FindBugs Bug Detector Report
The following document contains the results of FindBugs Report
FindBugs Version is 1.3.9
Threshold is low
Effort is min
Files
org.apache.myfaces.application.NavigationHandlerImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Inconsistent synchronization of org.apache.myfaces.application.NavigationHandlerImpl._navigationCases; locked 40% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 256 | Medium |
Inconsistent synchronization of org.apache.myfaces.application.NavigationHandlerImpl._wildcardKeys; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 248 | Low |
org.apache.myfaces.application.NavigationHandlerImpl$KeyComparator
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.application.NavigationHandlerImpl$KeyComparator implements Comparator but not Serializable | BAD_PRACTICE | SE_COMPARATOR_SHOULD_BE_SERIALIZABLE | 315-320 | Medium |
org.apache.myfaces.application.jsp.JspStateManagerImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.application.jsp.JspStateManagerImpl.isCompressStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 602 | Medium |
org.apache.myfaces.application.jsp.JspStateManagerImpl.isSerializeStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 585 | Medium |
Redundant nullcheck of component, which is known to be non-null in org.apache.myfaces.application.jsp.JspStateManagerImpl.getPathToComponent(UIComponent, StringBuffer) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 426 | Low |
org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Class org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection defines non-transient non-serializable instance field _serializedViews | BAD_PRACTICE | SE_BAD_FIELD | Not available | Low |
The field org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection._oldSerializedViews is transient but isn't set by deserialization | BAD_PRACTICE | SE_TRANSIENT_FIELD_NOT_RESTORED | Not available | Low |
org.apache.myfaces.application.pss.PssJspStateManagerImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.application.pss.PssJspStateManagerImpl.isCompressStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 1218 | Medium |
org.apache.myfaces.application.pss.PssJspStateManagerImpl.isSerializeStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 1200 | Medium |
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.LoadTreeFromManager(FacesContext, String) doesn't start with a lower case letter | BAD_PRACTICE | NM_METHOD_NAMING_CONVENTION | 739-748 | Medium |
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.LoadUIViewRootFromManager(FacesContext, String) doesn't start with a lower case letter | BAD_PRACTICE | NM_METHOD_NAMING_CONVENTION | 728-734 | Medium |
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.SaveTreeInManager(FacesContext) doesn't start with a lower case letter | BAD_PRACTICE | NM_METHOD_NAMING_CONVENTION | 700-724 | Medium |
Redundant nullcheck of component, which is known to be non-null in org.apache.myfaces.application.pss.PssJspStateManagerImpl.getPathToComponent(UIComponent, StringBuffer) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 1023 | Low |
Nullcheck of currentComponent at line 916 of value previously dereferenced in org.apache.myfaces.application.pss.PssJspStateManagerImpl.diffComponent(TreeStructComponent, TreeStructComponent) | CORRECTNESS | RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | 830 | Medium |
org.apache.myfaces.application.pss.PssJspStateManagerImpl$SerializedViewCollection
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Class org.apache.myfaces.application.pss.PssJspStateManagerImpl$SerializedViewCollection defines non-transient non-serializable instance field _serializedViews | BAD_PRACTICE | SE_BAD_FIELD | Not available | Low |
org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl.toString() may return null | BAD_PRACTICE | NP_TOSTRING_COULD_RETURN_NULL | 89 | Medium |
Unread field: org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl.status | PERFORMANCE | URF_UNREAD_FIELD | 35 | Medium |
org.apache.myfaces.config.FacesConfigurator
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.config.FacesConfigurator.feedMetaInfServicesFactories() may fail to close stream on exception | BAD_PRACTICE | OS_OPEN_STREAM_EXCEPTION_PATH | 469 | Low |
Write to static field org.apache.myfaces.config.FacesConfigurator.lastUpdate from instance method org.apache.myfaces.config.FacesConfigurator.configure() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 316 | Medium |
org.apache.myfaces.config.ManagedBeanBuilder
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Switch statement found in org.apache.myfaces.config.ManagedBeanBuilder.initializeProperties(FacesContext, Iterator, String, Object) where default case is missing | STYLE | SF_SWITCH_NO_DEFAULT | 186-189 | Low |
org.apache.myfaces.config.impl.FacesConfigEntityResolver
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method call in org.apache.myfaces.config.impl.FacesConfigEntityResolver.resolveEntity(String, String) passes null for nonnull parameter of java.util.jar.JarFile.getInputStream(ZipEntry) | CORRECTNESS | NP_NULL_PARAM_DEREF | 89 | High |
org.apache.myfaces.context.portlet.SessionMap
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method org.apache.myfaces.context.portlet.SessionMap.getAttribute(String) invokes toString() method on a String | PERFORMANCE | DM_STRING_TOSTRING | 48 | Low |
org.apache.myfaces.context.servlet.ServletExternalContextImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception is caught when Exception is not thrown in org.apache.myfaces.context.servlet.ServletExternalContextImpl.<static initializer>() | STYLE | REC_CATCH_EXCEPTION | 80 | Low |
Exception is caught when Exception is not thrown in new org.apache.myfaces.context.servlet.ServletExternalContextImpl(ServletContext, ServletRequest, ServletResponse) | STYLE | REC_CATCH_EXCEPTION | 135 | Low |
