SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.3
Threshold is
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 589 |
568 |
0 |
0 |
org.apache.commons.compress.CompressException
| Bug |
Category |
Details |
Line |
Priority |
| new CompressException(String, Throwable) not thrown in org.apache.commons.compress.CompressException.requireNonNull(Class, Object, Supplier) |
CORRECTNESS |
RV_EXCEPTION_NOT_THROWN |
53 |
High |
org.apache.commons.compress.CompressFilterOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Shared primitive variable "finished" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
112 |
Medium |
org.apache.commons.compress.archivers.ArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Operation on the "bytesRead" shared variable in "ArchiveInputStream" class is not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE |
163 |
Medium |
| Operation on the "bytesRead" shared variable in "ArchiveInputStream" class is not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE |
265 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ArchiveInputStream at new org.apache.commons.compress.archivers.ArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
129 |
Medium |
org.apache.commons.compress.archivers.ArchiveInputStream$ArchiveEntryIOIterator
| Bug |
Category |
Details |
Line |
Priority |
| Inconsistent synchronization of org.apache.commons.compress.archivers.ArchiveInputStream$ArchiveEntryIOIterator.next; locked 42% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
63 |
Medium |
org.apache.commons.compress.archivers.ArchiveStreamFactory
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in org.apache.commons.compress.archivers.ArchiveStreamFactory.detect(InputStream) |
STYLE |
REC_CATCH_EXCEPTION |
285 |
Medium |
org.apache.commons.compress.archivers.ar.ArArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
88 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
116 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(String, long, int, int, int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
132 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.ar.ArArchiveEntry at new org.apache.commons.compress.archivers.ar.ArArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
101 |
Medium |
org.apache.commons.compress.archivers.arj.ArjArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.arj.ArjArchiveInputStream at new org.apache.commons.compress.archivers.arj.ArjArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
76 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.arj.ArjArchiveInputStream at new org.apache.commons.compress.archivers.arj.ArjArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
98 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
215 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
395 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
228 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
264 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
288 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
351 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, String, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
375 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveEntry at new org.apache.commons.compress.archivers.cpio.CpioArchiveEntry(short, Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
321 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
152 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
163 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
179 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
193 |
Medium |
| org.apache.commons.compress.archivers.cpio.CpioArchiveInputStream.getNextCPIOEntry() may expose internal representation by returning CpioArchiveInputStream.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
297 |
Medium |
org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
168 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
118 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
130 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream at new org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream(OutputStream, short, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
151 |
Medium |
| org.apache.commons.compress.archivers.cpio.CpioArchiveOutputStream.putArchiveEntry(CpioArchiveEntry) may expose internal representation by storing an externally mutable object into CpioArchiveOutputStream.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
310 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.dump.DumpArchiveEntry.getPermissions() may expose internal representation by returning DumpArchiveEntry.permissions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
687 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveInputStream at new org.apache.commons.compress.archivers.dump.DumpArchiveInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
114 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveInputStream at new org.apache.commons.compress.archivers.dump.DumpArchiveInputStream(InputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
152 |
Medium |
| org.apache.commons.compress.archivers.dump.DumpArchiveInputStream.getSummary() may expose internal representation by returning DumpArchiveInputStream.summary |
MALICIOUS_CODE |
EI_EXPOSE_REP |
342 |
Medium |
org.apache.commons.compress.archivers.dump.DumpArchiveSummary
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.dump.DumpArchiveSummary at new org.apache.commons.compress.archivers.dump.DumpArchiveSummary(byte[], ZipEncoding) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
org.apache.commons.compress.archivers.jar.JarArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| The method 'matches(byte[], int)' in class 'JarArchiveInputStream' hides a method in class 'ZipArchiveInputStream'. Declare the respective methods non-static or private to eradicate the problem. |
CORRECTNESS |
HSM_HIDING_METHOD |
42 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getAccessTime() may expose internal representation by returning SevenZArchiveEntry.accessDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
146 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getCreationTime() may expose internal representation by returning SevenZArchiveEntry.creationDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
241 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.getLastModifiedTime() may expose internal representation by returning SevenZArchiveEntry.lastModifiedDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
316 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setAccessTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.accessDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
432 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setCreationTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.creationDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
568 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZArchiveEntry.setLastModifiedTime(FileTime) may expose internal representation by storing an externally mutable object into SevenZArchiveEntry.lastModifiedDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
663 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
527 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
482 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
496 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(File, char[], SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
512 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(SeekableByteChannel, String, byte[], boolean, int, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
659 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZFile at new org.apache.commons.compress.archivers.sevenz.SevenZFile(SeekableByteChannel, String, byte[], boolean, SevenZFileOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
687 |
Medium |
| org.apache.commons.compress.archivers.sevenz.SevenZFile.initializeArchive(StartHeader, byte[], boolean) may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
1113 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.sevenz.SevenZFile$Builder.setSeekableByteChannel(SeekableByteChannel) may expose internal representation by storing an externally mutable object into SevenZFile$Builder.seekableByteChannel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
302 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration at new org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration(SevenZMethod) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
77 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration at new org.apache.commons.compress.archivers.sevenz.SevenZMethodConfiguration(SevenZMethod, Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
91 |
Medium |
org.apache.commons.compress.archivers.sevenz.SevenZOutputFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
138 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(File, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
150 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
166 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.sevenz.SevenZOutputFile at new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel, char[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
183 |
Medium |
| new org.apache.commons.compress.archivers.sevenz.SevenZOutputFile(SeekableByteChannel, char[]) may expose internal representation by storing an externally mutable object into SevenZOutputFile.channel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
182 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
563 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
583 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Map, byte[], ZipEncoding, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
528 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(Map, byte[], ZipEncoding, boolean, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
546 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
409 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[], ZipEncoding, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
437 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveEntry at new org.apache.commons.compress.archivers.tar.TarArchiveEntry(byte[], ZipEncoding, boolean, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
454 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getCreationTime() may expose internal representation by returning TarArchiveEntry.birthTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
772 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getLastAccessTime() may expose internal representation by returning TarArchiveEntry.aTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
890 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getLastModifiedTime() may expose internal representation by returning TarArchiveEntry.mTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
911 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getSparseHeaders() may expose internal representation by returning TarArchiveEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1071 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.getStatusChangeTime() may expose internal representation by returning TarArchiveEntry.cTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
1081 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setCreationTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.birthTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1725 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setLastAccessTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.aTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1815 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setSparseHeaders(List) may expose internal representation by storing an externally mutable object into TarArchiveEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1918 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveEntry.setStatusChangeTime(FileTime) may expose internal representation by storing an externally mutable object into TarArchiveEntry.cTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
1928 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| This write of the 64-bit primitive variable "entryOffset" may not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_64BIT_PRIMITIVE |
440 |
Medium |
| This write of the 64-bit primitive variable "entrySize" may not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_64BIT_PRIMITIVE |
441 |
Medium |
