SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 569 |
541 |
0 |
0 |
org.apache.commons.compress.archivers.ArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.ArchiveInputStream at new org.apache.commons.compress.archivers.ArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
86 |
Medium |
org.apache.commons.compress.archivers.ArchiveStreamFactory
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in org.apache.commons.compress.archivers.ArchiveStreamFactory.detect(InputStream) |
STYLE |
REC_CATCH_EXCEPTION |
291 |
Medium |
org.apache.commons.compress.archivers.ar.ArArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
88 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
116 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(String, long, int, int, int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
132 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
101 |
Medium |
org.apache.commons.compress.archivers.ar.ArArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.archivers.ar.ArArchiveOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ArArchiveOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
org.apache.commons.compress.archivers.arj.ArjArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.arj.ArjArchiveInputStream at new org.apache.commons.compress.archivers.arj.ArjArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
74 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.arj.ArjArchiveInputStream at new org.apache.commons.compress.archivers.arj.ArjArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
90 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
215 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
396 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
228 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
264 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
288 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
352 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
376 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
322 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
158 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
169 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
185 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
199 |
Medium |
| org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream.getNextCPIOEntry() may expose internal representation by returning CpioArchiveInputStream.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
303 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
173 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
121 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
134 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
156 |
Medium |
| new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short, int, String) may expose internal representation by storing an externally mutable object into CpioArchiveOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
148 |
Medium |
| org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream.putArchiveEntry(CpioArchiveEntry) may expose internal representation by storing an externally mutable object into CpioArchiveOutputStream.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
344 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.dump.DumpArchiveEntry.getPermissions() may expose internal representation by returning DumpArchiveEntry.permissions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
570 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveInputStream at new org.apache.commons.compress.archivers.dump.DumpArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
111 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveInputStream at new org.apache.commons.compress.archivers.dump.DumpArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
149 |
Medium |
| org.apache.commons.compress.archivers.dump.DumpArchiveInputStream.getSummary() may expose internal representation by returning DumpArchiveInputStream.summary |
MALICIOUS_CODE |
EI_EXPOSE_REP |
339 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveSummary
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveSummary at new org.apache.commons.compress.archivers.dump.DumpArchiveSummary(byte[], ZipEncoding) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getAccessTime() may expose internal representation by returning SevenZArchiveEntry.accessDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
145 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getCreationTime() may expose internal representation by returning SevenZArchiveEntry.creationDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
240 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getLastModifiedTime() may expose internal representation by returning SevenZArchiveEntry.lastModifiedDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
315 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setAccessTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.accessDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
415 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setCreationTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.creationDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
551 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setLastModifiedTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.lastModifiedDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
646 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
487 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
442 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
456 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, char[], SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
472 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(SeekableByteChannel, String, byte[], boolean, int, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
619 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(SeekableByteChannel, String, byte[], boolean, SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
647 |
Medium |
| Dead store to nid in org.apache.commons.compress.archivers.sevenz.SevenZFile.readPackInfo(ByteBuffer, Archive) |
STYLE |
DLS_DEAD_LOCAL_STORE |
1532 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZFile.initializeArchive(StartHeader, byte[], boolean) may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
1061 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.setSeekableByteChannel(SeekableByteChannel) may expose internal representation by storing an externally mutable object into SevenZFile$Builder.seekableByteChannel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
262 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration at new org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration(SevenZMethod) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
75 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration at new org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration(SevenZMethod, Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
89 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZOutputFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
136 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(File, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
148 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
164 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
181 |
Medium |
| new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel, char[]) may expose internal representation by storing an externally mutable object into SevenZOutputFile.channel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
180 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
565 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
585 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Map, byte[], ZipEncoding, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
530 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Map, byte[], ZipEncoding, boolean, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
548 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
411 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[], ZipEncoding, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
439 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[], ZipEncoding, boolean, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
456 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getCreationTime() may expose internal representation by returning TarArchiveEntry.birthTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
776 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getLastAccessTime() may expose internal representation by returning TarArchiveEntry.aTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
897 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getLastModifiedTime() may expose internal representation by returning TarArchiveEntry.mTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
918 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getSparseHeaders() may expose internal representation by returning TarArchiveEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1079 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getStatusChangeTime() may expose internal representation by returning TarArchiveEntry.cTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1089 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setCreationTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.birthTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1713 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setLastAccessTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.aTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1803 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setSparseHeaders(List) may expose internal representation by storing an externally mutable object into TarArchiveEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1907 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setStatusChangeTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.cTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1917 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.tar.TarArchiveInputStream.getCurrentEntry() may expose internal representation by returning TarArchiveInputStream.currEntry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
347 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveInputStream.getNextTarEntry() may expose internal representation by returning TarArchiveInputStream.currEntry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
482 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
157 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
170 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
185 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
209 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
231 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry at new org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
