE | SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 47 |
com.atlassian.core.user.BestNameComparator2 implements Comparator but not Serializable | BAD_PRACTICE | SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 42 |
com.atlassian.core.user.FullNameComparator implements Comparator but not Serializable | BAD_PRACTICE | SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 260 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.user.preferences.DefaultPreferences.DefaultPreferences() invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 55 |
Exception is caught when Exception is not thrown in com.atlassian.core.user.preferences.DefaultPreferences.DefaultPreferences() | STYLE | REC_CATCH_EXCEPTION | 58 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.user.preferences.UserPreferences.UserPreferences(PropertySet, boolean) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 60 |
com.atlassian.core.user.preferences.UserPreferences.UserPreferences(User, boolean) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 79 |
Class com.atlassian.core.user.preferences.UserPreferences defines non-transient non-serializable instance field backingPS | BAD_PRACTICE | SE_BAD_FIELD | Not available |
com.atlassian.core.user.preferences.UserPreferences is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Redundant nullcheck of constructorArgs, which is known to be non-null in com.atlassian.core.util.ClassHelper.instantiateClass(Class, Object[]) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 15 |
Bug | Category | Details | Line |
---|---|---|---|
Redundant nullcheck of urls, which is known to be non-null in com.atlassian.core.util.ClassLoaderUtils.getResources(String, Class) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 167 |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 17 |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 27 |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 352 |
com.atlassian.core.util.DateUtils.getDurationSeconds(String, int, int) checks to see if result of String.indexOf is positive | STYLE | RV_CHECK_FOR_POSITIVE_INDEXOF | 355 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.DateUtils$DateRange.DateRange(Date, Date) may expose internal representation by storing an externally mutable object into DateUtils$DateRange.endDate | MALICIOUS_CODE | EI_EXPOSE_REP2 | 58 |
com.atlassian.core.util.DateUtils$DateRange.DateRange(Date, Date) may expose internal representation by storing an externally mutable object into DateUtils$DateRange.startDate | MALICIOUS_CODE | EI_EXPOSE_REP2 | 57 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.Dom4jUtil.saveDocumentTo(Document, String, String) ignores return value of java.io.File.createNewFile() | CORRECTNESS | RV_RETURN_VALUE_IGNORED | 24 |
Method com.atlassian.core.util.Dom4jUtil.saveDocumentTo(Document, String, String) directly allocates a specific implementation of xml interfaces | STYLE | XFB_XML_FACTORY_BYPASS | 28 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.FileUtils.saveTextFile(String, File) may fail to close stream on exception | BAD_PRACTICE | OS_OPEN_STREAM_EXCEPTION_PATH | 247 |
com.atlassian.core.util.FileUtils.copyFile(InputStream, File, boolean) ignores return value of java.io.File.createNewFile() | CORRECTNESS | RV_RETURN_VALUE_IGNORED | 465 |
com.atlassian.core.util.FileUtils.ensureFileAndPathExist(File) ignores return value of java.io.File.createNewFile() | CORRECTNESS | RV_RETURN_VALUE_IGNORED | 258 |
Bug | Category | Details | Line |
---|---|---|---|
Should com.atlassian.core.util.FilterUtils.verifyStringArray(String[]) return a zero length array rather than null? | STYLE | PZLA_PREFER_ZERO_LENGTH_ARRAYS | 50 |
Bug | Category | Details | Line |
---|---|---|---|
Dead store to htmlCounter in com.atlassian.core.util.HTMLUtils.foundTag(String, int, String, boolean) | STYLE | DLS_DEAD_LOCAL_STORE | 162 |
com.atlassian.core.util.HTMLUtils.stripOuterTags(String, String, boolean) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 52 |
com.atlassian.core.util.HTMLUtils.stripOuterTags(String, List, int) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 60 |
Primitive boxed just to call toString in com.atlassian.core.util.HTMLUtils.stripOuterTags(String, String, boolean) | PERFORMANCE | DM_BOXED_PRIMITIVE_TOSTRING | 52 |
Primitive boxed just to call toString in com.atlassian.core.util.HTMLUtils.stripOuterTags(String, List, int) | PERFORMANCE | DM_BOXED_PRIMITIVE_TOSTRING | 88 |
Primitive boxed just to call toString in com.atlassian.core.util.HTMLUtils.stripOuterTags(String, List, int) | PERFORMANCE | DM_BOXED_PRIMITIVE_TOSTRING | 134 |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 179 |
Private method com.atlassian.core.util.HTMLUtils.stripOuterTags(String, String, boolean) is never called | PERFORMANCE | UPM_UNCALLED_PRIVATE_METHOD | 51-53 |
Unused field: com.atlassian.core.util.HTMLUtils.currentIndex | PERFORMANCE | UUF_UNUSED_FIELD | Not available |
Bug | Category | Details | Line |
---|---|---|---|
ImageInfo.din not initialized in constructor | STYLE | UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 39 |
Redundant nullcheck of displayName1, which is known to be non-null in com.atlassian.core.util.LocaleComparator.compare(Object, Object) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 29 |