| This write of the 64-bit primitive variable "entryOffset" may not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_64BIT_PRIMITIVE |
643 |
Medium |
| Operation on the "currentSparseInputStreamIndex" shared variable in "TarArchiveInputStream" class is not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE |
722 |
Medium |
| Operation on the "entryOffset" shared variable in "TarArchiveInputStream" class is not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE |
792 |
Medium |
| Operation on the "currentSparseInputStreamIndex" shared variable in "TarArchiveInputStream" class is not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_OPERATIONS_ON_SHARED_VARIABLE |
829 |
Medium |
| Shared primitive variable "currentSparseInputStreamIndex" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
261 |
Medium |
| Shared primitive variable "atEof" in one thread may not yield the value of the most recent write from another thread |
MT_CORRECTNESS |
AT_STALE_THREAD_WRITE_OF_PRIMITIVE |
753 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveInputStream.getCurrentEntry() may expose internal representation by returning TarArchiveInputStream.currEntry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
364 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveInputStream.getNextTarEntry() may expose internal representation by returning TarArchiveInputStream.currEntry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
485 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
147 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
160 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
175 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
200 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveOutputStream at new org.apache.commons.compress.archivers.tar.TarArchiveOutputStream(OutputStream, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
222 |
Medium |
org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry at new org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
68 |
Medium |
| org.apache.commons.compress.archivers.tar.TarArchiveSparseEntry.getSparseHeaders() may expose internal representation by returning TarArchiveSparseEntry.sparseHeaders |
MALICIOUS_CODE |
EI_EXPOSE_REP |
80 |
Medium |
org.apache.commons.compress.archivers.tar.TarFile
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
224 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
247 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(File, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
236 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
290 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel, int, int, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
314 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
257 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
280 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(Path, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
269 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(byte[], String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
214 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.tar.TarFile at new org.apache.commons.compress.archivers.tar.TarFile(byte[], boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
203 |
Medium |
| new org.apache.commons.compress.archivers.tar.TarFile(SeekableByteChannel, int, int, String, boolean) may expose internal representation by storing an externally mutable object into TarFile.archive |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
306 |
Medium |
org.apache.commons.compress.archivers.tar.TarUtils
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.tar.TarUtils.parsePaxHeaders(InputStream, List, Map, long) may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
654 |
Medium |
org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Inconsistent synchronization of org.apache.commons.compress.archivers.zip.FileRandomAccessOutputStream.position; locked 60% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
76 |
Medium |
org.apache.commons.compress.archivers.zip.JarMarker
| Bug |
Category |
Details |
Line |
Priority |
| Class (org.apache.commons.compress.archivers.zip.JarMarker) using singleton design pattern has non-private constructor. |
CORRECTNESS |
SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR |
46-48 |
Medium |
org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator at new org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator(ExecutorService, ScatterGatherBackingStoreSupplier) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
104 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator at new org.apache.commons.compress.archivers.zip.ParallelScatterZipCreator(ExecutorService, ScatterGatherBackingStoreSupplier, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
119 |
Medium |
org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField at new org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField(int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
82 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField at new org.apache.commons.compress.archivers.zip.ResourceAlignmentExtraField(int, boolean, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
94 |
Medium |
org.apache.commons.compress.archivers.zip.ScatterZipOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.ScatterZipOutputStream.zipEntryWriter() may expose internal representation by returning ScatterZipOutputStream.zipEntryWriter |
MALICIOUS_CODE |
EI_EXPOSE_REP |
265 |
Medium |
| new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream(ScatterGatherBackingStore, StreamCompressor) may expose internal representation by storing an externally mutable object into ScatterZipOutputStream.backingStore |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
195 |
Medium |
| new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream(ScatterGatherBackingStore, StreamCompressor) may expose internal representation by storing an externally mutable object into ScatterZipOutputStream.streamCompressor |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
196 |
Medium |
org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter at new org.apache.commons.compress.archivers.zip.ScatterZipOutputStream$ZipEntryWriter(ScatterZipOutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
97 |
Medium |
org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException.getEntry() may expose internal representation by returning UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP |
126 |
Medium |
| new org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException(UnsupportedZipFeatureException$Feature, ZipArchiveEntry) may expose internal representation by storing an externally mutable object into UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
104 |
Medium |
| new org.apache.commons.compress.archivers.zip.UnsupportedZipFeatureException(ZipMethod, ZipArchiveEntry) may expose internal representation by storing an externally mutable object into UnsupportedZipFeatureException.entry |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
117 |
Medium |
org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.bitlen |
PERFORMANCE |
URF_UNREAD_FIELD |
340 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.erdData |
PERFORMANCE |
URF_UNREAD_FIELD |
381 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.flags |
PERFORMANCE |
URF_UNREAD_FIELD |
341 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.format |
PERFORMANCE |
URF_UNREAD_FIELD |
338 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.ivData |
PERFORMANCE |
URF_UNREAD_FIELD |
369 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.keyBlob |
PERFORMANCE |
URF_UNREAD_FIELD |
409 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.recipientKeyHash |
PERFORMANCE |
URF_UNREAD_FIELD |
408 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.vCRC32 |
PERFORMANCE |
URF_UNREAD_FIELD |
395 |
Medium |
| Unread field: org.apache.commons.compress.archivers.zip.X0017_StrongEncryptionHeader.vData |
PERFORMANCE |
URF_UNREAD_FIELD |
393 |
Medium |
org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getAccessTime() may expose internal representation by returning X5455_ExtendedTimestamp.accessTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
202 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getCreateTime() may expose internal representation by returning X5455_ExtendedTimestamp.createTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
270 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.getModifyTime() may expose internal representation by returning X5455_ExtendedTimestamp.modifyTime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
366 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setAccessTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.accessTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
516 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setCreateTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.createTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
564 |
Medium |
| org.apache.commons.compress.archivers.zip.X5455_ExtendedTimestamp.setModifyTime(ZipLong) may expose internal representation by storing an externally mutable object into X5455_ExtendedTimestamp.modifyTime |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
632 |
Medium |
org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField.getDiskStartNumber() may expose internal representation by returning Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP |
148 |
Medium |
| new org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField(ZipEightByteInteger, ZipEightByteInteger, ZipEightByteInteger, ZipLong) may expose internal representation by storing an externally mutable object into Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
96 |
Medium |
| org.apache.commons.compress.archivers.zip.Zip64ExtendedInformationExtraField.setDiskStartNumber(ZipLong) may expose internal representation by storing an externally mutable object into Zip64ExtendedInformationExtraField.diskStart |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
304 |
Medium |
org.apache.commons.compress.archivers.zip.ZipArchiveEntry
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
341 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
445 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, File, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
359 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, Path, String, LinkOption[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
385 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(Function, ZipEntry) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
421 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipArchiveEntry at new org.apache.commons.compress.archivers.zip.ZipArchiveEntry(ZipEntry) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
493 |
Medium |
org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.archivers.zip.ZipArchiveOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ZipArchiveOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
422 |
Medium |
org.apache.commons.compress.archivers.zip.ZipEncodingHelper
| Bug |
Category |
Details |
Line |
Priority |
| Do not catch NullPointerException like in org.apache.commons.compress.archivers.zip.ZipEncodingHelper.toSafeCharset(String) |
STYLE |
DCN_NULLPOINTER_EXCEPTION |
105 |
Medium |
org.apache.commons.compress.archivers.zip.ZipFile
| Bug |
Category |
Details |
Line |
Priority |
| This write of the 64-bit primitive variable "centralDirectoryStartOffset" may not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_64BIT_PRIMITIVE |
1350 |
Medium |
| This write of the 64-bit primitive variable "firstLocalFileHeaderOffset" may not atomic |
MT_CORRECTNESS |
AT_NONATOMIC_64BIT_PRIMITIVE |
1412 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(File, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
788 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(File, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
812 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
957 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
985 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, String, boolean, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
990 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(SeekableByteChannel, String, Charset, boolean, boolean, boolean, IOFunction) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
931 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(Path, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
854 |