68 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry.getSparseHeaders() may expose internal representation by returning TarArchiveSparseEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP |
80 |
Medium |
org.apache.commons.compress.archivers.tar.TarFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
222 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
245 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
234 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
288 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel, int, int, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
312 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
255 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
278 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
267 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(byte[], String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
212 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(byte[], boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
201 |
Medium |
| new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel, int, int, String, boolean) may expose internal representation by storing an externally mutable object into TarFile.archive |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
304 |
Medium |
org.apache.commons.compress.archivers.tar.TarUtils
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.tar.TarUtils.parsePaxHeaders(InputStream, List, Map, long) may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
661 |
Medium |
org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream at new org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
42 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream at new org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream(Path, OpenOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
46 |
Medium |
org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator at new org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator(ExecutorService, ScatterGatherBackingStoreSupplier) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
101 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator at new org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator(ExecutorService, ScatterGatherBackingStoreSupplier, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
116 |
Medium |
org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField at new org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField(int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
63 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField at new org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField(int, boolean, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
68 |
Medium |
org.apache.commons.compress.archivers.zip.ScatterZipOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.ScatterZipOutputStream.zipEntryWriter() may expose internal representation by returning ScatterZipOutputStream.zipEntryWriter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
234 |
Medium |
| new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream(ScatterGatherBackingStore, StreamCompressor) may expose internal representation by storing an externally mutable object into ScatterZipOutputStream.backingStore |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
168 |
Medium |
| new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream(ScatterGatherBackingStore, StreamCompressor) may expose internal representation by storing an externally mutable object into ScatterZipOutputStream.streamCompressor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
169 |
Medium |
org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter at new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter(ScatterZipOutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
86 |
Medium |
org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException.getEntry() may expose internal representation by returning UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
124 |
Medium |
| new org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException(UnsupportedZipFeatureException$Feature, ZipArchiveEntry) may expose internal representation by storing an externally mutable object into UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
102 |
Medium |
| new org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException(ZipMethod, ZipArchiveEntry) may expose internal representation by storing an externally mutable object into UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
115 |
Medium |
org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.bitlen |
PERFORMANCE |
URF_UNREAD_FIELD |
334 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.erdData |
PERFORMANCE |
URF_UNREAD_FIELD |
375 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.flags |
PERFORMANCE |
URF_UNREAD_FIELD |
335 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.format |
PERFORMANCE |
URF_UNREAD_FIELD |
332 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.ivData |
PERFORMANCE |
URF_UNREAD_FIELD |
363 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.keyBlob |
PERFORMANCE |
URF_UNREAD_FIELD |
403 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.recipientKeyHash |
PERFORMANCE |
URF_UNREAD_FIELD |
402 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.vCRC32 |
PERFORMANCE |
URF_UNREAD_FIELD |
389 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.vData |
PERFORMANCE |
URF_UNREAD_FIELD |
387 |
Medium |
org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getAccessTime() may expose internal representation by returning X5455_ExtendedTimestamp.accessTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
207 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getCreateTime() may expose internal representation by returning X5455_ExtendedTimestamp.createTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
275 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getModifyTime() may expose internal representation by returning X5455_ExtendedTimestamp.modifyTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
371 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setAccessTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.accessTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
521 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setCreateTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.createTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
569 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setModifyTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.modifyTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
637 |
Medium |
org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField.getDiskStartNumber() may expose internal representation by returning Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP |
149 |
Medium |
| new org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField(ZipEightByteInteger, ZipEightByteInteger, ZipEightByteInteger, ZipLong) may expose internal representation by storing an externally mutable object into Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
97 |
Medium |
| org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField.setDiskStartNumber(ZipLong) may expose internal representation by storing an externally mutable object into Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
305 |
Medium |
org.apache.commons.compress.archivers.zip.ZipArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
317 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
435 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
335 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
387 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, ZipEntry) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
361 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(ZipEntry) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
417 |
Medium |
org.apache.commons.compress.archivers.zip.ZipArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: org.apache.commons.compress.archivers.zip.ZipArchiveInputStream.extraFieldSupport |
PERFORMANCE |
URF_UNREAD_FIELD |
1260 |
Medium |
org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ZipArchiveOutputStream.outputStream |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
417 |
Medium |
org.apache.commons.compress.archivers.zip.ZipFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(File, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
729 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(File, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
753 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
898 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
926 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
931 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, Charset, boolean, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
872 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(Path, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
795 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(Path, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
819 |
Medium |
| Possible null pointer dereference in org.apache.commons.compress.archivers.zip.ZipFile.openZipChannel(Path, long, OpenOption[]) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
531 |
Medium |
org.apache.commons.compress.archivers.zip.ZipFile$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.ZipFile$Builder.setSeekableByteChannel(SeekableByteChannel) may expose internal representation by storing an externally mutable object into ZipFile$Builder.seekableByteChannel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
196 |
Medium |
org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel at new org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel(List) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
273 |
Medium |
org.apache.commons.compress.changes.ChangeSetResults
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.changes.ChangeSetResults.getAddedFromChangeSet() may expose internal representation by returning ChangeSetResults.addedFromChangeSet |
MALICIOUS_CODE |
EI_EXPOSE_REP |
66 |
Medium |
| org.apache.commons.compress.changes.ChangeSetResults.getAddedFromStream() may expose internal representation by returning ChangeSetResults.addedFromStream |
MALICIOUS_CODE |
EI_EXPOSE_REP |
75 |
Medium |
| org.apache.commons.compress.changes.ChangeSetResults.getDeleted() may expose internal representation by returning ChangeSetResults.deleted |
MALICIOUS_CODE |
EI_EXPOSE_REP |
84 |
Medium |
org.apache.commons.compress.compressors.CompressorStreamFactory
| Bug |
Category |
Details |
Line |
Priority |
| Public static org.apache.commons.compress.compressors.CompressorStreamFactory.getSingleton() may expose internal representation by returning CompressorStreamFactory.SINGLETON |
MALICIOUS_CODE |
MS_EXPOSE_REP |
391 |
Medium |
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
266 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
