JSF Implementations
UI-Component Sets
Add-ons and Extensions
Documentation
Project Documentation
Foundation

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 1.3.9

Threshold is low

Effort is min

Summary

ClassesBugsErrorsMissing Classes
36317300

Files

ClassBugs
org.apache.myfaces.application.NavigationHandlerImpl2
org.apache.myfaces.application.NavigationHandlerImpl$KeyComparator1
org.apache.myfaces.application.jsp.JspStateManagerImpl3
org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection2
org.apache.myfaces.application.pss.PssJspStateManagerImpl7
org.apache.myfaces.application.pss.PssJspStateManagerImpl$SerializedViewCollection1
org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl2
org.apache.myfaces.config.FacesConfigurator3
org.apache.myfaces.config.ManagedBeanBuilder1
org.apache.myfaces.config.impl.FacesConfigEntityResolver1
org.apache.myfaces.config.impl.digester.elements.ListEntries1
org.apache.myfaces.config.impl.digester.elements.ManagedBean1
org.apache.myfaces.config.impl.digester.elements.ManagedProperty1
org.apache.myfaces.config.impl.digester.elements.MapEntries1
org.apache.myfaces.config.impl.digester.elements.NavigationCase1
org.apache.myfaces.config.impl.digester.elements.NavigationRule1
org.apache.myfaces.config.impl.digester.elements.Renderer1
org.apache.myfaces.context.portlet.SessionMap1
org.apache.myfaces.context.servlet.ServletExternalContextImpl2
org.apache.myfaces.context.servlet.ServletExternalContextImpl$11
org.apache.myfaces.context.servlet.SessionMap1
org.apache.myfaces.convert.ConverterUtils1
org.apache.myfaces.el.ELParserHelper1
org.apache.myfaces.el.MethodBindingImpl1
org.apache.myfaces.el.PropertyResolverImpl1
org.apache.myfaces.el.ValueBindingImpl3
org.apache.myfaces.portlet.SavedRequestAttributes3
org.apache.myfaces.renderkit.html.HtmlHiddenRenderer1
org.apache.myfaces.renderkit.html.HtmlRenderKitImpl$11
org.apache.myfaces.shared_impl.renderkit.RendererUtils2
org.apache.myfaces.shared_impl.renderkit.RendererUtils$11
org.apache.myfaces.shared_impl.renderkit.html.HTML48
org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase1
org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase2
org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase1
org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase3
org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils6
org.apache.myfaces.shared_impl.renderkit.html.HtmlResponseWriterImpl4
org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase1
org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase5
org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase1
org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase1
org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils2
org.apache.myfaces.shared_impl.test.ClassElementHandler1
org.apache.myfaces.shared_impl.util.ExceptionUtils1
org.apache.myfaces.shared_impl.util.LocaleUtils1
org.apache.myfaces.shared_impl.util.MessageUtils5
org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage2
org.apache.myfaces.shared_impl.util.StateUtils28
org.apache.myfaces.shared_impl.util.StringUtils1
org.apache.myfaces.shared_impl.util._Constants1
org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet2
org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser1
org.apache.myfaces.taglib.core.LoadBundleTag$BundleMap1
org.apache.myfaces.taglib.html.HtmlColumnTag2
org.apache.myfaces.util.DebugUtils1
org.apache.myfaces.webapp.StartupServletContextListener1

org.apache.myfaces.application.NavigationHandlerImpl

BugCategoryDetailsLinePriority
Inconsistent synchronization of org.apache.myfaces.application.NavigationHandlerImpl._navigationCases; locked 40% of timeMT_CORRECTNESSIS2_INCONSISTENT_SYNC256Medium
Inconsistent synchronization of org.apache.myfaces.application.NavigationHandlerImpl._wildcardKeys; locked 50% of timeMT_CORRECTNESSIS2_INCONSISTENT_SYNC248Low