Medium |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipFile at new org.apache.commons.compress.archivers.zip.ZipFile(Path, String, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
878 |
Medium |
org.apache.commons.compress.archivers.zip.ZipFile$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.archivers.zip.ZipFile$Builder.setSeekableByteChannel(SeekableByteChannel) may expose internal representation by storing an externally mutable object into ZipFile$Builder.seekableByteChannel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
204 |
Medium |
org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel at new org.apache.commons.compress.archivers.zip.ZipSplitReadOnlySeekableByteChannel(List) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
259 |
Medium |
| The method 'forFiles(File[])' in class 'ZipSplitReadOnlySeekableByteChannel' hides a method in class 'MultiReadOnlySeekableByteChannel'. Declare the respective methods non-static or private to eradicate the problem. |
CORRECTNESS |
HSM_HIDING_METHOD |
123 |
Medium |
| The method 'forPaths(Path[])' in class 'ZipSplitReadOnlySeekableByteChannel' hides a method in class 'MultiReadOnlySeekableByteChannel'. Declare the respective methods non-static or private to eradicate the problem. |
CORRECTNESS |
HSM_HIDING_METHOD |
219 |
Medium |
org.apache.commons.compress.changes.ChangeSetResults
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.changes.ChangeSetResults.getAddedFromChangeSet() may expose internal representation by returning ChangeSetResults.addedFromChangeSet |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
| org.apache.commons.compress.changes.ChangeSetResults.getAddedFromStream() may expose internal representation by returning ChangeSetResults.addedFromStream |
MALICIOUS_CODE |
EI_EXPOSE_REP |
82 |
Medium |
| org.apache.commons.compress.changes.ChangeSetResults.getDeleted() may expose internal representation by returning ChangeSetResults.deleted |
MALICIOUS_CODE |
EI_EXPOSE_REP |
91 |
Medium |
org.apache.commons.compress.compressors.CompressorStreamFactory
| Bug |
Category |
Details |
Line |
Priority |
| Public static org.apache.commons.compress.compressors.CompressorStreamFactory.getSingleton() may expose internal representation by returning CompressorStreamFactory.SINGLETON |
MALICIOUS_CODE |
MS_EXPOSE_REP |
423 |
Medium |
| Class (org.apache.commons.compress.compressors.CompressorStreamFactory) using singleton design pattern has non-private constructor. |
CORRECTNESS |
SING_SINGLETON_HAS_NONPRIVATE_CONSTRUCTOR |
508-511 |
Medium |
org.apache.commons.compress.compressors.brotli.BrotliCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.brotli.BrotliCompressorInputStream at new org.apache.commons.compress.compressors.brotli.BrotliCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
258 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
273 |
Medium |
org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
408 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream at new org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
425 |
Medium |
| Vacuous iand operation on BZip2CompressorOutputStream.java:[line 841] in org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream.sendMTFValues1(int, int) |
STYLE |
INT_VACUOUS_BIT_OPERATION |
841 |
Medium |
org.apache.commons.compress.compressors.bzip2.BlockSort
| Bug |
Category |
Details |
Line |
Priority |
| Self assignment of field BlockSort.workDone in org.apache.commons.compress.compressors.bzip2.BlockSort.mainSimpleSort(BZip2CompressorOutputStream$Data, int, int, int, int) |
CORRECTNESS |
SA_FIELD_SELF_ASSIGNMENT |
849 |
High |
org.apache.commons.compress.compressors.gzip.ExtraField$SubField
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.compressors.gzip.ExtraField$SubField.getPayload() may expose internal representation by returning ExtraField$SubField.payload |
MALICIOUS_CODE |
EI_EXPOSE_REP |
126 |
Medium |
org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
286 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
304 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream(GzipCompressorInputStream$Builder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
265 |
Medium |
| org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream.getMetaData() may expose internal representation by returning GzipCompressorInputStream.parameters |
MALICIOUS_CODE |
EI_EXPOSE_REP |
340 |
Medium |
org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
56 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream at new org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream(OutputStream, GzipParameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
72 |
Medium |
org.apache.commons.compress.compressors.gzip.GzipParameters
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.compressors.gzip.GzipParameters.getExtraField() may expose internal representation by returning GzipParameters.extraField |
MALICIOUS_CODE |
EI_EXPOSE_REP |
376 |
Medium |
| org.apache.commons.compress.compressors.gzip.GzipParameters.setExtraField(ExtraField) may expose internal representation by storing an externally mutable object into GzipParameters.extraField |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
557 |
Medium |
org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
127 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
139 |
Medium |
org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
179 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream at new org.apache.commons.compress.compressors.lz4.FramedLZ4CompressorOutputStream(OutputStream, FramedLZ4CompressorOutputStream$Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
194 |
Medium |
org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream at new org.apache.commons.compress.compressors.lz77support.AbstractLZ77CompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
122 |
Medium |
org.apache.commons.compress.compressors.lz77support.Parameters$Builder
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lz77support.Parameters$Builder at new org.apache.commons.compress.compressors.lz77support.Parameters$Builder(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
43 |
Medium |
org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream at new org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
124 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream at new org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
140 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream at new org.apache.commons.compress.compressors.lzma.LZMACompressorInputStream(LZMACompressorInputStream$Builder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
109 |
Medium |
org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream at new org.apache.commons.compress.compressors.lzma.LZMACompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
110 |
Medium |
org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(File, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
102 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(File, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
114 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, File, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
134 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
175 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream(InputStream, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
191 |
Medium |
org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
58 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
69 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream at new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
82 |
Medium |
| new org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream(OutputStream, Pack200Strategy, Map) may expose internal representation by storing an externally mutable object into Pack200CompressorOutputStream.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
83 |
Medium |
org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream(InputStream, int, FramedSnappyDialect) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
156 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorInputStream(InputStream, FramedSnappyDialect) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
141 |
Medium |
org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
74 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.FramedSnappyCompressorOutputStream(OutputStream, Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
88 |
Medium |
org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
69 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
82 |
Medium |
org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream(OutputStream, long, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
127 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream at new org.apache.commons.compress.compressors.snappy.SnappyCompressorOutputStream(OutputStream, long, Parameters) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
153 |
Medium |
org.apache.commons.compress.compressors.xz.XZCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.xz.XZCompressorInputStream at new org.apache.commons.compress.compressors.xz.XZCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
166 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.xz.XZCompressorInputStream at new org.apache.commons.compress.compressors.xz.XZCompressorInputStream(InputStream, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
182 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.xz.XZCompressorInputStream at new org.apache.commons.compress.compressors.xz.XZCompressorInputStream(InputStream, boolean, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
203 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.xz.XZCompressorInputStream at new org.apache.commons.compress.compressors.xz.XZCompressorInputStream(XZCompressorInputStream$Builder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
150 |
Medium |
org.apache.commons.compress.compressors.xz.XZCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.xz.XZCompressorOutputStream at new org.apache.commons.compress.compressors.xz.XZCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
127 |
Medium |
org.apache.commons.compress.compressors.z.ZCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.z.ZCompressorInputStream at new org.apache.commons.compress.compressors.z.ZCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
63 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.z.ZCompressorInputStream at new org.apache.commons.compress.compressors.z.ZCompressorInputStream(InputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
75 |
Medium |
org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
56 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorInputStream(InputStream, BufferPool) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
68 |
Medium |
org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream(OutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
500 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream(OutputStream, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
514 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream(OutputStream, int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
529 |
Medium |
| Exception thrown in class org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream at new org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream(OutputStream, int, boolean, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
546 |
Medium |
| org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream.toZstdOutputStream(ZstdCompressorOutputStream$Builder) may fail to close stream |
BAD_PRACTICE |
OS_OPEN_STREAM |
470 |
Medium |
org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream$Builder
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.compressors.zstandard.ZstdCompressorOutputStream$Builder.setDict(byte[]) may expose internal representation by storing an externally mutable object into ZstdCompressorOutputStream$Builder.dict |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
176 |
Medium |
org.apache.commons.compress.harmony.pack200.Archive
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.Archive at new org.apache.commons.compress.harmony.pack200.Archive(JarFile, OutputStream, PackingOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
169 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.Archive at new org.apache.commons.compress.harmony.pack200.Archive(JarInputStream, OutputStream, PackingOptions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
191 |