282 |
Medium |
org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
413 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
431 |
Medium |
| new org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream, int) may expose internal representation by storing an externally mutable object into BZip2CompressorOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
438 |
Medium |
| Vacuous iand operation on BZip2CompressorOutputStream.java:[line 850] in org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream.sendMTFValues1(int, int) |
STYLE |
INT_VACUOUS_BIT_OPERATION |
850 |
Medium |
org.apache.commons.compress.compressors.bzip2.BlockSort
| Bug |
Category |
Details |
Line |
Priority |
| Self assignment of field BlockSort.workDone in org.apache.commons.compress.compressors.bzip2.BlockSort.mainSimpleSort(BZip2CompressorOutputStream$Data, int, int, int, int) |
CORRECTNESS |
SA_FIELD_SELF_ASSIGNMENT |
837 |
High |
org.apache.commons.compress.compressors.bzip2.CRC
| Bug |
Category |
Details |
Line |
Priority |
| Self assignment of field CRC.crc in org.apache.commons.compress.compressors.bzip2.CRC.update(int, int) |
CORRECTNESS |
SA_FIELD_SELF_ASSIGNMENT |
79 |
High |
org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
142 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
168 |
Medium |
| org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.getMetaData() may expose internal representation by returning GzipCompressorInputStream.parameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
203 |
Medium |
org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
71 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream(OutputStream, GzipParameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
88 |
Medium |
| new org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream(OutputStream, GzipParameters) may expose internal representation by storing an externally mutable object into GzipCompressorOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
84 |
Medium |
org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
206 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream(OutputStream, Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
217 |
Medium |
| new org.apache.commons.compress.compressors.lz4.BlockLZ4CompressorOutputStream(OutputStream, Parameters) may expose internal representation by storing an externally mutable object into BlockLZ4CompressorOutputStream.os |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
216 |
Medium |
org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
127 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
98 |
Medium |
org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
174 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream(OutputStream, FramedLZ4CompressorOutputStream$Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
189 |
Medium |
| new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream(OutputStream, FramedLZ4CompressorOutputStream$Parameters) may expose internal representation by storing an externally mutable object into FramedLZ4CompressorOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
187 |
Medium |
org.apache.commons.compress.compressors.lz4.XXHash32
| Bug |
Category |
Details |
Line |
Priority |
| The class name org.apache.commons.compress.compressors.lz4.XXHash32 shadows the simple name of the superclass org.apache.commons.codec.digest.XXHash32 |
BAD_PRACTICE |
NM_SAME_SIMPLE_NAME_AS_SUPERCLASS |
36-46 |
High |
org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream at new org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
110 |
Medium |
org.apache.commons.compress.compressors.lz77support.Parameters$Builder
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz77support.Parameters$Builder at new org.apache.commons.compress.compressors.lz77support.Parameters$Builder(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
36 |
Medium |
org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream at new org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
83 |
Medium |
org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(File, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
102 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(File, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
114 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, File, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
134 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
179 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
195 |
Medium |
org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
60 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
71 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
84 |
Medium |
| new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy, Map) may expose internal representation by storing an externally mutable object into Pack200CompressorOutputStream.originalOutput |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
| new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy, Map) may expose internal representation by storing an externally mutable object into Pack200CompressorOutputStream.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream(InputStream, int, FramedSnappyDialect) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
120 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream(InputStream, FramedSnappyDialect) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
141 |
Medium |
org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
75 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream(OutputStream, Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
89 |
Medium |
| new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream(OutputStream, Parameters) may expose internal representation by storing an externally mutable object into FramedSnappyCompressorOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
70 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
84 |
Medium |
org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream(OutputStream, long, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
130 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream(OutputStream, long, Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
144 |
Medium |
| new org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream(OutputStream, long, Parameters) may expose internal representation by storing an externally mutable object into SnappyCompressorOutputStream.os |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
142 |
Medium |
org.apache.commons.compress.compressors.z.ZCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.z.ZCompressorInputStream at new org.apache.commons.compress.compressors.z.ZCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
58 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.z.ZCompressorInputStream at new org.apache.commons.compress.compressors.z.ZCompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
63 |
Medium |
org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream(OutputStream, int, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
88 |
Medium |
org.apache.commons.compress.harmony.pack200.Archive
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.Archive at new org.apache.commons.compress.harmony.pack200.Archive(JarFile, OutputStream, PackingOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
167 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.Archive at new org.apache.commons.compress.harmony.pack200.Archive(JarInputStream, OutputStream, PackingOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
189 |
Medium |
org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getClassAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.classAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
203 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getCodeAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.codeAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
207 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getFieldAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.fieldAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
211 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getMethodAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.methodAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
215 |
Medium |
| new org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands(Segment, int, Attribute[]) may expose internal representation by storing an externally mutable object into AttributeDefinitionBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
84 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.lambda$addAttributeDefinitions$0(int[], int, String, String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
148-159 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BandSet(int, SegmentHeader) may expose internal representation by storing an externally mutable object into BandSet.segmentHeader |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
202 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BandSet.encodeWithPopulationCodec(String, int[], BHSDCodec, BandSet$BandData, BandSet$BandAnalysisResults) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
581-613 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet$BandAnalysisResults
| Bug |
Category |
Details |
Line |
Priority |
| Should org.apache.commons.compress.harmony.pack200.BandSet$BandAnalysisResults be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
36 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet$BandData
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BandSet$BandData(BandSet, int[]) may expose internal representation by storing an externally mutable object into BandSet$BandData.band |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
org.apache.commons.compress.harmony.pack200.BcBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BcBands(CpBands, Segment, int) may expose internal representation by storing an externally mutable object into BcBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
| new org.apache.commons.compress.harmony.pack200.BcBands(CpBands, Segment, int) may expose internal representation by storing an externally mutable object into BcBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
87 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitIntInsn(int, int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
310-320 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitMethodInsn(int, String, String, String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
398-448 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitVarInsn(int, int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
502-521 |
Medium |
org.apache.commons.compress.harmony.pack200.CPClass
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPClass(CPUTF8) may expose internal representation by storing an externally mutable object into CPClass.utf8 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