org.apache.myfaces.application.NavigationHandlerImpl$KeyComparator

BugCategoryDetailsLinePriority
org.apache.myfaces.application.NavigationHandlerImpl$KeyComparator implements Comparator but not SerializableBAD_PRACTICESE_COMPARATOR_SHOULD_BE_SERIALIZABLE315-320Medium

org.apache.myfaces.application.jsp.JspStateManagerImpl

BugCategoryDetailsLinePriority
org.apache.myfaces.application.jsp.JspStateManagerImpl.isCompressStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPERFORMANCEDM_BOOLEAN_CTOR602Medium
org.apache.myfaces.application.jsp.JspStateManagerImpl.isSerializeStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPERFORMANCEDM_BOOLEAN_CTOR585Medium
Redundant nullcheck of component, which is known to be non-null in org.apache.myfaces.application.jsp.JspStateManagerImpl.getPathToComponent(UIComponent, StringBuffer)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE426Low

org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection

BugCategoryDetailsLinePriority
Class org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection defines non-transient non-serializable instance field _serializedViewsBAD_PRACTICESE_BAD_FIELDNot availableLow
The field org.apache.myfaces.application.jsp.JspStateManagerImpl$SerializedViewCollection._oldSerializedViews is transient but isn't set by deserializationBAD_PRACTICESE_TRANSIENT_FIELD_NOT_RESTOREDNot availableLow

org.apache.myfaces.application.pss.PssJspStateManagerImpl

BugCategoryDetailsLinePriority
org.apache.myfaces.application.pss.PssJspStateManagerImpl.isCompressStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPERFORMANCEDM_BOOLEAN_CTOR1218Medium
org.apache.myfaces.application.pss.PssJspStateManagerImpl.isSerializeStateInSession(FacesContext) invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPERFORMANCEDM_BOOLEAN_CTOR1200Medium
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.LoadTreeFromManager(FacesContext, String) doesn't start with a lower case letterBAD_PRACTICENM_METHOD_NAMING_CONVENTION739-748Medium
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.LoadUIViewRootFromManager(FacesContext, String) doesn't start with a lower case letterBAD_PRACTICENM_METHOD_NAMING_CONVENTION728-734Medium
The method name org.apache.myfaces.application.pss.PssJspStateManagerImpl.SaveTreeInManager(FacesContext) doesn't start with a lower case letterBAD_PRACTICENM_METHOD_NAMING_CONVENTION700-724Medium
Redundant nullcheck of component, which is known to be non-null in org.apache.myfaces.application.pss.PssJspStateManagerImpl.getPathToComponent(UIComponent, StringBuffer)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE1023Low
Nullcheck of currentComponent at line 916 of value previously dereferenced in org.apache.myfaces.application.pss.PssJspStateManagerImpl.diffComponent(TreeStructComponent, TreeStructComponent)CORRECTNESSRCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE830Medium

org.apache.myfaces.application.pss.PssJspStateManagerImpl$SerializedViewCollection

BugCategoryDetailsLinePriority
Class org.apache.myfaces.application.pss.PssJspStateManagerImpl$SerializedViewCollection defines non-transient non-serializable instance field _serializedViewsBAD_PRACTICESE_BAD_FIELDNot availableLow

org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl

BugCategoryDetailsLinePriority
org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl.toString() may return nullBAD_PRACTICENP_TOSTRING_COULD_RETURN_NULL89Medium
Unread field: org.apache.myfaces.application.pss.ViewHandlerResponseWrapperHelperImpl.statusPERFORMANCEURF_UNREAD_FIELD35Medium

org.apache.myfaces.config.FacesConfigurator

BugCategoryDetailsLinePriority
org.apache.myfaces.config.FacesConfigurator.feedMetaInfServicesFactories() may fail to close stream on exceptionBAD_PRACTICEOS_OPEN_STREAM_EXCEPTION_PATH469Low
Write to static field org.apache.myfaces.config.FacesConfigurator.lastUpdate from instance method org.apache.myfaces.config.FacesConfigurator.configure()STYLEST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD316Medium