Medium |
org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getClassAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.classAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
205 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getCodeAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.codeAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
209 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getFieldAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.fieldAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
213 |
Medium |
| org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.getMethodAttributeLayouts() may expose internal representation by returning AttributeDefinitionBands.methodAttributeLayouts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
217 |
Medium |
| new org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands(Segment, int, Attribute[]) may expose internal representation by storing an externally mutable object into AttributeDefinitionBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.AttributeDefinitionBands.lambda$addAttributeDefinitions$0(int[], int, String, String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
150-161 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BandSet(int, SegmentHeader) may expose internal representation by storing an externally mutable object into BandSet.segmentHeader |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
211 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BandSet.encodeWithPopulationCodec(int[], BHSDCodec, BandSet$BandData, BandSet$BandAnalysisResults) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
586-618 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet$BandAnalysisResults
| Bug |
Category |
Details |
Line |
Priority |
| Should org.apache.commons.compress.harmony.pack200.BandSet$BandAnalysisResults be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
38-62 |
Medium |
org.apache.commons.compress.harmony.pack200.BandSet$BandData
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BandSet$BandData(BandSet, int[]) may expose internal representation by storing an externally mutable object into BandSet$BandData.band |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
org.apache.commons.compress.harmony.pack200.BcBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.BcBands(CpBands, Segment, int) may expose internal representation by storing an externally mutable object into BcBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
88 |
Medium |
| new org.apache.commons.compress.harmony.pack200.BcBands(CpBands, Segment, int) may expose internal representation by storing an externally mutable object into BcBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
89 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitIntInsn(int, int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
312-322 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitMethodInsn(int, String, String, String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
400-450 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.BcBands.visitVarInsn(int, int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
504-523 |
Medium |
org.apache.commons.compress.harmony.pack200.CPClass
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPClass(CPUTF8) may expose internal representation by storing an externally mutable object into CPClass.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
36 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPClass defines compareTo(CPClass) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
50 |
Medium |
org.apache.commons.compress.harmony.pack200.CPDouble
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPDouble defines compareTo(CPDouble) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
39 |
Medium |
org.apache.commons.compress.harmony.pack200.CPFloat
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPFloat defines compareTo(CPFloat) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
39 |
Medium |
org.apache.commons.compress.harmony.pack200.CPInt
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPInt defines compareTo(CPInt) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
39 |
Medium |
org.apache.commons.compress.harmony.pack200.CPLong
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPLong defines compareTo(CPLong) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
39 |
Medium |
org.apache.commons.compress.harmony.pack200.CPMethodOrField
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField.getClassName() may expose internal representation by returning CPMethodOrField.className |
MALICIOUS_CODE |
EI_EXPOSE_REP |
54 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField.getDesc() may expose internal representation by returning CPMethodOrField.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
58 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPMethodOrField(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into CPMethodOrField.className |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
32 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPMethodOrField(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into CPMethodOrField.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
33 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPMethodOrField defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
38-46 |
Medium |
org.apache.commons.compress.harmony.pack200.CPNameAndType
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPNameAndType(CPUTF8, CPSignature) may expose internal representation by storing an externally mutable object into CPNameAndType.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
30 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPNameAndType(CPUTF8, CPSignature) may expose internal representation by storing an externally mutable object into CPNameAndType.signature |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
31 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPNameAndType defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
36-44 |
Medium |
org.apache.commons.compress.harmony.pack200.CPSignature
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPSignature.getClasses() may expose internal representation by returning CPSignature.classes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
68 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPSignature.getSignatureForm() may expose internal representation by returning CPSignature.signatureForm |
MALICIOUS_CODE |
EI_EXPOSE_REP |
76 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPSignature(String, CPUTF8, List) may expose internal representation by storing an externally mutable object into CPSignature.classes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
36 |
Medium |
| new org.apache.commons.compress.harmony.pack200.CPSignature(String, CPUTF8, List) may expose internal representation by storing an externally mutable object into CPSignature.signatureForm |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
35 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPSignature defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
42-64 |
Medium |
org.apache.commons.compress.harmony.pack200.CPString
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CPString(CPUTF8) may expose internal representation by storing an externally mutable object into CPString.value |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
35 |
Medium |
| org.apache.commons.compress.harmony.pack200.CPString defines compareTo(CPString) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
41 |
Medium |
org.apache.commons.compress.harmony.pack200.CPUTF8
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CPUTF8 defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
34 |
Medium |
org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
153 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
163 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
177 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
191 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaSignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
205 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
89 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
99 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
113 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
127 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.deltaUnsignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
141 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaSignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
227 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaSignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
237 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs1 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
37 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs2 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
47 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs3 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
57 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs4 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
67 |
Medium |
| org.apache.commons.compress.harmony.pack200.CanonicalCodecFamilies.nonDeltaUnsignedCodecs5 should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
77 |
Medium |
org.apache.commons.compress.harmony.pack200.ClassBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.ClassBands at new org.apache.commons.compress.harmony.pack200.ClassBands(Segment, int, int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
255 |
Medium |
| new org.apache.commons.compress.harmony.pack200.ClassBands(Segment, int, int, boolean) may expose internal representation by storing an externally mutable object into ClassBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
224 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.ClassBands.addAnnotation(int, String, boolean, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
261-320 |
Medium |
org.apache.commons.compress.harmony.pack200.Codec
| Bug |
Category |
Details |
Line |
Priority |
| Primitive field org.apache.commons.compress.harmony.pack200.Codec.lastBandLength is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility. |
BAD_PRACTICE |
PA_PUBLIC_PRIMITIVE_ATTRIBUTE |
145 |
Medium |
org.apache.commons.compress.harmony.pack200.CodecEncoding
| Bug |
Category |
Details |
Line |
Priority |
| Useless condition: it's known that value >= 117 ('u') at this point |
STYLE |
UC_USELESS_CONDITION |
123 |
Medium |
| Useless condition: it's known that value >= 141 (0x8d) at this point |
STYLE |
UC_USELESS_CONDITION |
150 |
Medium |
org.apache.commons.compress.harmony.pack200.CpBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.CpBands(Segment, int) may expose internal representation by storing an externally mutable object into CpBands.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
71 |
Medium |
org.apache.commons.compress.harmony.pack200.FileBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.FileBands(CpBands, SegmentHeader, PackingOptions, Archive$SegmentUnit, int) may expose internal representation by storing an externally mutable object into FileBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| new org.apache.commons.compress.harmony.pack200.FileBands(CpBands, SegmentHeader, PackingOptions, Archive$SegmentUnit, int) may expose internal representation by storing an externally mutable object into FileBands.options |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
53 |
Medium |
org.apache.commons.compress.harmony.pack200.IcBands
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.IcBands(SegmentHeader, CpBands, int) may expose internal representation by storing an externally mutable object into IcBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
org.apache.commons.compress.harmony.pack200.IcBands$IcTuple
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.IcBands$IcTuple defines equals and uses Object.hashCode() |
BAD_PRACTICE |
HE_EQUALS_USE_HASHCODE |
57-61 |
Medium |
org.apache.commons.compress.harmony.pack200.IntList
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.IntList at new org.apache.commons.compress.harmony.pack200.IntList() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
38 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.IntList at new org.apache.commons.compress.harmony.pack200.IntList(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
org.apache.commons.compress.harmony.pack200.MetadataBandGroup