29 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPClass defines compareTo(CPClass) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
43 |
Medium |
org.apache.commons.compress.harmony.pack200.CPDouble
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPDouble defines compareTo(CPDouble) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
32 |
Medium |
org.apache.commons.compress.harmony.pack200.CPFloat
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPFloat defines compareTo(CPFloat) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
32 |
Medium |
org.apache.commons.compress.harmony.pack200.CPInt
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPInt defines compareTo(CPInt) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
32 |
Medium |
org.apache.commons.compress.harmony.pack200.CPLong
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPLong defines compareTo(CPLong) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
32 |
Medium |
org.apache.commons.compress.harmony.pack200.CPMethodOrField
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField.getClassName() may expose internal representation by returning CPMethodOrField.className |
MALICIOUS_CODE |
EI_EXPOSE_REP |
52 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField.getDesc() may expose internal representation by returning CPMethodOrField.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
56 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPMethodOrField(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into CPMethodOrField.className |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
30 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPMethodOrField(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into CPMethodOrField.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
31 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
36-44 |
Medium |
org.apache.commons.compress.harmony.pack200.CPNameAndType
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPNameAndType(CPUTF8, CPSignature) may expose internal representation by storing an externally mutable object into CPNameAndType.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
28 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPNameAndType(CPUTF8, CPSignature) may expose internal representation by storing an externally mutable object into CPNameAndType.signature |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
29 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPNameAndType defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
34-42 |
Medium |
org.apache.commons.compress.harmony.pack200.CPSignature
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPSignature.getClasses() may expose internal representation by returning CPSignature.classes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
66 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPSignature.getSignatureForm() may expose internal representation by returning CPSignature.signatureForm |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPSignature(String, CPUTF8, List) may expose internal representation by storing an externally mutable object into CPSignature.classes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
34 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPSignature(String, CPUTF8, List) may expose internal representation by storing an externally mutable object into CPSignature.signatureForm |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
33 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPSignature defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
40-62 |
Medium |
org.apache.commons.compress.harmony.pack200.CPString
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPString(CPUTF8) may expose internal representation by storing an externally mutable object into CPString.utf8 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
28 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPString defines compareTo(CPString) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
34 |
Medium |
org.apache.commons.compress.harmony.pack200.CPUTF8
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPUTF8 defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
32 |
Medium |
org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
118 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
125 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
136 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
147 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
158 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
69 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
76 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
87 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
98 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
109 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaSignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
174 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaSignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
181 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
32 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
39 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
46 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
53 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
60 |
Medium |
org.apache.commons.compress.harmony.pack200.ClassBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.ClassBands at new org.apache.commons.compress.harmony.pack200.ClassBands(Segment, int, int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
246 |
Medium |
| new org.apache.commons.compress.harmony.pack200.ClassBands(Segment, int, int, boolean) may expose internal representation by storing an externally mutable object into ClassBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
215 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.ClassBands.addAnnotation(int, String, boolean, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
252-311 |
Medium |
org.apache.commons.compress.harmony.pack200.Codec
| Bug |
Category |
Details |
Line |
Priority |
| Primitive field org.apache.commons.compress.harmony.pack200.Codec.lastBandLength is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
BAD_PRACTICE |
PA_PUBLIC_PRIMITIVE_ATTRIBUTE |
146 |
Medium |
org.apache.commons.compress.harmony.pack200.CodecEncoding
| Bug |
Category |
Details |
Line |
Priority |
| Useless condition: it's known that value >= 117 ('u') at this point |
STYLE |
UC_USELESS_CONDITION |
122 |
Medium |
| Useless condition: it's known that value >= 141 (0x8d) at this point |
STYLE |
UC_USELESS_CONDITION |
148 |
Medium |
org.apache.commons.compress.harmony.pack200.CpBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CpBands(Segment, int) may expose internal representation by storing an externally mutable object into CpBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
67 |
Medium |
org.apache.commons.compress.harmony.pack200.FileBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.FileBands(CpBands, SegmentHeader, PackingOptions, Archive$SegmentUnit, int) may expose internal representation by storing an externally mutable object into FileBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
52 |
Medium |
| new org.apache.commons.compress.harmony.pack200.FileBands(CpBands, SegmentHeader, PackingOptions, Archive$SegmentUnit, int) may expose internal representation by storing an externally mutable object into FileBands.options |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
51 |
Medium |
org.apache.commons.compress.harmony.pack200.IcBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.IcBands(SegmentHeader, CpBands, int) may expose internal representation by storing an externally mutable object into IcBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
org.apache.commons.compress.harmony.pack200.IcBands$IcTuple
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.IcBands$IcTuple defines equals and uses Object.hashCode() |
BAD_PRACTICE |
HE_EQUALS_USE_HASHCODE |
55-59 |
Medium |
org.apache.commons.compress.harmony.pack200.IntList
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.IntList at new org.apache.commons.compress.harmony.pack200.IntList() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
36 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.IntList at new org.apache.commons.compress.harmony.pack200.IntList(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
46 |
Medium |
org.apache.commons.compress.harmony.pack200.MetadataBandGroup
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.MetadataBandGroup(String, int, CpBands, SegmentHeader, int) may expose internal representation by storing an externally mutable object into MetadataBandGroup.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
71 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.MetadataBandGroup.addAnnotation(String, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
96-127 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.MetadataBandGroup.addParameterAnnotation(int, int[], IntList, List, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
174-205 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttribute.getBytes() may expose internal representation by returning NewAttribute.contents |
MALICIOUS_CODE |
EI_EXPOSE_REP |
130 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.buf |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
103 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.contents |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
99 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.labels |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
102 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.NewAttribute.addContext(int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
113-124 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.NewAttributeBands at new org.apache.commons.compress.harmony.pack200.NewAttributeBands(int, CpBands, SegmentHeader, AttributeDefinitionBands$AttributeDefinition) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
534 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands.numBackwardsCalls() may expose internal representation by returning NewAttributeBands.backwardsCallCounts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
609 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands(int, CpBands, SegmentHeader, AttributeDefinitionBands$AttributeDefinition) may expose internal representation by storing an externally mutable object into NewAttributeBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
533 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call.getCallable() may expose internal representation by returning NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP |
72 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call(NewAttributeBands, int) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
59 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call.setCallable(NewAttributeBands$Callable) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