org.apache.myfaces.context.servlet.ServletExternalContextImpl$1
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The class org.apache.myfaces.context.servlet.ServletExternalContextImpl$1 could be refactored into a named _static_ inner class | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC_ANON | 278-288 | Low |
org.apache.myfaces.context.servlet.SessionMap
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method org.apache.myfaces.context.servlet.SessionMap.getAttribute(String) invokes toString() method on a String | PERFORMANCE | DM_STRING_TOSTRING | 49 | Low |
org.apache.myfaces.convert.ConverterUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.convert.ConverterUtils.convertToBoolean(Object) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | PERFORMANCE | DM_BOOLEAN_CTOR | 68 | Medium |
org.apache.myfaces.el.ELParserHelper
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.el.ELParserHelper.toJspElExpression(String) invokes inefficient new String(String) constructor | PERFORMANCE | DM_STRING_CTOR | 172 | Medium |
org.apache.myfaces.el.MethodBindingImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
new org.apache.myfaces.el.MethodBindingImpl(Application, String, Class[]) may expose internal representation by storing an externally mutable object into MethodBindingImpl._argClasses | MALICIOUS_CODE | EI_EXPOSE_REP2 | 62 | Medium |
org.apache.myfaces.el.PropertyResolverImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Redundant nullcheck of StringBuffer.toString(), which is known to be non-null in org.apache.myfaces.el.PropertyResolverImpl.getValue(Object, int) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 145 | Low |
org.apache.myfaces.el.ValueBindingImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.el.ValueBindingImpl.s_functionMapper isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 70 | High |
Exception is caught when Exception is not thrown in org.apache.myfaces.el.ValueBindingImpl.getType(FacesContext) | STYLE | REC_CATCH_EXCEPTION | 224 | Low |
Exception is caught when Exception is not thrown in org.apache.myfaces.el.ValueBindingImpl.isReadOnly(FacesContext) | STYLE | REC_CATCH_EXCEPTION | 158 | Low |
org.apache.myfaces.portlet.SavedRequestAttributes
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Class org.apache.myfaces.portlet.SavedRequestAttributes defines non-transient non-serializable instance field reqAttribs | BAD_PRACTICE | SE_BAD_FIELD | Not available | Low |
org.apache.myfaces.portlet.SavedRequestAttributes is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 45-71 | Low |
SavedRequestAttributes.reqAttribs not initialized in constructor | STYLE | UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR | Not available | Low |
org.apache.myfaces.renderkit.html.HtmlHiddenRenderer
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.renderkit.html.HtmlHiddenRenderer.getConvertedValue(FacesContext, UIComponent, Object) | STYLE | BC_UNCONFIRMED_CAST | 75 | Low |
org.apache.myfaces.renderkit.html.HtmlRenderKitImpl$1
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The class org.apache.myfaces.renderkit.html.HtmlRenderKitImpl$1 could be refactored into a named _static_ inner class | PERFORMANCE | SIC_INNER_SHOULD_BE_STATIC_ANON | 147-175 | Low |
org.apache.myfaces.shared_impl.renderkit.RendererUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Can't close content since it is always null in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String) | CORRECTNESS | NP_CLOSING_NULL | 912 | High |
Possible null pointer dereference of content in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String) | CORRECTNESS | NP_NULL_ON_SOME_PATH | 931 | Medium |
org.apache.myfaces.shared_impl.renderkit.RendererUtils$1
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.shared_impl.renderkit.RendererUtils$1 defines equals and uses Object.hashCode() | BAD_PRACTICE | HE_EQUALS_USE_HASHCODE | 58-65 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_PASSTHROUGH_ATTRIBUTES is a mutable array | MALICIOUS_CODE | MS_MUTABLE_ARRAY | 347 | High |
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 199 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 212 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 222 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 217 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 317 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 325 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 329 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 137 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 88 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONFOCUS should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 96 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONSELECT_AND_ONCHANGE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 103 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 164 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 179 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 174 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 148 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 156 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 160 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 184 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 152 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 78 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 55 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 67 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 233 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 242 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 257 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 270 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 284 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_UPLOAD_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 