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.MetadataBandGroup(String, int, CpBands, SegmentHeader, int) may expose internal representation by storing an externally mutable object into MetadataBandGroup.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
74 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.MetadataBandGroup.addAnnotation(String, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
99-130 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.MetadataBandGroup.addParameterAnnotation(int, int[], IntList, List, List, List, List, List, List, List, List) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
177-208 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttribute.getBytes() may expose internal representation by returning NewAttribute.contents |
MALICIOUS_CODE |
EI_EXPOSE_REP |
122 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.buf |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
95 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.contents |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
91 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttribute(ClassReader, String, String, byte[], char[], int, Label[]) may expose internal representation by storing an externally mutable object into NewAttribute.labels |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
94 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.NewAttribute.addContext(int) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
105-116 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.NewAttributeBands at new org.apache.commons.compress.harmony.pack200.NewAttributeBands(int, CpBands, SegmentHeader, AttributeDefinitionBands$AttributeDefinition) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
551 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands.numBackwardsCalls() may expose internal representation by returning NewAttributeBands.backwardsCallCounts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
626 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands(int, CpBands, SegmentHeader, AttributeDefinitionBands$AttributeDefinition) may expose internal representation by storing an externally mutable object into NewAttributeBands.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
550 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call.getCallable() may expose internal representation by returning NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call(NewAttributeBands, int) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
61 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Call.setCallable(NewAttributeBands$Callable) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable.getBody() may expose internal representation by returning NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
123 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
108 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Callable(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
107 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
167 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String, NewAttributeBands$Integral) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.previousIntegral |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
175 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Integral(NewAttributeBands, String, NewAttributeBands$Integral) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
172 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement(NewAttributeBands) may expose internal representation by storing an externally mutable object into NewAttributeBands$LayoutElement.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
288 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.pack200.NewAttributeBands$LayoutElement.getLength(char) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
292-303 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Reference
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Reference(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Reference.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
321 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication at new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication(NewAttributeBands, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
378 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication.getCountElement() may expose internal representation by returning NewAttributeBands$Replication.countElement |
MALICIOUS_CODE |
EI_EXPOSE_REP |
395 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication.getLayoutElements() may expose internal representation by returning NewAttributeBands$Replication.layoutElements |
MALICIOUS_CODE |
EI_EXPOSE_REP |
399 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Replication(NewAttributeBands, String, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Replication.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
374 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getDefaultCaseBody() may expose internal representation by returning NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP |
452 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getUnionCases() may expose internal representation by returning NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP |
456 |
Medium |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union.getUnionTag() may expose internal representation by returning NewAttributeBands$Union.unionTag |
MALICIOUS_CODE |
EI_EXPOSE_REP |
460 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
430 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
427 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
429 |
Medium |
org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase.getBody() may expose internal representation by returning NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
512 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
495 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
494 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
501 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
500 |
Medium |
| new org.apache.commons.compress.harmony.pack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
499 |
Medium |
org.apache.commons.compress.harmony.pack200.Pack200Adapter
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.Pack200Adapter.properties() may expose internal representation by returning Pack200Adapter.properties |
MALICIOUS_CODE |
EI_EXPOSE_REP |
65 |
Medium |
org.apache.commons.compress.harmony.pack200.PackingOptions
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.PackingOptions.getUnknownAttributePrototypes() may expose internal representation by returning PackingOptions.unknownAttributeTypes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
166 |
Medium |
org.apache.commons.compress.harmony.pack200.PackingUtils
| Bug |
Category |
Details |
Line |
Priority |
| Incorrect lazy initialization and update of static field org.apache.commons.compress.harmony.pack200.PackingUtils.fileHandler in org.apache.commons.compress.harmony.pack200.PackingUtils.config(PackingOptions) |
MT_CORRECTNESS |
LI_LAZY_INIT_UPDATE_STATIC |
76-80 |
High |
org.apache.commons.compress.harmony.pack200.PopulationCodec
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.PopulationCodec at new org.apache.commons.compress.harmony.pack200.PopulationCodec(Codec, int, Codec) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
45 |
Medium |
| org.apache.commons.compress.harmony.pack200.PopulationCodec.getFavoured() may expose internal representation by returning PopulationCodec.favoured |
MALICIOUS_CODE |
EI_EXPOSE_REP |
153 |
Medium |
org.apache.commons.compress.harmony.pack200.RunCodec
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.pack200.RunCodec at new org.apache.commons.compress.harmony.pack200.RunCodec(int, Codec, Codec) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
40 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.pack200.Segment.getAttrBands() may expose internal representation by returning Segment.attributeDefinitionBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
534 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getClassBands() may expose internal representation by returning Segment.classBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
538 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getCpBands() may expose internal representation by returning Segment.cpBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
542 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getCurrentClassReader() may expose internal representation by returning Segment.currentClassReader |
MALICIOUS_CODE |
EI_EXPOSE_REP |
546 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getIcBands() may expose internal representation by returning Segment.icBands |
MALICIOUS_CODE |
EI_EXPOSE_REP |
550 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.getSegmentHeader() may expose internal representation by returning Segment.segmentHeader |
MALICIOUS_CODE |
EI_EXPOSE_REP |
554 |
Medium |
| org.apache.commons.compress.harmony.pack200.Segment.pack(Archive$SegmentUnit, OutputStream, PackingOptions) may expose internal representation by storing an externally mutable object into Segment.options |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
571 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.caseArrayN |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
73 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.nameRU |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
75 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
74 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
70 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$ArrayVisitor(Segment, List, List, List, List) may expose internal representation by storing an externally mutable object into Segment$ArrayVisitor.values |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
76 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
149 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int, int, String, boolean) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
154 |
Medium |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentAnnotationVisitor(Segment, int, String, boolean) may expose internal representation by storing an externally mutable object into Segment$SegmentAnnotationVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
162 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentFieldVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentFieldVisitor(Segment) may expose internal representation by storing an externally mutable object into Segment$SegmentFieldVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
263 |
Medium |
org.apache.commons.compress.harmony.pack200.Segment$SegmentMethodVisitor
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.pack200.Segment$SegmentMethodVisitor(Segment) may expose internal representation by storing an externally mutable object into Segment$SegmentMethodVisitor.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
309 |
Medium |
org.apache.commons.compress.harmony.pack200.SegmentHeader
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: org.apache.commons.compress.harmony.pack200.SegmentHeader.have_file_modtime; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
99 |
Medium |
| Unread field: org.apache.commons.compress.harmony.pack200.SegmentHeader.have_file_options; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
100 |
Medium |
org.apache.commons.compress.harmony.unpack200.Archive
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.Archive at new org.apache.commons.compress.harmony.unpack200.Archive(InputStream, JarOutputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
79 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.Archive at new org.apache.commons.compress.harmony.unpack200.Archive(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
102 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.Archive(InputStream, JarOutputStream) may expose internal representation by storing an externally mutable object into Archive.outputStream |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttrDefinitionBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.AttrDefinitionBands.getAttributeDefinitionMap() may expose internal representation by returning AttrDefinitionBands.attributeDefinitionMap |
MALICIOUS_CODE |
EI_EXPOSE_REP |
70 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttributeLayout
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayout at new org.apache.commons.compress.harmony.unpack200.AttributeLayout(String, int, String, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