90 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable.getBody() may expose internal representation by returning NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
121 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
106 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
105 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
165 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String, NewAttributeBands$Integral) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.previousIntegral |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
173 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String, NewAttributeBands$Integral) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
170 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement(NewAttributeBands) may expose internal representation by storing an externally mutable object into NewAttributeBands$LayoutElement.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
271 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement.getLength(char) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
275-286 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Reference
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Reference(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Reference.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
304 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication at new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication(NewAttributeBands, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
361 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication.getCountElement() may expose internal representation by returning NewAttributeBands$Replication.countElement |
MALICIOUS_CODE |
EI_EXPOSE_REP |
378 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication.getLayoutElements() may expose internal representation by returning NewAttributeBands$Replication.layoutElements |
MALICIOUS_CODE |
EI_EXPOSE_REP |
382 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication(NewAttributeBands, String, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Replication.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
357 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getDefaultCaseBody() may expose internal representation by returning NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP |
435 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getUnionCases() may expose internal representation by returning NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP |
439 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getUnionTag() may expose internal representation by returning NewAttributeBands$Union.unionTag |
MALICIOUS_CODE |
EI_EXPOSE_REP |
443 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
413 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
410 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
412 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase.getBody() may expose internal representation by returning NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
495 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
478 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
477 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
484 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
483 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
482 |
Medium |
org.apache.commons.compress.harmony.pack200.Pack200Adapter
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.Pack200Adapter.properties() may expose internal representation by returning Pack200Adapter.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
63 |
Medium |
org.apache.commons.compress.harmony.pack200.PackingOptions
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.PackingOptions.getUnknownAttributePrototypes() may expose internal representation by returning PackingOptions.unknownAttributeTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
160 |
Medium |
org.apache.commons.compress.harmony.pack200.PackingUtils
| Bug |
Category |
Details |
Line |
Priority |
| Incorrect lazy initialization and update of static field org.apache.commons.compress.harmony.pack200.PackingUtils.fileHandler in org.apache.commons.compress.harmony.pack200.PackingUtils.config(PackingOptions) |
MT_CORRECTNESS |
LI_LAZY_INIT_UPDATE_STATIC |
74-78 |
High |
org.apache.commons.compress.harmony.pack200.PopulationCodec
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.PopulationCodec at new org.apache.commons.compress.harmony.pack200.PopulationCodec(Codec, int, Codec) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
43 |
Medium |
| org.apache.commons.compress.harmony.pack200.PopulationCodec.getFavoured() may expose internal representation by returning PopulationCodec.favoured |
MALICIOUS_CODE |
EI_EXPOSE_REP |
149 |
Medium |
org.apache.commons.compress.harmony.pack200.RunCodec
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.RunCodec at new org.apache.commons.compress.harmony.pack200.RunCodec(int, Codec, Codec) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
38 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.Segment.getAttrBands() may expose internal representation by returning Segment.attributeDefinitionBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
513 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getClassBands() may expose internal representation by returning Segment.classBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
517 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getCpBands() may expose internal representation by returning Segment.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
521 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getCurrentClassReader() may expose internal representation by returning Segment.currentClassReader |
MALICIOUS_CODE |
EI_EXPOSE_REP |
525 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getIcBands() may expose internal representation by returning Segment.icBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
529 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getSegmentHeader() may expose internal representation by returning Segment.segmentHeader |
MALICIOUS_CODE |
EI_EXPOSE_REP |
533 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.pack(Archive$SegmentUnit, OutputStream, PackingOptions) may expose internal representation by storing an externally mutable object into Segment.options |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
550 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.ASM_API isn't final but should be |
MALICIOUS_CODE |
MS_SHOULD_BE_FINAL |
453 |
High |
org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.caseArrayN |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.nameRU |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
50 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.values |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
128 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int, int, String, boolean) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
133 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int, String, boolean) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
141 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentFieldVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentFieldVisitor(Segment) may expose internal representation by storing an externally mutable object into Segment$SegmentFieldVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
242 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentMethodVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentMethodVisitor(Segment) may expose internal representation by storing an externally mutable object into Segment$SegmentMethodVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
288 |
Medium |
org.apache.commons.compress.harmony.pack200.SegmentHeader
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: org.apache.commons.compress.harmony.pack200.SegmentHeader.have_file_modtime; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
97 |
Medium |
| Unread field: org.apache.commons.compress.harmony.pack200.SegmentHeader.have_file_options; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
98 |
Medium |
org.apache.commons.compress.harmony.unpack200.Archive
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.Archive at new org.apache.commons.compress.harmony.unpack200.Archive(InputStream, JarOutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
76 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.Archive at new org.apache.commons.compress.harmony.unpack200.Archive(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
97 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.Archive(InputStream, JarOutputStream) may expose internal representation by storing an externally mutable object into Archive.outputStream |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
77 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttrDefinitionBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.AttrDefinitionBands.getAttributeDefinitionMap() may expose internal representation by returning AttrDefinitionBands.attributeDefinitionMap |
MALICIOUS_CODE |
EI_EXPOSE_REP |
58 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttributeLayout
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayout at new org.apache.commons.compress.harmony.unpack200.AttributeLayout(String, int, String, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
273 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayout at new org.apache.commons.compress.harmony.unpack200.AttributeLayout(String, int, String, int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
285 |
Medium |
| org.apache.commons.compress.harmony.unpack200.AttributeLayout.contextNames should be package protected |
MALICIOUS_CODE |
MS_PKGPROTECT |
215 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap
| Bug |
Category |
Details |
Line |
Priority |
| Questionable cast from Collection to abstract class java.util.List in org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap.checkMap() |
STYLE |
BC_BAD_CAST_TO_ABSTRACT_COLLECTION |
153 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap at new org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
128 |
Medium |
org.apache.commons.compress.harmony.unpack200.BandSet
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.BandSet(Segment) may expose internal representation by storing an externally mutable object into BandSet.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
51 |
Medium |
org.apache.commons.compress.harmony.unpack200.BcBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcByte() may expose internal representation by returning BcBands.bcByte |
MALICIOUS_CODE |
EI_EXPOSE_REP |
91 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcCaseCount() may expose internal representation by returning BcBands.bcCaseCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