412 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 296 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 340 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.MESSAGE_PASSTHROUGH_ATTRIBUTES_WITHOUT_TITLE_STYLE_AND_STYLE_CLASS should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 429 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 355 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 361 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 436 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 373 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 387 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 396 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 406 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 440 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 124 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 116 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 142 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 169 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 274 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 416 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 301 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protected | MALICIOUS_CODE | MS_OOI_PKGPROTECT | 444 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase.renderGroupOrItemCheckbox(FacesContext, UIComponent, SelectItem, boolean, Set, Converter, boolean) | STYLE | BC_UNCONFIRMED_CAST | 177 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.decode(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 222 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.encodeBegin(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 98 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
instanceof will always return true in org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase.encodeEnd(FacesContext, UIComponent), since all javax.faces.component.html.HtmlSelectOneListbox are instances of javax.faces.component.html.HtmlSelectOneListbox | STYLE | BC_VACUOUS_INSTANCEOF | 68 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.encodeEnd(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 59 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.getConvertedValue(FacesContext, UIComponent, Object) | STYLE | BC_UNCONFIRMED_CAST | 300 | Low |
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.renderGroupOrItemRadio(FacesContext, UIComponent, SelectItem, Object, Converter, boolean) | STYLE | BC_UNCONFIRMED_CAST | 165 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUIOutputConverterFailSafe(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 376 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUISelectManyConverterFailsafe(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 362 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter) | STYLE | BC_UNCONFIRMED_CAST | 335 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter) | STYLE | BC_UNCONFIRMED_CAST | 342 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.DEFAULT_CHAR_ENCODING isn't final but should be | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | 1346 | High |
Method call in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.renderDisplayValueOnlyForSelects(FacesContext, UIComponent) passes null for nonnull parameter of renderSelectOptionsAsText(FacesContext, UIComponent, Converter, Set, List, boolean) | CORRECTNESS | NP_NULL_PARAM_DEREF | 668 | Medium |
org.apache.myfaces.shared_impl.renderkit.html.HtmlResponseWriterImpl
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 117 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 189 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 263 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 359 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase.getConvertedValue(FacesContext, UIComponent, Object) | STYLE | BC_UNCONFIRMED_CAST | 106 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeBegin(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 105 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeChildren(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 133 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeEnd(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 647 | Low |
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeInnerHtml(FacesContext, UIComponent) | STYLE | BC_UNCONFIRMED_CAST | 216 | Low |
Redundant nullcheck of elemName, which is known to be non-null in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.renderFacet(FacesContext, ResponseWriter, UIComponent, boolean) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 731 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase.getConvertedValue(FacesContext, UIComponent, Object) | STYLE | BC_UNCONFIRMED_CAST | 191 | Low |
org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase.getConvertedValue(FacesContext, UIComponent, Object) | STYLE | BC_UNCONFIRMED_CAST | 92 | Low |
org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 149 | Low |
Switch statement found in org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils.encodeString(String) where default case is missing | STYLE | SF_SWITCH_NO_DEFAULT | 206-208 | Low |
org.apache.myfaces.shared_impl.test.ClassElementHandler
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
ClassElementHandler.buffer not initialized in constructor | STYLE | UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR | Not available | Low |
org.apache.myfaces.shared_impl.util.ExceptionUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.ExceptionUtils.getExceptions(Throwable) | STYLE | REC_CATCH_EXCEPTION | 59 | Low |
org.apache.myfaces.shared_impl.util.LocaleUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.LocaleUtils.converterTagLocaleFromString(String) | STYLE | REC_CATCH_EXCEPTION | 136 | Low |