272 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayout at new org.apache.commons.compress.harmony.unpack200.AttributeLayout(String, int, String, int, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
296 |
Medium |
| org.apache.commons.compress.harmony.unpack200.AttributeLayout.contextNames should be package protected |
MALICIOUS_CODE |
MS_PKGPROTECT |
214 |
Medium |
org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap
| Bug |
Category |
Details |
Line |
Priority |
| Questionable cast from Collection to abstract class java.util.List in org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap.checkMap() |
STYLE |
BC_BAD_CAST_TO_ABSTRACT_COLLECTION |
155 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap at new org.apache.commons.compress.harmony.unpack200.AttributeLayoutMap() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
130 |
Medium |
org.apache.commons.compress.harmony.unpack200.BandSet
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.BandSet(Segment) may expose internal representation by storing an externally mutable object into BandSet.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
65 |
Medium |
org.apache.commons.compress.harmony.unpack200.BcBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcByte() may expose internal representation by returning BcBands.bcByte |
MALICIOUS_CODE |
EI_EXPOSE_REP |
94 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcCaseCount() may expose internal representation by returning BcBands.bcCaseCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
98 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcCaseValue() may expose internal representation by returning BcBands.bcCaseValue |
MALICIOUS_CODE |
EI_EXPOSE_REP |
102 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcClassRef() may expose internal representation by returning BcBands.bcClassRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
106 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcDoubleRef() may expose internal representation by returning BcBands.bcDoubleRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
110 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcFieldRef() may expose internal representation by returning BcBands.bcFieldRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
114 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcFloatRef() may expose internal representation by returning BcBands.bcFloatRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
118 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcIMethodRef() may expose internal representation by returning BcBands.bcIMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
122 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcInitRef() may expose internal representation by returning BcBands.bcInitRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
126 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcIntRef() may expose internal representation by returning BcBands.bcIntRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
130 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLabel() may expose internal representation by returning BcBands.bcLabel |
MALICIOUS_CODE |
EI_EXPOSE_REP |
134 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLocal() may expose internal representation by returning BcBands.bcLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP |
138 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcLongRef() may expose internal representation by returning BcBands.bcLongRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
142 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcMethodRef() may expose internal representation by returning BcBands.bcMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
146 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcShort() may expose internal representation by returning BcBands.bcShort |
MALICIOUS_CODE |
EI_EXPOSE_REP |
150 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcStringRef() may expose internal representation by returning BcBands.bcStringRef |
MALICIOUS_CODE |
EI_EXPOSE_REP |
154 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcSuperField() may expose internal representation by returning BcBands.bcSuperField |
MALICIOUS_CODE |
EI_EXPOSE_REP |
158 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcSuperMethod() may expose internal representation by returning BcBands.bcSuperMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP |
162 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcThisField() may expose internal representation by returning BcBands.bcThisField |
MALICIOUS_CODE |
EI_EXPOSE_REP |
166 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getBcThisMethod() may expose internal representation by returning BcBands.bcThisMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP |
170 |
Medium |
| org.apache.commons.compress.harmony.unpack200.BcBands.getMethodByteCodePacked() may expose internal representation by returning BcBands.methodByteCodePacked |
MALICIOUS_CODE |
EI_EXPOSE_REP |
174 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.BcBands.read(InputStream) where one case falls through to the next case |
STYLE |
SF_SWITCH_FALLTHROUGH |
257-265 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscByte |
PERFORMANCE |
URF_UNREAD_FIELD |
420 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscRef |
PERFORMANCE |
URF_UNREAD_FIELD |
417 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.BcBands.bcEscRefSize |
PERFORMANCE |
URF_UNREAD_FIELD |
418 |
Medium |
org.apache.commons.compress.harmony.unpack200.ClassBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassAttributes() may expose internal representation by returning ClassBands.classAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
160 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassFieldCount() may expose internal representation by returning ClassBands.classFieldCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
164 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassFlags() may expose internal representation by returning ClassBands.classAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
181 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassInterfacesInts() may expose internal representation by returning ClassBands.classInterfacesInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
185 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassMethodCount() may expose internal representation by returning ClassBands.classMethodCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
189 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassSuperInts() may expose internal representation by returning ClassBands.classSuperInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
193 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassThisInts() may expose internal representation by returning ClassBands.classThisInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
197 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassVersionMajor() may expose internal representation by returning ClassBands.classVersionMajor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
207 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getClassVersionMinor() may expose internal representation by returning ClassBands.classVersionMinor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
217 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerCatchPO() may expose internal representation by returning ClassBands.codeHandlerCatchPO |
MALICIOUS_CODE |
EI_EXPOSE_REP |
221 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerClassRCN() may expose internal representation by returning ClassBands.codeHandlerClassRCN |
MALICIOUS_CODE |
EI_EXPOSE_REP |
225 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerCount() may expose internal representation by returning ClassBands.codeHandlerCount |
MALICIOUS_CODE |
EI_EXPOSE_REP |
229 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerEndPO() may expose internal representation by returning ClassBands.codeHandlerEndPO |
MALICIOUS_CODE |
EI_EXPOSE_REP |
233 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHandlerStartP() may expose internal representation by returning ClassBands.codeHandlerStartP |
MALICIOUS_CODE |
EI_EXPOSE_REP |
237 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeHasAttributes() may expose internal representation by returning ClassBands.codeHasAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
241 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeMaxNALocals() may expose internal representation by returning ClassBands.codeMaxNALocals |
MALICIOUS_CODE |
EI_EXPOSE_REP |
245 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getCodeMaxStack() may expose internal representation by returning ClassBands.codeMaxStack |
MALICIOUS_CODE |
EI_EXPOSE_REP |
249 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldAttributes() may expose internal representation by returning ClassBands.fieldAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
253 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldDescrInts() may expose internal representation by returning ClassBands.fieldDescrInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
257 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getFieldFlags() may expose internal representation by returning ClassBands.fieldAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
277 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getIcLocal() may expose internal representation by returning ClassBands.icLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP |
281 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodAttributes() may expose internal representation by returning ClassBands.methodAttributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
285 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodDescr() may expose internal representation by returning ClassBands.methodDescr |
MALICIOUS_CODE |
EI_EXPOSE_REP |
289 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodDescrInts() may expose internal representation by returning ClassBands.methodDescrInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
293 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getMethodFlags() may expose internal representation by returning ClassBands.methodAccessFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
313 |
Medium |
| org.apache.commons.compress.harmony.unpack200.ClassBands.getRawClassFlags() may expose internal representation by returning ClassBands.classFlags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
328 |
Medium |
| Bad comparison of nonnegative value with 0 in org.apache.commons.compress.harmony.unpack200.ClassBands.parseCodeBands(InputStream) |
CORRECTNESS |
INT_BAD_COMPARISON_WITH_NONNEGATIVE_VALUE |
711 |
Medium |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.ClassBands.parseMetadata(InputStream, String[], int[], int[], String) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
937-967 |
Medium |
org.apache.commons.compress.harmony.unpack200.CpBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpClass() may expose internal representation by returning CpBands.cpClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
248 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptor() may expose internal representation by returning CpBands.cpDescriptor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
252 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptorNameInts() may expose internal representation by returning CpBands.cpDescriptorNameInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
256 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpDescriptorTypeInts() may expose internal representation by returning CpBands.cpDescriptorTypeInts |
MALICIOUS_CODE |
EI_EXPOSE_REP |
260 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpFieldClass() may expose internal representation by returning CpBands.cpFieldClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
264 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpIMethodClass() may expose internal representation by returning CpBands.cpIMethodClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
268 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpInt() may expose internal representation by returning CpBands.cpInt |
MALICIOUS_CODE |
EI_EXPOSE_REP |
272 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpLong() may expose internal representation by returning CpBands.cpLong |
MALICIOUS_CODE |
EI_EXPOSE_REP |
