Apache Commons logo Commons Logging
Apache Commons Logging ™
  • Last Published: 24 March 2024
  • |
  • Version: 1.3.1

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.3

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
27 20 0 3

Files

Class Bugs
org.apache.commons.logging.LogConfigurationException 1
org.apache.commons.logging.LogFactory 4
org.apache.commons.logging.LogSource 4
org.apache.commons.logging.impl.Jdk13LumberjackLogger 2
org.apache.commons.logging.impl.Jdk14Logger 1
org.apache.commons.logging.impl.Log4JLogger 2
org.apache.commons.logging.impl.LogFactoryImpl 1
org.apache.commons.logging.impl.SimpleLog 4
org.apache.commons.logging.impl.WeakHashtable 1

org.apache.commons.logging.LogConfigurationException

Bug Category Details Line Priority
new org.apache.commons.logging.LogConfigurationException(String, Throwable) may expose internal representation by storing an externally mutable object into LogConfigurationException.cause MALICIOUS_CODE EI_EXPOSE_REP2 59 Medium

org.apache.commons.logging.LogFactory

Bug Category Details Line Priority
org.apache.commons.logging.LogFactory.factories should be both final and package protected MALICIOUS_CODE MS_FINAL_PKGPROTECT 257 Medium
This API (java/io/FileOutputStream.<init>(Ljava/lang/String;Z)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 1198 Medium
Exception is caught when Exception is not thrown in org.apache.commons.logging.LogFactory.createFactory(String, ClassLoader) STYLE REC_CATCH_EXCEPTION 421 Medium
This web server request could be used by an attacker to expose internal services and filesystem. SECURITY URLCONNECTION_SSRF_FD 1016 Medium

org.apache.commons.logging.LogSource

Bug Category Details Line Priority
org.apache.commons.logging.LogSource.logs should be both final and package protected MALICIOUS_CODE MS_FINAL_PKGPROTECT 59 Medium
org.apache.commons.logging.LogSource.logImplctor should be package protected MALICIOUS_CODE MS_PKGPROTECT Not available Medium
org.apache.commons.logging.LogSource.jdk14IsAvailable isn't final but should be MALICIOUS_CODE MS_SHOULD_BE_FINAL 81 Medium
org.apache.commons.logging.LogSource.log4jIsAvailable isn't final but should be MALICIOUS_CODE MS_SHOULD_BE_FINAL 78 Medium

org.apache.commons.logging.impl.Jdk13LumberjackLogger

Bug Category Details Line Priority
org.apache.commons.logging.impl.Jdk13LumberjackLogger.getLogger() may expose internal representation by returning Jdk13LumberjackLogger.logger MALICIOUS_CODE EI_EXPOSE_REP 195 Medium
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 163 Medium

org.apache.commons.logging.impl.Jdk14Logger

Bug Category Details Line Priority
org.apache.commons.logging.impl.Jdk14Logger.getLogger() may expose internal representation by returning Jdk14Logger.logger MALICIOUS_CODE EI_EXPOSE_REP 142 Medium

org.apache.commons.logging.impl.Log4JLogger

Bug Category Details Line Priority
Exception thrown in class org.apache.commons.logging.impl.Log4JLogger at new org.apache.commons.logging.impl.Log4JLogger(Logger) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 107 Medium
new org.apache.commons.logging.impl.Log4JLogger(Logger) may expose internal representation by storing an externally mutable object into Log4JLogger.logger MALICIOUS_CODE EI_EXPOSE_REP2 111 Medium

org.apache.commons.logging.impl.LogFactoryImpl

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 987 Medium

org.apache.commons.logging.impl.SimpleLog

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 554 Medium
org.apache.commons.logging.impl.SimpleLog.simpleLogProps is a mutable collection which should be package protected MALICIOUS_CODE MS_MUTABLE_COLLECTION_PKGPROTECT 79 Medium
org.apache.commons.logging.impl.SimpleLog.dateFormatter isn't final but should be refactored to be so MALICIOUS_CODE MS_SHOULD_BE_REFACTORED_TO_BE_FINAL 150 High
org.apache.commons.logging.impl.SimpleLog.dateFormatter is a static field of type java.text.DateFormat, which isn't thread safe MT_CORRECTNESS STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE Not available High

org.apache.commons.logging.impl.WeakHashtable

Bug Category Details Line Priority
org.apache.commons.logging.impl.WeakHashtable doesn't override java.util.Hashtable.equals(Object) STYLE EQ_DOESNT_OVERRIDE_EQUALS 1 Medium

Copyright © 2001-2024 The Apache Software Foundation. All Rights Reserved.

Apache Commons, Apache Commons Logging, Apache, the Apache feather logo, and the Apache Commons project logos are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.