95 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcCaseValue() may expose internal representation by returning BcBands.bcCaseValue |
MALICIOUS_CODE |
EI_EXPOSE_REP |
99 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcClassRef() may expose internal representation by returning BcBands.bcClassRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
103 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcDoubleRef() may expose internal representation by returning BcBands.bcDoubleRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
107 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcFieldRef() may expose internal representation by returning BcBands.bcFieldRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
111 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcFloatRef() may expose internal representation by returning BcBands.bcFloatRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
115 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcIMethodRef() may expose internal representation by returning BcBands.bcIMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
119 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcInitRef() may expose internal representation by returning BcBands.bcInitRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
123 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcIntRef() may expose internal representation by returning BcBands.bcIntRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
127 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLabel() may expose internal representation by returning BcBands.bcLabel |
MALICIOUS_CODE |
EI_EXPOSE_REP |
131 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLocal() may expose internal representation by returning BcBands.bcLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP |
135 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLongRef() may expose internal representation by returning BcBands.bcLongRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
139 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcMethodRef() may expose internal representation by returning BcBands.bcMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
143 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcShort() may expose internal representation by returning BcBands.bcShort |
MALICIOUS_CODE |
EI_EXPOSE_REP |
147 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcStringRef() may expose internal representation by returning BcBands.bcStringRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
151 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcSuperField() may expose internal representation by returning BcBands.bcSuperField |
MALICIOUS_CODE |
EI_EXPOSE_REP |
155 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcSuperMethod() may expose internal representation by returning BcBands.bcSuperMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP |
159 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcThisField() may expose internal representation by returning BcBands.bcThisField |
MALICIOUS_CODE |
EI_EXPOSE_REP |
163 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcThisMethod() may expose internal representation by returning BcBands.bcThisMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP |
167 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getMethodByteCodePacked() may expose internal representation by returning BcBands.methodByteCodePacked |
MALICIOUS_CODE |
EI_EXPOSE_REP |
171 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.BcBands.read(InputStream) where one case falls through to the next case |
STYLE |
SF_SWITCH_FALLTHROUGH |
256-264 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscByte |
PERFORMANCE |
URF_UNREAD_FIELD |
419 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscRef |
PERFORMANCE |
URF_UNREAD_FIELD |
416 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscRefSize |
PERFORMANCE |
URF_UNREAD_FIELD |
417 |
Medium |
org.apache.commons.compress.harmony.unpack200.ClassBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassAttributes() may expose internal representation by returning ClassBands.classAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
158 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassFieldCount() may expose internal representation by returning ClassBands.classFieldCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
162 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassFlags() may expose internal representation by returning ClassBands.classAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
179 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassInterfacesInts() may expose internal representation by returning ClassBands.classInterfacesInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
183 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassMethodCount() may expose internal representation by returning ClassBands.classMethodCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
187 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassSuperInts() may expose internal representation by returning ClassBands.classSuperInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
191 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassThisInts() may expose internal representation by returning ClassBands.classThisInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
195 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassVersionMajor() may expose internal representation by returning ClassBands.classVersionMajor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
205 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassVersionMinor() may expose internal representation by returning ClassBands.classVersionMinor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
215 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerCatchPO() may expose internal representation by returning ClassBands.codeHandlerCatchPO |
MALICIOUS_CODE |
EI_EXPOSE_REP |
219 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerClassRCN() may expose internal representation by returning ClassBands.codeHandlerClassRCN |
MALICIOUS_CODE |
EI_EXPOSE_REP |
223 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerCount() may expose internal representation by returning ClassBands.codeHandlerCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
227 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerEndPO() may expose internal representation by returning ClassBands.codeHandlerEndPO |
MALICIOUS_CODE |
EI_EXPOSE_REP |
231 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerStartP() may expose internal representation by returning ClassBands.codeHandlerStartP |
MALICIOUS_CODE |
EI_EXPOSE_REP |
235 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHasAttributes() may expose internal representation by returning ClassBands.codeHasAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
239 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeMaxNALocals() may expose internal representation by returning ClassBands.codeMaxNALocals |
MALICIOUS_CODE |
EI_EXPOSE_REP |
243 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeMaxStack() may expose internal representation by returning ClassBands.codeMaxStack |
MALICIOUS_CODE |
EI_EXPOSE_REP |
247 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldAttributes() may expose internal representation by returning ClassBands.fieldAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
251 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldDescrInts() may expose internal representation by returning ClassBands.fieldDescrInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
255 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldFlags() may expose internal representation by returning ClassBands.fieldAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
275 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getIcLocal() may expose internal representation by returning ClassBands.icLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP |
279 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodAttributes() may expose internal representation by returning ClassBands.methodAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
283 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodDescr() may expose internal representation by returning ClassBands.methodDescr |
MALICIOUS_CODE |
EI_EXPOSE_REP |
287 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodDescrInts() may expose internal representation by returning ClassBands.methodDescrInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
291 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodFlags() may expose internal representation by returning ClassBands.methodAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
311 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getRawClassFlags() may expose internal representation by returning ClassBands.classFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
326 |
Medium |
| Bad comparison of nonnegative value with 0 in org.apache.commons.compress.harmony.unpack200.ClassBands.parseCodeBands(InputStream) |
CORRECTNESS |
INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE |
709 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.ClassBands.parseMetadata(InputStream, String[], int[], int[], String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
927-957 |
Medium |
org.apache.commons.compress.harmony.unpack200.CpBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpClass() may expose internal representation by returning CpBands.cpClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
286 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptor() may expose internal representation by returning CpBands.cpDescriptor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
290 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptorNameInts() may expose internal representation by returning CpBands.cpDescriptorNameInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
294 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptorTypeInts() may expose internal representation by returning CpBands.cpDescriptorTypeInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
298 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpFieldClass() may expose internal representation by returning CpBands.cpFieldClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
302 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpIMethodClass() may expose internal representation by returning CpBands.cpIMethodClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
306 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpInt() may expose internal representation by returning CpBands.cpInt |
MALICIOUS_CODE |
EI_EXPOSE_REP |
310 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpLong() may expose internal representation by returning CpBands.cpLong |
MALICIOUS_CODE |
EI_EXPOSE_REP |
314 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpMethodClass() may expose internal representation by returning CpBands.cpMethodClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