276 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpMethodClass() may expose internal representation by returning CpBands.cpMethodClass |
MALICIOUS_CODE |
EI_EXPOSE_REP |
280 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpMethodDescriptor() may expose internal representation by returning CpBands.cpMethodDescriptor |
MALICIOUS_CODE |
EI_EXPOSE_REP |
284 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpSignature() may expose internal representation by returning CpBands.cpSignature |
MALICIOUS_CODE |
EI_EXPOSE_REP |
288 |
Medium |
| org.apache.commons.compress.harmony.unpack200.CpBands.getCpUTF8() may expose internal representation by returning CpBands.cpUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_REP |
292 |
Medium |
org.apache.commons.compress.harmony.unpack200.FileBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileBits() may expose internal representation by returning FileBands.fileBits |
MALICIOUS_CODE |
EI_EXPOSE_REP |
58 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileModtime() may expose internal representation by returning FileBands.fileModtime |
MALICIOUS_CODE |
EI_EXPOSE_REP |
62 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileName() may expose internal representation by returning FileBands.fileName |
MALICIOUS_CODE |
EI_EXPOSE_REP |
66 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileOptions() may expose internal representation by returning FileBands.fileOptions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
70 |
Medium |
| org.apache.commons.compress.harmony.unpack200.FileBands.getFileSize() may expose internal representation by returning FileBands.fileSize |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
org.apache.commons.compress.harmony.unpack200.IcBands
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.IcBands.getIcTuples() may expose internal representation by returning IcBands.icAll |
MALICIOUS_CODE |
EI_EXPOSE_REP |
61 |
Medium |
org.apache.commons.compress.harmony.unpack200.IcTuple
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.IcTuple at new org.apache.commons.compress.harmony.unpack200.IcTuple(String, int, String, String, int, int, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
90 |
Medium |
org.apache.commons.compress.harmony.unpack200.MetadataBandGroup
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.getAttributes() may expose internal representation by returning MetadataBandGroup.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
188 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRiaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.riaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
51 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRipaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.ripaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
55 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRvaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.rvaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
59 |
Medium |
| org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.setRvpaAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.MetadataBandGroup.rvpaUTF8 |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
63 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.NewAttributeBands at new org.apache.commons.compress.harmony.unpack200.NewAttributeBands(Segment, AttributeLayout) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
607 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands(Segment, AttributeLayout) may expose internal representation by storing an externally mutable object into NewAttributeBands.attributeLayout |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
606 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call.getCallable() may expose internal representation by returning NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP |
92 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call(NewAttributeBands, int) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
82 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Call.setCallable(NewAttributeBands$Callable) may expose internal representation by storing an externally mutable object into NewAttributeBands$Call.callable |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
111 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable.getBody() may expose internal representation by returning NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP |
167 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Callable(List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Callable.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
131 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Integral.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
204 |
Medium |
| Self assignment of value in org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Integral.addToAttribute(int, NewAttribute) |
STYLE |
SA_LOCAL_SELF_ASSIGNMENT |
255 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$LayoutElement
| Bug |
Category |
Details |
Line |
Priority |
| Switch statement found in org.apache.commons.compress.harmony.unpack200.NewAttributeBands$LayoutElement.getLength(char) where default case is missing |
STYLE |
SF_SWITCH_NO_DEFAULT |
289-300 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Reference
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Reference(NewAttributeBands, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Reference.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
318 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication at new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication(NewAttributeBands, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
400 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication.getCountElement() may expose internal representation by returning NewAttributeBands$Replication.countElement |
MALICIOUS_CODE |
EI_EXPOSE_REP |
424 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication.getLayoutElements() may expose internal representation by returning NewAttributeBands$Replication.layoutElements |
MALICIOUS_CODE |
EI_EXPOSE_REP |
428 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Replication(NewAttributeBands, String, String) may expose internal representation by storing an externally mutable object into NewAttributeBands$Replication.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
396 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getDefaultCaseBody() may expose internal representation by returning NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP |
502 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getUnionCases() may expose internal representation by returning NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP |
506 |
Medium |
| org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union.getUnionTag() may expose internal representation by returning NewAttributeBands$Union.unionTag |
MALICIOUS_CODE |
EI_EXPOSE_REP |
510 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.defaultCaseBody |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
458 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
455 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$Union(NewAttributeBands, String, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$Union.unionCases |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
457 |
Medium |
org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
559 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
558 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.body |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
564 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
563 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.NewAttributeBands$UnionCase(NewAttributeBands, List, List) may expose internal representation by storing an externally mutable object into NewAttributeBands$UnionCase.this$0 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
562 |
Medium |
org.apache.commons.compress.harmony.unpack200.Segment
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.Segment.getSegmentHeader() may expose internal representation by returning Segment.header |
MALICIOUS_CODE |
EI_EXPOSE_REP |
397 |
Medium |
| org.apache.commons.compress.harmony.unpack200.Segment.unpackRead(InputStream) ignores result of java.io.InputStream.read(byte[]) |
BAD_PRACTICE |
RR_NOT_CHECKED |
565 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache.indexesForArrayKey(String[], String) may expose internal representation by returning SegmentConstantPoolArrayCache.lastIndexes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
137 |
Medium |
| org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache.indexesForArrayKey(String[], String) may expose internal representation by storing an externally mutable object into SegmentConstantPoolArrayCache.lastArray |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
141 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray(SegmentConstantPoolArrayCache, String[]) may expose internal representation by storing an externally mutable object into SegmentConstantPoolArrayCache$CachedArray.primaryArray |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
47 |
Medium |
| Should org.apache.commons.compress.harmony.unpack200.SegmentConstantPoolArrayCache$CachedArray be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
46-83 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentHeader
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.SegmentHeader(Segment) may expose internal representation by storing an externally mutable object into SegmentHeader.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
99 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.SegmentHeader.archiveMajor |
PERFORMANCE |
URF_UNREAD_FIELD |
320 |
Medium |
| Unread field: org.apache.commons.compress.harmony.unpack200.SegmentHeader.archiveMinor |
PERFORMANCE |
URF_UNREAD_FIELD |
333 |
Medium |
org.apache.commons.compress.harmony.unpack200.SegmentOptions
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.SegmentOptions at new org.apache.commons.compress.harmony.unpack200.SegmentOptions(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
71 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute(AnnotationsAttribute$ElementValue) may expose internal representation by storing an externally mutable object into AnnotationDefaultAttribute.elementValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
51 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationDefaultAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
39 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.elementNames |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.elementValues |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.AnnotationsAttribute$Annotation(int, CPUTF8, CPUTF8[], AnnotationsAttribute$ElementValue[]) may expose internal representation by storing an externally mutable object into AnnotationsAttribute$Annotation.type |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.Attribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.Attribute(CPUTF8) may expose internal representation by storing an externally mutable object into Attribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
43 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getByteCodeTargets() may expose internal representation by returning ByteCode.byteCodeTargets |
MALICIOUS_CODE |
EI_EXPOSE_REP |
104 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getNestedClassFileEntries() may expose internal representation by returning ByteCode.nested |
MALICIOUS_CODE |
EI_EXPOSE_REP |
117 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getNestedPositions() may expose internal representation by returning ByteCode.nestedPositions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
125 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.getRewrite() may expose internal representation by returning ByteCode.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP |
141 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setByteCodeTargets(int[]) may expose internal representation by storing an externally mutable object into ByteCode.byteCodeTargets |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
212 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setNested(ClassFileEntry[]) may expose internal representation by storing an externally mutable object into ByteCode.nested |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