org.apache.myfaces.config.ManagedBeanBuilder

BugCategoryDetailsLinePriority
Switch statement found in org.apache.myfaces.config.ManagedBeanBuilder.initializeProperties(FacesContext, Iterator, String, Object) where default case is missingSTYLESF_SWITCH_NO_DEFAULT186-189Low

org.apache.myfaces.config.impl.FacesConfigEntityResolver

BugCategoryDetailsLinePriority
Method call in org.apache.myfaces.config.impl.FacesConfigEntityResolver.resolveEntity(String, String) passes null for nonnull parameter of java.util.jar.JarFile.getInputStream(ZipEntry)CORRECTNESSNP_NULL_PARAM_DEREF89High

org.apache.myfaces.config.impl.digester.elements.ListEntries

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.ManagedBean

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.ManagedProperty

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.MapEntries

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.NavigationCase

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.NavigationRule

BugCategoryDetailsLinePriority

org.apache.myfaces.config.impl.digester.elements.Renderer

BugCategoryDetailsLinePriority

org.apache.myfaces.context.portlet.SessionMap

BugCategoryDetailsLinePriority
Method org.apache.myfaces.context.portlet.SessionMap.getAttribute(String) invokes toString() method on a StringPERFORMANCEDM_STRING_TOSTRING48Low

org.apache.myfaces.context.servlet.ServletExternalContextImpl

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.context.servlet.ServletExternalContextImpl.<static initializer>()STYLEREC_CATCH_EXCEPTION80Low
Exception is caught when Exception is not thrown in new org.apache.myfaces.context.servlet.ServletExternalContextImpl(ServletContext, ServletRequest, ServletResponse)STYLEREC_CATCH_EXCEPTION135Low

org.apache.myfaces.context.servlet.ServletExternalContextImpl$1

BugCategoryDetailsLinePriority
The class org.apache.myfaces.context.servlet.ServletExternalContextImpl$1 could be refactored into a named _static_ inner classPERFORMANCESIC_INNER_SHOULD_BE_STATIC_ANON278-288Low

org.apache.myfaces.context.servlet.SessionMap

BugCategoryDetailsLinePriority
Method org.apache.myfaces.context.servlet.SessionMap.getAttribute(String) invokes toString() method on a StringPERFORMANCEDM_STRING_TOSTRING49Low

org.apache.myfaces.convert.ConverterUtils

BugCategoryDetailsLinePriority
org.apache.myfaces.convert.ConverterUtils.convertToBoolean(Object) invokes inefficient Boolean constructor; use Boolean.valueOf(...) insteadPERFORMANCEDM_BOOLEAN_CTOR68Medium

org.apache.myfaces.el.ELParserHelper

BugCategoryDetailsLinePriority
org.apache.myfaces.el.ELParserHelper.toJspElExpression(String) invokes inefficient new String(String) constructorPERFORMANCEDM_STRING_CTOR172Medium

org.apache.myfaces.el.MethodBindingImpl

BugCategoryDetailsLinePriority
new org.apache.myfaces.el.MethodBindingImpl(Application, String, Class[]) may expose internal representation by storing an externally mutable object into MethodBindingImpl._argClassesMALICIOUS_CODEEI_EXPOSE_REP262Medium

org.apache.myfaces.el.PropertyResolverImpl

BugCategoryDetailsLinePriority
Redundant nullcheck of StringBuffer.toString(), which is known to be non-null in org.apache.myfaces.el.PropertyResolverImpl.getValue(Object, int)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE145Low

