SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.0

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
338	27	0	0

Files

Class	Bugs
org.apache.commons.jexl3.JexlArithmetic	7
org.apache.commons.jexl3.JexlException	1
org.apache.commons.jexl3.ObjectContext	1
org.apache.commons.jexl3.internal.Engine	2
org.apache.commons.jexl3.internal.Operator	1
org.apache.commons.jexl3.internal.introspection.ArrayIterator	1
org.apache.commons.jexl3.internal.introspection.ArrayListWrapper	1
org.apache.commons.jexl3.internal.introspection.ClassTool	2
org.apache.commons.jexl3.internal.introspection.SandboxUberspect	1
org.apache.commons.jexl3.internal.introspection.Uberspect	4
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions	3
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt	1
org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject	2

org.apache.commons.jexl3.JexlArithmetic

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	288	Medium
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	278	Medium
org.apache.commons.jexl3.JexlArithmetic.collectionContains(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	502	Medium
org.apache.commons.jexl3.JexlArithmetic.endsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	865	Medium
org.apache.commons.jexl3.JexlArithmetic.startsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	1924	Medium
Suspicious comparison of Boolean references in org.apache.commons.jexl3.JexlArithmetic.options(JexlEngine$Options)	BAD_PRACTICE	RC_REF_COMPARISON_BAD_PRACTICE_BOOLEAN	1596	Medium
Exception is caught when Exception is not thrown in new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int)	STYLE	REC_CATCH_EXCEPTION	306	Medium

org.apache.commons.jexl3.JexlException

Bug	Category	Details	Line	Priority
Useless condition: it's known that length >= 64 ('@') at this point	STYLE	UC_USELESS_CONDITION	1119	Medium

org.apache.commons.jexl3.ObjectContext

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.ObjectContext(JexlEngine, Object) may expose internal representation by storing an externally mutable object into ObjectContext.jexl	MALICIOUS_CODE	EI_EXPOSE_REP2	43	Medium

org.apache.commons.jexl3.internal.Engine

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	319	Medium
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine(JexlBuilder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	339	Medium

org.apache.commons.jexl3.internal.Operator

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.internal.Operator.booleanDuckCall(String, Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	181	Medium

org.apache.commons.jexl3.internal.introspection.ArrayIterator

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayIterator at new org.apache.commons.jexl3.internal.introspection.ArrayIterator(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	58	Medium

org.apache.commons.jexl3.internal.introspection.ArrayListWrapper

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayListWrapper at new org.apache.commons.jexl3.internal.introspection.ArrayListWrapper(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	42	Medium

org.apache.commons.jexl3.internal.introspection.ClassTool

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.internal.introspection.ClassTool.<static initializer for ClassTool>() might ignore java.lang.Exception	BAD_PRACTICE	DE_MIGHT_IGNORE	50	Medium
Exception is caught when Exception is not thrown in org.apache.commons.jexl3.internal.introspection.ClassTool.<static initializer for ClassTool>()	STYLE	REC_CATCH_EXCEPTION	50	Medium

org.apache.commons.jexl3.internal.introspection.SandboxUberspect

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.internal.introspection.SandboxUberspect(JexlUberspect, JexlSandbox) may expose internal representation by storing an externally mutable object into SandboxUberspect.uberspect	MALICIOUS_CODE	EI_EXPOSE_REP2	60	Medium

org.apache.commons.jexl3.internal.introspection.Uberspect

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	82	Medium
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy, JexlPermissions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	92	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertyGet(List, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	343	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertySet(List, Object, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	409	Medium

org.apache.commons.jexl3.introspection.JexlSandbox$Permissions

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.execute() may expose internal representation by returning JexlSandbox$Permissions.execute	MALICIOUS_CODE	EI_EXPOSE_REP	598	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.read() may expose internal representation by returning JexlSandbox$Permissions.read	MALICIOUS_CODE	EI_EXPOSE_REP	629	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.write() may expose internal representation by returning JexlSandbox$Permissions.write	MALICIOUS_CODE	EI_EXPOSE_REP	651	Medium

org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt is Serializable; consider declaring a serialVersionUID	BAD_PRACTICE	SE_NO_SERIALVERSIONID	29-50	Medium

org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject.getEngine() may expose internal representation by returning JexlScriptEngine.jexlEngine	MALICIOUS_CODE	EI_EXPOSE_REP	195	Medium
new org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject(JexlScriptEngine) may expose internal representation by storing an externally mutable object into JexlScriptEngine$JexlScriptObject.this$0	MALICIOUS_CODE	EI_EXPOSE_REP2	184	Medium