216 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setNestedPositions(int[][]) may expose internal representation by storing an externally mutable object into ByteCode.nestedPositions |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
230 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ByteCode.setRewrite(int[]) may expose internal representation by storing an externally mutable object into ByteCode.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
324 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPClass
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPClass(CPUTF8, int) may expose internal representation by storing an externally mutable object into CPClass.utf8 |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
50 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef(CPClass, CPNameAndType, int) may expose internal representation by storing an externally mutable object into CPFieldRef.className |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPFieldRef(CPClass, CPNameAndType, int) may expose internal representation by storing an externally mutable object into CPFieldRef.nameAndType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPMethod
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.CPMethod doesn't override CPMember.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CPString
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.CPString(CPUTF8, int) may expose internal representation by storing an externally mutable object into CPString.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
44 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute at new org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute(int, int, byte[], Segment, OperandManager, List) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
62 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.CodeAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
34 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.ConstantValueAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
33 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.DeprecatedAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
32 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into EnclosingMethodAttribute.cpClass |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
49 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute(CPClass, CPNameAndType) may expose internal representation by storing an externally mutable object into EnclosingMethodAttribute.method |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
50 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.EnclosingMethodAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
32 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry.getCatchType() may expose internal representation by returning ExceptionTableEntry.catchType |
MALICIOUS_CODE |
EI_EXPOSE_REP |
59 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionTableEntry(int, int, int, CPClass) may expose internal representation by storing an externally mutable object into ExceptionTableEntry.catchType |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute(CPClass[]) may expose internal representation by storing an externally mutable object into ExceptionsAttribute.exceptions |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
54 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.ExceptionsAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
45 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.InnerClassesAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
89 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute(int, int[], int[]) may expose internal representation by storing an externally mutable object into LineNumberTableAttribute.lineNumbers |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
43 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute(int, int[], int[]) may expose internal representation by storing an externally mutable object into LineNumberTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LineNumberTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
32 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.descriptors |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
58 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.indexes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
59 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.lengths |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.names |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
37 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.indexes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
59 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.lengths |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.names |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
57 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.signatures |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
58 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute(int, int[], int[], CPUTF8[], CPUTF8[], int[]) may expose internal representation by storing an externally mutable object into LocalVariableTypeTableAttribute.startPcs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
55 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.LocalVariableTypeTableAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
37 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcByte |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
87 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcCaseCount |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcCaseValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
86 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcClassRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
96 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcDoubleRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
94 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcFieldRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
97 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcFloatRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcIMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
99 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcInitRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
105 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcIntRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
91 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLabel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
90 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLocal |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
89 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcLongRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
93 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcMethodRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
98 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcShort |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
88 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcStringRef |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
95 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcSuperField |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
102 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcSuperMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
104 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcThisField |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
101 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.bcThisMethod |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
103 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager(int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[], int[]) may expose internal representation by storing an externally mutable object into OperandManager.wideByteCodes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
106 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.OperandManager.setSegment(Segment) may expose internal representation by storing an externally mutable object into OperandManager.segment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
227 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleAnnotationsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleAnnotationsAttribute(CPUTF8, AnnotationsAttribute$Annotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleAnnotationsAttribute.annotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute(CPUTF8, RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleParameterAnnotationsAttribute.parameterAnnotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
109 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation(AnnotationsAttribute$Annotation[]) may expose internal representation by storing an externally mutable object into RuntimeVisibleorInvisibleParameterAnnotationsAttribute$ParameterAnnotation.annotations |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
44 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute(CPUTF8) may expose internal representation by storing an externally mutable object into SignatureAttribute.signature |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.SignatureAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
32 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute(CPUTF8) may expose internal representation by storing an externally mutable object into SourceFileAttribute.name |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
42 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute.setAttributeName(CPUTF8) may expose internal static state by storing a mutable object into a static field org.apache.commons.compress.harmony.unpack200.bytecode.SourceFileAttribute.attributeName |
MALICIOUS_CODE |
EI_EXPOSE_STATIC_REP2 |
33 |
Medium |
org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm at new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
324 |
Medium |
| Exception thrown in class org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm at new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String, int[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
338 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.getRewrite() may expose internal representation by returning ByteCodeForm.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP |
420 |
Medium |
| new org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm(int, String, int[]) may expose internal representation by storing an externally mutable object into ByteCodeForm.rewrite |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
337 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.byteCodesByName is a mutable collection which should be package protected |
MALICIOUS_CODE |
MS_MUTABLE_COLLECTION_PKGPROTECT |
38 |
Medium |
| org.apache.commons.compress.harmony.unpack200.bytecode.forms.ByteCodeForm.byteCodeArray should be package protected |
MALICIOUS_CODE |
MS_PKGPROTECT |
37 |
Medium |
org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore at new org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
| Exception thrown in class org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore at new org.apache.commons.compress.parallel.FileBasedScatterGatherBackingStore(Path) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
62 |
Medium |
org.apache.commons.compress.utils.BoundedArchiveInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.compress.utils.BoundedArchiveInputStream at new org.apache.commons.compress.utils.BoundedArchiveInputStream(long, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
org.apache.commons.compress.utils.BoundedSeekableByteChannelInputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.BoundedSeekableByteChannelInputStream(long, long, SeekableByteChannel) may expose internal representation by storing an externally mutable object into BoundedSeekableByteChannelInputStream.channel |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
44 |
Medium |
org.apache.commons.compress.utils.ByteUtils$OutputStreamByteConsumer
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.ByteUtils$OutputStreamByteConsumer(OutputStream) may expose internal representation by storing an externally mutable object into ByteUtils$OutputStreamByteConsumer.os |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
104 |
Medium |
org.apache.commons.compress.utils.FixedLengthBlockOutputStream
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.compress.utils.FixedLengthBlockOutputStream(WritableByteChannel, int) may expose internal representation by storing an externally mutable object into FixedLengthBlockOutputStream.out |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
137 |
Medium |
|