org.apache.myfaces.el.ValueBindingImpl

BugCategoryDetailsLinePriority
org.apache.myfaces.el.ValueBindingImpl.s_functionMapper isn't final but should beMALICIOUS_CODEMS_SHOULD_BE_FINAL70High
Exception is caught when Exception is not thrown in org.apache.myfaces.el.ValueBindingImpl.getType(FacesContext)STYLEREC_CATCH_EXCEPTION224Low
Exception is caught when Exception is not thrown in org.apache.myfaces.el.ValueBindingImpl.isReadOnly(FacesContext)STYLEREC_CATCH_EXCEPTION158Low

org.apache.myfaces.portlet.SavedRequestAttributes

BugCategoryDetailsLinePriority
Class org.apache.myfaces.portlet.SavedRequestAttributes defines non-transient non-serializable instance field reqAttribsBAD_PRACTICESE_BAD_FIELDNot availableLow
org.apache.myfaces.portlet.SavedRequestAttributes is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID45-71Low
SavedRequestAttributes.reqAttribs not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORNot availableLow

org.apache.myfaces.renderkit.html.HtmlHiddenRenderer

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.renderkit.html.HtmlHiddenRenderer.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST75Low

org.apache.myfaces.renderkit.html.HtmlRenderKitImpl$1

BugCategoryDetailsLinePriority
The class org.apache.myfaces.renderkit.html.HtmlRenderKitImpl$1 could be refactored into a named _static_ inner classPERFORMANCESIC_INNER_SHOULD_BE_STATIC_ANON147-175Low

org.apache.myfaces.shared_impl.renderkit.RendererUtils

BugCategoryDetailsLinePriority
Can't close content since it is always null in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_CLOSING_NULL912High
Possible null pointer dereference of content in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_NULL_ON_SOME_PATH931Medium

org.apache.myfaces.shared_impl.renderkit.RendererUtils$1

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_impl.renderkit.RendererUtils$1 defines equals and uses Object.hashCode()BAD_PRACTICEHE_EQUALS_USE_HASHCODE58-65Medium

org.apache.myfaces.shared_impl.renderkit.html.HTML

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_PASSTHROUGH_ATTRIBUTES is a mutable arrayMALICIOUS_CODEMS_MUTABLE_ARRAY347High
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT199Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT212Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT222Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT217Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT317Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT325Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT329Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT137Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT88Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT96Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONSELECT_AND_ONCHANGE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT103Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT164Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT179Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT174Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT148Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT156Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT160Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT184Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT152Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT78Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT55Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT67Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT233Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT242Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT257Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT270Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT284Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_UPLOAD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT412Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT296Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT340Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.MESSAGE_PASSTHROUGH_ATTRIBUTES_WITHOUT_TITLE_STYLE_AND_STYLE_CLASS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT429Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT355Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT361Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT436Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT373Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT387Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT396Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT406Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT440Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT124Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT116Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT142Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT169Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT274Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT416Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT301Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT444Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase.renderGroupOrItemCheckbox(FacesContext, UIComponent, SelectItem, boolean, Set, Converter, boolean)STYLEBC_UNCONFIRMED_CAST177Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.decode(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST222Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST98Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase.encodeEnd(FacesContext, UIComponent), since all javax.faces.component.html.HtmlSelectOneListbox are instances of javax.faces.component.html.HtmlSelectOneListboxSTYLEBC_VACUOUS_INSTANCEOF68Medium

org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST59Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST300Low
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.renderGroupOrItemRadio(FacesContext, UIComponent, SelectItem, Object, Converter, boolean)STYLEBC_UNCONFIRMED_CAST165Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUIOutputConverterFailSafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST376Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUISelectManyConverterFailsafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST362Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST335Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST342Low
org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.DEFAULT_CHAR_ENCODING isn't final but should beMALICIOUS_CODEMS_SHOULD_BE_FINAL1346High
Method call in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.renderDisplayValueOnlyForSelects(FacesContext, UIComponent) passes null for nonnull parameter of renderSelectOptionsAsText(FacesContext, UIComponent, Converter, Set, List, boolean)CORRECTNESSNP_NULL_PARAM_DEREF668Medium

