SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
351	28	0	0

Files

Class	Bugs
org.apache.commons.jexl3.JexlArithmetic	7
org.apache.commons.jexl3.JexlException	1
org.apache.commons.jexl3.ObjectContext	1
org.apache.commons.jexl3.internal.Engine	4
org.apache.commons.jexl3.internal.Frame	1
org.apache.commons.jexl3.internal.Operator	1
org.apache.commons.jexl3.internal.introspection.ArrayIterator	1
org.apache.commons.jexl3.internal.introspection.ArrayListWrapper	1
org.apache.commons.jexl3.internal.introspection.SandboxUberspect	1
org.apache.commons.jexl3.internal.introspection.Uberspect	4
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions	3
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt	1
org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject	2

org.apache.commons.jexl3.JexlArithmetic

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	295	Medium
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	285	Medium
org.apache.commons.jexl3.JexlArithmetic.collectionContains(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	512	Medium
org.apache.commons.jexl3.JexlArithmetic.endsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	882	Medium
org.apache.commons.jexl3.JexlArithmetic.startsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	1965	Medium
Suspicious comparison of Boolean references in org.apache.commons.jexl3.JexlArithmetic.options(JexlEngine$Options)	BAD_PRACTICE	RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN	1627	Medium
Exception is caught when Exception is not thrown in new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int)	STYLE	REC_CATCH_EXCEPTION	313	Medium

org.apache.commons.jexl3.JexlException

Bug	Category	Details	Line	Priority
Useless condition: it's known that length >= 64 ('@') at this point	STYLE	UC_USELESS_CONDITION	1169	Medium

org.apache.commons.jexl3.ObjectContext

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.ObjectContext(JexlEngine, Object) may expose internal representation by storing an externally mutable object into ObjectContext.jexl	MALICIOUS_CODE	EI_EXPOSE_REP2	43	Medium

org.apache.commons.jexl3.internal.Engine

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	354	Medium
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine(JexlBuilder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	375	Medium
Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.commons.jexl3.internal.Engine.jxltParse(JexlInfo, boolean, String, Scope)	MT_CORRECTNESS	JLM_JSR166_UTILCONCURRENT_MONITORENTER	881	Medium
Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in org.apache.commons.jexl3.internal.Engine.parse(JexlInfo, JexlFeatures, String, Scope)	MT_CORRECTNESS	JLM_JSR166_UTILCONCURRENT_MONITORENTER	848	Medium

org.apache.commons.jexl3.internal.Frame

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.Frame at new org.apache.commons.jexl3.internal.Frame(Scope, Object[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	51	Medium

org.apache.commons.jexl3.internal.Operator

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.internal.Operator.booleanDuckCall(String, Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	190	Medium

org.apache.commons.jexl3.internal.introspection.ArrayIterator

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayIterator at new org.apache.commons.jexl3.internal.introspection.ArrayIterator(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	62	Medium

org.apache.commons.jexl3.internal.introspection.ArrayListWrapper

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayListWrapper at new org.apache.commons.jexl3.internal.introspection.ArrayListWrapper(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	44	Medium

org.apache.commons.jexl3.internal.introspection.SandboxUberspect

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.internal.introspection.SandboxUberspect(JexlUberspect, JexlSandbox) may expose internal representation by storing an externally mutable object into SandboxUberspect.uberspect	MALICIOUS_CODE	EI_EXPOSE_REP2	65	Medium

org.apache.commons.jexl3.internal.introspection.Uberspect

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	91	Medium
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy, JexlPermissions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	102	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertyGet(List, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	359	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertySet(List, Object, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	425	Medium

org.apache.commons.jexl3.introspection.JexlSandbox$Permissions

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.execute() may expose internal representation by returning JexlSandbox$Permissions.execute	MALICIOUS_CODE	EI_EXPOSE_REP	611	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.read() may expose internal representation by returning JexlSandbox$Permissions.read	MALICIOUS_CODE	EI_EXPOSE_REP	643	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.write() may expose internal representation by returning JexlSandbox$Permissions.write	MALICIOUS_CODE	EI_EXPOSE_REP	665	Medium

org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt is Serializable; consider declaring a serialVersionUID	BAD_PRACTICE	SE_NO_SERIALVERSIONID	30-56	Medium

org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject.getEngine() may expose internal representation by returning JexlScriptEngine.jexlEngine	MALICIOUS_CODE	EI_EXPOSE_REP	200	Medium
new org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject(JexlScriptEngine) may expose internal representation by storing an externally mutable object into JexlScriptEngine$JexlScriptObject.this$0	MALICIOUS_CODE	EI_EXPOSE_REP2	189	Medium