Redundant nullcheck of displayName2, which is known to be non-null in com.atlassian.core.util.LocaleComparator.compare(Object, Object) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 33 |
com.atlassian.core.util.LocaleComparator implements Comparator but not Serializable | BAD_PRACTICE | SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | Not available |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.ObjectUtils.hibernateGetClassMethod isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 28 |
Exception is caught when Exception is not thrown in com.atlassian.core.util.ObjectUtils.<static initializer>() | STYLE | REC_CATCH_EXCEPTION | 37 |
Exception is caught when Exception is not thrown in com.atlassian.core.util.ObjectUtils.getTrueClass(Object) | STYLE | REC_CATCH_EXCEPTION | 98 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.PairType is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Inconsistent synchronization of com.atlassian.core.util.ProgressWrapper.currentCount; locked 85% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 47 |
Bug | Category | Details | Line |
---|---|---|---|
Method com.atlassian.core.util.RandomGenerator.randomAlpha() uses the nextDouble method of Random to generate a random integer; using nextInt is more efficient | PERFORMANCE | DM_NEXTINT_VIA_NEXTDOUBLE | 66 |
Method com.atlassian.core.util.RandomGenerator.randomCharacter() uses the nextDouble method of Random to generate a random integer; using nextInt is more efficient | PERFORMANCE | DM_NEXTINT_VIA_NEXTDOUBLE | 54 |
Method com.atlassian.core.util.RandomGenerator.randomDigit() uses the nextDouble method of Random to generate a random integer; using nextInt is more efficient | PERFORMANCE | DM_NEXTINT_VIA_NEXTDOUBLE | 79 |
Bug | Category | Details | Line |
---|---|---|---|
Using notify rather than notifyAll in com.atlassian.core.util.Semaphore.acquire() | MT_CORRECTNESS | NO_NOTIFY_NOT_NOTIFYALL | 85 |
Using notify rather than notifyAll in com.atlassian.core.util.Semaphore.attempt(long) | MT_CORRECTNESS | NO_NOTIFY_NOT_NOTIFYALL | 139 |
Using notify rather than notifyAll in com.atlassian.core.util.Semaphore.release() | MT_CORRECTNESS | NO_NOTIFY_NOT_NOTIFYALL | 152 |
Using notify rather than notifyAll in com.atlassian.core.util.Semaphore.release(long) | MT_CORRECTNESS | NO_NOTIFY_NOT_NOTIFYALL | 178 |
Bug | Category | Details | Line |
---|---|---|---|
Dead store to s in com.atlassian.core.util.StringUtils.splitCommaSeparatedString(String) | STYLE | DLS_DEAD_LOCAL_STORE | 296 |
com.atlassian.core.util.StringUtils.stringCharMappings isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 12 |
Bug | Category | Details | Line |
---|---|---|---|
Exception is caught when Exception is not thrown in com.atlassian.core.util.XMLUtils.getContainedText(Node, String) | STYLE | REC_CATCH_EXCEPTION | 28 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.bean.PagerFilter is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | Not available |
Bug | Category | Details | Line |
---|---|---|---|
Should com.atlassian.core.util.collection.ArrayUtils.add(String[], String) return a zero length array rather than null? | STYLE | PZLA_PREFER_ZERO_LENGTH_ARRAYS | 35 |
Bug | Category | Details | Line |
---|---|---|---|
Confusing to have methods com.atlassian.core.util.filter.FilterChain.addFilter(Filter) and org.apache.log4j.AppenderSkeleton.addFilter(Filter) | BAD_PRACTICE | NM_CONFUSING | 22-23 |
Bug | Category | Details | Line |
---|---|---|---|
Using notify rather than notifyAll in com.atlassian.core.util.thumbnail.SimpleImageConsumer.imageComplete(int) | MT_CORRECTNESS | NO_NOTIFY_NOT_NOTIFYALL | 35 |
Read of unwritten field raster in com.atlassian.core.util.thumbnail.SimpleImageConsumer.setPixels(int, int, int, int, ColorModel, byte[], int, int) | CORRECTNESS | NP_UNWRITTEN_FIELD | 95 |
Unwritten field: com.atlassian.core.util.thumbnail.SimpleImageConsumer.raster | CORRECTNESS | UWF_UNWRITTEN_FIELD | 95 |
Unconditional wait in com.atlassian.core.util.thumbnail.SimpleImageConsumer.getImage() | MT_CORRECTNESS | UW_UNCOND_WAIT | 152 |
Wait not in loop in com.atlassian.core.util.thumbnail.SimpleImageConsumer.getImage() | MT_CORRECTNESS | WA_NOT_IN_LOOP | 152 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.xml.BOMZipFileInputStream.BOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 20 |
com.atlassian.core.util.xml.BOMZipFileInputStream.UTF16BEBOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 17 |
com.atlassian.core.util.xml.BOMZipFileInputStream.UTF16LEBOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 18 |
com.atlassian.core.util.xml.BOMZipFileInputStream.UTF32BEBOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 15 |
com.atlassian.core.util.xml.BOMZipFileInputStream.UTF32LEBOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 16 |
com.atlassian.core.util.xml.BOMZipFileInputStream.UTF8BOMBYTES should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 19 |
com.atlassian.core.util.xml.BOMZipFileInputStream.BOMZipFileInputStream(String) ignores result of java.io.InputStream.skip(long) | BAD_PRACTICE | SR_NOT_CHECKED | 46 |
Bug | Category | Details | Line |
---|---|---|---|
com.atlassian.core.util.zip.FolderArchiver.compressFile(File, ZipOutputStream) may fail to close stream on exception | BAD_PRACTICE | OS_OPEN_STREAM_EXCEPTION_PATH | 65 |
com.atlassian.core.util.zip.FolderArchiver.doArchive() may fail to close stream on exception | BAD_PRACTICE | OS_OPEN_STREAM_EXCEPTION_PATH | 33 |