org.apache.myfaces.shared_impl.renderkit.html.HtmlResponseWriterImpl

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE117Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE263Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE359Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST106Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST105Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeChildren(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST133Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST647Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeInnerHtml(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST216Low
Redundant nullcheck of elemName, which is known to be non-null in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.renderFacet(FacesContext, ResponseWriter, UIComponent, boolean)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE731Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST191Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST92Low

org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE149Low
Switch statement found in org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils.encodeString(String) where default case is missingSTYLESF_SWITCH_NO_DEFAULT206-208Low

org.apache.myfaces.shared_impl.test.ClassElementHandler

BugCategoryDetailsLinePriority
ClassElementHandler.buffer not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORNot availableLow

org.apache.myfaces.shared_impl.util.ExceptionUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.ExceptionUtils.getExceptions(Throwable)STYLEREC_CATCH_EXCEPTION59Low

org.apache.myfaces.shared_impl.util.LocaleUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.LocaleUtils.converterTagLocaleFromString(String)STYLEREC_CATCH_EXCEPTION136Low

org.apache.myfaces.shared_impl.util.MessageUtils

BugCategoryDetailsLinePriority
Method call in org.apache.myfaces.shared_impl.util.MessageUtils.getMessageFromBundle(String, String, Object[]) passes null for nonnull parameter of getMessageFromBundle(String, FacesContext, Locale, String, Object[])CORRECTNESSNP_NULL_PARAM_DEREF263Medium
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE588Low
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE568Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE591Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE571Low

org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage

BugCategoryDetailsLinePriority
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP254Medium
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(FacesMessage$Severity, String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP263Medium

org.apache.myfaces.shared_impl.util.StateUtils

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getMacSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF936Medium
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF791Medium
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL346Low
Dead store of null to gzip in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL345Low
Dead store of null to bais in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL417Low
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL416Low
Dead store of null to gis in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL418Low
Dead store of null to outputStream in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL274Low
Dead store of null to writer in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL273Low
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findMacSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE986High
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE841High
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE667Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE679Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE645Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE630Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE861Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE874Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE950Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE962Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE805Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE817Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE907Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE762Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE724Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.decrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION490Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.encrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION328Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.getAsObject(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION552Low

org.apache.myfaces.shared_impl.util.StringUtils

BugCategoryDetailsLinePriority
Should org.apache.myfaces.shared_impl.util.StringUtils.trim(String[]) return a zero length array rather than null?STYLEPZLA_PREFER_ZERO_LENGTH_ARRAYS685Low

org.apache.myfaces.shared_impl.util._Constants

BugCategoryDetailsLinePriority
Redundant nullcheck of ret, which is known to be non-null in org.apache.myfaces.shared_impl.util._Constants.getStringResource(String)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE185Low

org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet.doGet(HttpServletRequest, HttpServletResponse)STYLEREC_CATCH_EXCEPTION87Low
org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID26-121Low

org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser.parse()STYLEREC_CATCH_EXCEPTION112Low

org.apache.myfaces.taglib.core.LoadBundleTag$BundleMap

BugCategoryDetailsLinePriority
Redundant nullcheck of java.util.ResourceBundle.getObject(String), which is known to be non-null in org.apache.myfaces.taglib.core.LoadBundleTag$BundleMap.containsKey(Object)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE203Low

org.apache.myfaces.taglib.html.HtmlColumnTag

BugCategoryDetailsLinePriority
Dead store to comp in org.apache.myfaces.taglib.html.HtmlColumnTag.setProperties(UIComponent)STYLEDLS_DEAD_LOCAL_STORE58Medium
Dead store to context in org.apache.myfaces.taglib.html.HtmlColumnTag.setProperties(UIComponent)STYLEDLS_DEAD_LOCAL_STORE62Medium

org.apache.myfaces.util.DebugUtils

BugCategoryDetailsLinePriority
Method org.apache.myfaces.util.DebugUtils.printAttribute(PrintStream, String, Object) invokes toString() method on a StringPERFORMANCEDM_STRING_TOSTRING360Low

org.apache.myfaces.webapp.StartupServletContextListener

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE84Low