org.apache.myfaces.shared_impl.util.MessageUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method call in org.apache.myfaces.shared_impl.util.MessageUtils.getMessageFromBundle(String, String, Object[]) passes null for nonnull parameter of getMessageFromBundle(String, FacesContext, Locale, String, Object[]) | CORRECTNESS | NP_NULL_PARAM_DEREF | 263 | Medium |
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[]) | STYLE | RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE | 588 | Low |
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[]) | STYLE | RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE | 568 | Low |
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[]) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 591 | Low |
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[]) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 571 | Low |
org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._args | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(FacesMessage$Severity, String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._args | MALICIOUS_CODE | EI_EXPOSE_REP2 | 63 | Medium |
org.apache.myfaces.shared_impl.util.StateUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getMacSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKey | STYLE | BC_VACUOUS_INSTANCEOF | 936 | Medium |
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKey | STYLE | BC_VACUOUS_INSTANCEOF | 791 | Medium |
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[]) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 346 | Low |
Dead store of null to gzip in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[]) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 345 | Low |
Dead store of null to bais in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[]) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 417 | Low |
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[]) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 416 | Low |
Dead store of null to gis in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[]) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 418 | Low |
Dead store of null to outputStream in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 274 | Low |
Dead store of null to writer in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext) | STYLE | DLS_DEAD_LOCAL_STORE_OF_NULL | 273 | Low |
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findMacSecret(String, String) | BAD_PRACTICE | DMI_RANDOM_USED_ONLY_ONCE | 986 | High |
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findSecret(String, String) | BAD_PRACTICE | DMI_RANDOM_USED_ONLY_ONCE | 841 | High |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 667 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 679 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 645 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 630 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 861 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 874 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 950 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 962 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 805 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 817 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 907 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 762 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 724 | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 189 | Low |
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.decrypt(byte[], ExternalContext) | STYLE | REC_CATCH_EXCEPTION | 490 | Low |
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.encrypt(byte[], ExternalContext) | STYLE | REC_CATCH_EXCEPTION | 328 | Low |
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.getAsObject(byte[], ExternalContext) | STYLE | REC_CATCH_EXCEPTION | 552 | Low |
org.apache.myfaces.shared_impl.util.StringUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Should org.apache.myfaces.shared_impl.util.StringUtils.trim(String[]) return a zero length array rather than null? | STYLE | PZLA_PREFER_ZERO_LENGTH_ARRAYS | 685 | Low |
org.apache.myfaces.shared_impl.util._Constants
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Redundant nullcheck of ret, which is known to be non-null in org.apache.myfaces.shared_impl.util._Constants.getStringResource(String) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 185 | Low |
org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet.doGet(HttpServletRequest, HttpServletResponse) | STYLE | REC_CATCH_EXCEPTION | 87 | Low |
org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 26-121 | Low |
org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser.parse() | STYLE | REC_CATCH_EXCEPTION | 112 | Low |
org.apache.myfaces.taglib.core.LoadBundleTag$BundleMap
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Redundant nullcheck of java.util.ResourceBundle.getObject(String), which is known to be non-null in org.apache.myfaces.taglib.core.LoadBundleTag$BundleMap.containsKey(Object) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 203 | Low |
org.apache.myfaces.taglib.html.HtmlColumnTag
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Dead store to comp in org.apache.myfaces.taglib.html.HtmlColumnTag.setProperties(UIComponent) | STYLE | DLS_DEAD_LOCAL_STORE | 58 | Medium |
Dead store to context in org.apache.myfaces.taglib.html.HtmlColumnTag.setProperties(UIComponent) | STYLE | DLS_DEAD_LOCAL_STORE | 62 | Medium |
org.apache.myfaces.util.DebugUtils
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Method org.apache.myfaces.util.DebugUtils.printAttribute(PrintStream, String, Object) invokes toString() method on a String | PERFORMANCE | DM_STRING_TOSTRING | 360 | Low |
org.apache.myfaces.webapp.StartupServletContextListener
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
Use of non-localized String.toUpperCase() or String.toLowerCase | I18N | DM_CONVERT_CASE | 84 | Low |