SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.0
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 27 |
19 |
0 |
4 |
org.apache.commons.logging.LogConfigurationException
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.commons.logging.LogConfigurationException(String, Throwable) may expose internal representation by storing an externally mutable object into LogConfigurationException.cause |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
61 |
Medium |
org.apache.commons.logging.LogFactory
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.logging.LogFactory.factories should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
257 |
Medium |
| This API (java/io/FileOutputStream.<init>(Ljava/lang/String;Z)V) writes to a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_OUT |
1132 |
Medium |
| Exception is caught when Exception is not thrown in org.apache.commons.logging.LogFactory.createFactory(String, ClassLoader) |
STYLE |
REC_CATCH_EXCEPTION |
408 |
Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. |
SECURITY |
URLCONNECTION_SSRF_FD |
950 |
Medium |
org.apache.commons.logging.LogSource
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.logging.LogSource.logs should be both final and package protected |
MALICIOUS_CODE |
MS_FINAL_PKGPROTECT |
59 |
Medium |
| org.apache.commons.logging.LogSource.logImplctor should be package protected |
MALICIOUS_CODE |
MS_PKGPROTECT |
Not available |
Medium |
| org.apache.commons.logging.LogSource.log4jIsAvailable isn't final but should be |
MALICIOUS_CODE |
MS_SHOULD_BE_FINAL |
83 |
Medium |
org.apache.commons.logging.impl.Jdk13LumberjackLogger
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.logging.impl.Jdk13LumberjackLogger.getLogger() may expose internal representation by returning Jdk13LumberjackLogger.logger |
MALICIOUS_CODE |
EI_EXPOSE_REP |
195 |
Medium |
| Possible information exposure through an error message |
SECURITY |
INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE |
163 |
Medium |
org.apache.commons.logging.impl.Jdk14Logger
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.logging.impl.Jdk14Logger.getLogger() may expose internal representation by returning Jdk14Logger.logger |
MALICIOUS_CODE |
EI_EXPOSE_REP |
142 |
Medium |
org.apache.commons.logging.impl.Log4JLogger
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.apache.commons.logging.impl.Log4JLogger at new org.apache.commons.logging.impl.Log4JLogger(Logger) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
107 |
Medium |
| new org.apache.commons.logging.impl.Log4JLogger(Logger) may expose internal representation by storing an externally mutable object into Log4JLogger.logger |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
111 |
Medium |
org.apache.commons.logging.impl.WeakHashtable
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.commons.logging.impl.WeakHashtable doesn't override java.util.Hashtable.equals(Object) |
STYLE |
EQ_DOESNT_OVERRIDE_EQUALS |
1 |
Medium |
|