318 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpMethodDescriptor() may expose internal representation by returning CpBands.cpMethodDescriptor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
322 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpSignature() may expose internal representation by returning CpBands.cpSignature |
MALICIOUS_CODE |
EI_EXPOSE_REP |
326 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpUTF8() may expose internal representation by returning CpBands.cpUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_REP |
330 |
Medium |
| Useless object stored in variable list of method org.apache.commons.compress.harmony.unpack200.CpBands.parseCpSignature(InputStream) |
STYLE |
UC_USELESS_OBJECT |
492 |
Medium |
org.apache.commons.compress.harmony.unpack200.FileBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileBits() may expose internal representation by returning FileBands.fileBits |
MALICIOUS_CODE |
EI_EXPOSE_REP |
56 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileModtime() may expose internal representation by returning FileBands.fileModtime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
60 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileName() may expose internal representation by returning FileBands.fileName |
MALICIOUS_CODE |
EI_EXPOSE_REP |
64 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileOptions() may expose internal representation by returning FileBands.fileOptions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
68 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileSize() may expose internal representation by returning FileBands.fileSize |
MALICIOUS_CODE |
EI_EXPOSE_REP |
72 |
Medium |
org.apache.commons.compress.harmony.unpack200.IcBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.IcBands.getIcTuples() may expose internal representation by returning IcBands.icAll |
MALICIOUS_CODE |
EI_EXPOSE_REP |
59 |
Medium |
org.apache.commons.compress.harmony.unpack200.IcTuple
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.IcTuple at new org.apache.commons.compress.harmony.unpack200.IcTuple(String, int, String, String, int, int, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
87 |
Medium |
org.apache.commons.compress.harmony.unpack200.MetadataBandGroup
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.getAttributes() may expose internal representation by returning MetadataBandGroup.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
179 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRiaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.riaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
49 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRipaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.ripaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
53 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRvaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.rvaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
57 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRvpaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.rvpaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
61 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.NewAttributeBands at new org.apache.commons.compress.harmony.unpack200.NewAttributeBands(Segment, AttributeLayout) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
591 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands(Segment, AttributeLayout) may expose internal representation by storing an externally mutable object into NewAttributeBands.attributeLayout |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
590 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call.getCallable() may expose internal representation by returning NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP |
90 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call(NewAttributeBands, int) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call.setCallable(NewAttributeBands$Callable) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
109 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable.getBody() may expose internal representation by returning NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
165 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable(List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
129 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
202 |
Medium |
| Self assignment of value in org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral.addToAttribute(int, NewAttribute) |
STYLE |
SA_LOCAL_SELF_ASSIGNMENT |
241 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$LayoutElement
| Bug |
Category |
Details |
Line |
Priority |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.NewAttributeBands$LayoutElement.getLength(char) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
273-284 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Reference
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Reference(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Reference.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
302 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication at new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication(NewAttributeBands, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
384 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication.getCountElement() may expose internal representation by returning NewAttributeBands$Replication.countElement |
MALICIOUS_CODE |
EI_EXPOSE_REP |
408 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication.getLayoutElements() may expose internal representation by returning NewAttributeBands$Replication.layoutElements |
MALICIOUS_CODE |
EI_EXPOSE_REP |
412 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication(NewAttributeBands, String, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Replication.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
380 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getDefaultCaseBody() may expose internal representation by returning NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP |
486 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getUnionCases() may expose internal representation by returning NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP |
490 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getUnionTag() may expose internal representation by returning NewAttributeBands$Union.unionTag |
MALICIOUS_CODE |
EI_EXPOSE_REP |
494 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
442 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
439 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
441 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
543 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
542 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
548 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
547 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
546 |
Medium |
org.apache.commons.compress.harmony.unpack200.Segment
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.Segment.getSegmentHeader() may expose internal representation by returning Segment.header |
MALICIOUS_CODE |
EI_EXPOSE_REP |
347 |
Medium |
| org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(InputStream) ignores result of java.io.InputStream.read(byte[]) |
BAD_PRACTICE |
RR_NOT_CHECKED |
498 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache.indexesForArrayKey(String[], String) may expose internal representation by returning SegmentConstantPoolArrayCache.lastIndexes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
135 |
Medium |
| org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache.indexesForArrayKey(String[], String) may expose internal representation by storing an externally mutable object into SegmentConstantPoolArrayCache.lastArray |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
139 |
Medium |
| Comparison of String parameter using == or != in org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache.indexesForArrayKey(String[], String) |
BAD_PRACTICE |
ES_COMPARING_PARAMETER_STRING_WITH_EQ |
134 |
High |
org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray(SegmentConstantPoolArrayCache, String[]) may expose internal representation by storing an externally mutable object into SegmentConstantPoolArrayCache$CachedArray.primaryArray |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
| Should org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
44-81 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentHeader
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.SegmentHeader(Segment) may expose internal representation by storing an externally mutable object into SegmentHeader.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
97 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.SegmentHeader.archiveMajor |
PERFORMANCE |
URF_UNREAD_FIELD |
318 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.SegmentHeader.archiveMinor |
PERFORMANCE |
URF_UNREAD_FIELD |
331 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentOptions
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.SegmentOptions at new org.apache.commons.compress.harmony.unpack200.SegmentOptions(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
69 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute(AnnotationsAttribute$ElementValue) may expose internal representation by storing an externally mutable object into AnnotationDefaultAttribute.elementValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
44 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
32 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.elementNames |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
46 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.elementValues |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
47 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.type |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
45 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.Attribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.Attribute(CPUTF8) may expose internal representation by storing an externally mutable object into Attribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
33 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getByteCodeTargets() may expose internal representation by returning ByteCode.byteCodeTargets |
MALICIOUS_CODE |
EI_EXPOSE_REP |
102 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getNestedClassFileEntries() may expose internal representation by returning ByteCode.nested |
MALICIOUS_CODE |
EI_EXPOSE_REP |
115 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getNestedPositions() may expose internal representation by returning ByteCode.nestedPositions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
123 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getRewrite() may expose internal representation by returning ByteCode.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP |
139 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setByteCodeTargets(int[]) may expose internal representation by storing an externally mutable object into ByteCode.byteCodeTargets |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
210 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setNested(ClassFileEntry[]) may expose internal representation by storing an externally mutable object into ByteCode.nested |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
214 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setNestedPositions(int[][]) may expose internal representation by storing an externally mutable object into ByteCode.nestedPositions |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
228 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setRewrite(int[]) may expose internal representation by storing an externally mutable object into ByteCode.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
322 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPClass
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPClass(CPUTF8, int) may expose internal representation by storing an externally mutable object into CPClass.utf8 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
48 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef(CPClass, CPNameAndType, int) may expose internal representation by storing an externally mutable object into CPFieldRef.className |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
39 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef(CPClass, CPNameAndType, int) may expose internal representation by storing an externally mutable object into CPFieldRef.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
40 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPMethod
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.CPMethod doesn't override CPMember.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPString
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPString(CPUTF8, int) may expose internal representation by storing an externally mutable object into CPString.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
36 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
31 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
31 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
30 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into EnclosingMethodAttribute.cpClass |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into EnclosingMethodAttribute.method |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
30 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry.getCatchType() may expose internal representation by returning ExceptionTableEntry.catchType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry(int, int, int, CPClass) may expose internal representation by storing an externally mutable object into ExceptionTableEntry.catchType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute(CPClass[]) may expose internal representation by storing an externally mutable object into ExceptionsAttribute.exceptions |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
52 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
43 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
87 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute(int, int[], int[]) may expose internal representation by storing an externally mutable object into LineNumberTableAttribute.lineNumbers |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute(int, int[], int[]) may expose internal representation by storing an externally mutable object into LineNumberTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
40 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
30 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.descriptors |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.indexes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.lengths |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.names |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
35 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.indexes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.lengths |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.names |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.signatures |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
35 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcByte |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcCaseCount |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcCaseValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
84 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcClassRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
94 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcDoubleRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcFieldRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
95 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcFloatRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
90 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcIMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
97 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcInitRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
103 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcIntRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
89 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLabel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
88 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
87 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLongRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
91 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
96 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcShort |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcStringRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
93 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcSuperField |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
100 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcSuperMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
102 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcThisField |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
99 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcThisMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
101 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.wideByteCodes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
104 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager.setSegment(Segment) may expose internal representation by storing an externally mutable object into OperandManager.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
225 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleAnnotationsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleAnnotationsAttribute(CPUTF8, AnnotationsAttribute$Annotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleAnnotationsAttribute.annotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
35 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute(CPUTF8, RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleParameterAnnotationsAttribute.parameterAnnotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation(AnnotationsAttribute$Annotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation.annotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
39 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute(CPUTF8) may expose internal representation by storing an externally mutable object into SignatureAttribute.signature |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
39 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
30 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute(CPUTF8) may expose internal representation by storing an externally mutable object into SourceFileAttribute.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
40 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
31 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm at new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
312 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm at new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String, int[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
326 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.getRewrite() may expose internal representation by returning ByteCodeForm.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP |
393 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String, int[]) may expose internal representation by storing an externally mutable object into ByteCodeForm.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
325 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.byteCodesByName is a mutable collection which should be package protected |
MALICIOUS_CODE |
MS_MUTABLE_COLLECTION_PKGPROTECT |
32 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.byteCodeArray should be package protected |
MALICIOUS_CODE |
MS_PKGPROTECT |
31 |
Medium |
org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore at new org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
39 |
Medium |
| Exception thrown in class org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore at new org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
54 |
Medium |
org.apache.commons.compress.utils.BoundedArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.utils.BoundedArchiveInputStream at new org.apache.commons.compress.utils.BoundedArchiveInputStream(long, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
45 |
Medium |
org.apache.commons.compress.utils.BoundedInputStream
| Bug |
Category |
Details |
Line |
Priority |
| The class name org.apache.commons.compress.utils.BoundedInputStream shadows the simple name of the superclass org.apache.commons.io.input.BoundedInputStream |
BAD_PRACTICE |
NM_SAME_SIMPLE_NAME_AS_SUPERCLASS |
38-51 |
High |
org.apache.commons.compress.utils.BoundedSeekableByteChannelInputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.BoundedSeekableByteChannelInputStream(long, long, SeekableByteChannel) may expose internal representation by storing an externally mutable object into BoundedSeekableByteChannelInputStream.channel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
org.apache.commons.compress.utils.ByteUtils$OutputStreamByteConsumer
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.ByteUtils$OutputStreamByteConsumer(OutputStream) may expose internal representation by storing an externally mutable object into ByteUtils$OutputStreamByteConsumer.os |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
org.apache.commons.compress.utils.FixedLengthBlockOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.FixedLengthBlockOutputStream(WritableByteChannel, int) may expose internal representation by storing an externally mutable object into FixedLengthBlockOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
138 |
Medium |
|
