Apache MyFaces
Documentation
Foundation

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 1.3.9

Threshold is low

Effort is min

Summary

ClassesBugsErrorsMissing Classes
11112200

org.apache.myfaces.shared_impl.renderkit.RendererUtils

BugCategoryDetailsLinePriority
Can't close content since it is always null in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_CLOSING_NULL912High
Possible null pointer dereference of content in org.apache.myfaces.shared_impl.renderkit.RendererUtils.loadResourceFile(FacesContext, String)CORRECTNESSNP_NULL_ON_SOME_PATH931Medium

org.apache.myfaces.shared_impl.renderkit.RendererUtils$1

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_impl.renderkit.RendererUtils$1 defines equals and uses Object.hashCode()BAD_PRACTICEHE_EQUALS_USE_HASHCODE58Medium

org.apache.myfaces.shared_impl.renderkit.html.HTML

BugCategoryDetailsLinePriority
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT199Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT212Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT222Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.ANCHOR_PASSTHROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT217Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT317Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT325Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.BUTTON_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT329Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT137Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT88Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT96Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_EVENT_ATTRIBUTES_WITHOUT_ONSELECT_AND_ONCHANGE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT103Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT164Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT179Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT174Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT148Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT156Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONCLICK_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT160Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT184Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_PASSTROUGH_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT152Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT78Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT55Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.EVENT_HANDLER_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT67Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT233Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.FORM_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT242Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT257Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT270Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT284Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_UPLOAD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT412Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT296Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT340Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.MESSAGE_PASSTHROUGH_ATTRIBUTES_WITHOUT_TITLE_STYLE_AND_STYLE_CLASS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT429Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT355Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT361Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.SELECT_TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT436Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT373Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TABLE_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT387Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT396Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.TEXTAREA_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT406Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT440Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT124Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.UNIVERSAL_ATTRIBUTES_WITHOUT_STYLE should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT116Medium
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT142Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.COMMON_FIELD_PASSTROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT169Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.IMG_PASSTHROUGH_ATTRIBUTES_WITHOUT_ONMOUSEOVER_AND_ONMOUSEOUT should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT274Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_FILE_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT416Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.INPUT_PASSTHROUGH_ATTRIBUTES_WITHOUT_DISABLED_AND_ONFOCUS_AND_ONCLICK should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT301Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.LABEL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT347Low
org.apache.myfaces.shared_impl.renderkit.html.HTML.UL_PASSTHROUGH_ATTRIBUTES should be moved out of an interface and made package protectedMALICIOUS_CODEMS_OOI_PKGPROTECT444Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlCheckboxRendererBase.renderGroupOrItemCheckbox(FacesContext, UIComponent, SelectItem, boolean, Set, Converter, boolean)STYLEBC_UNCONFIRMED_CAST177Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.decode(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST222Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIForm in org.apache.myfaces.shared_impl.renderkit.html.HtmlFormRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST98Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_impl.renderkit.html.HtmlListboxRendererBase.encodeEnd(FacesContext, UIComponent), since all javax.faces.component.html.HtmlSelectOneListbox are instances of javax.faces.component.html.HtmlSelectOneListboxSTYLEBC_VACUOUS_INSTANCEOF68Medium

org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST59Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST300Low
Unchecked/unconfirmed cast from javax.faces.model.SelectItem to javax.faces.model.SelectItemGroup in org.apache.myfaces.shared_impl.renderkit.html.HtmlRadioRendererBase.renderGroupOrItemRadio(FacesContext, UIComponent, SelectItem, Object, Converter, boolean)STYLEBC_UNCONFIRMED_CAST165Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUIOutputConverterFailSafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST376Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.findUISelectManyConverterFailsafe(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST362Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectMany in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST335Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UISelectOne in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.getSubmittedOrSelectedValuesAsSet(boolean, UIComponent, FacesContext, Converter)STYLEBC_UNCONFIRMED_CAST342Low
org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.DEFAULT_CHAR_ENCODING isn't final but should beMALICIOUS_CODEMS_SHOULD_BE_FINAL1346Low
Method call in org.apache.myfaces.shared_impl.renderkit.html.HtmlRendererUtils.renderDisplayValueOnlyForSelects(FacesContext, UIComponent) passes null for nonnull parameter of renderSelectOptionsAsText(FacesContext, UIComponent, Converter, Set, List, boolean)CORRECTNESSNP_NULL_PARAM_DEREF668Medium

org.apache.myfaces.shared_impl.renderkit.html.HtmlResponseWriterImpl

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE117Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE263Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE359Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlSecretRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST106Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeBegin(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST105Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeChildren(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST133Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeEnd(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST547Low
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIData in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.encodeInnerHtml(FacesContext, UIComponent)STYLEBC_UNCONFIRMED_CAST215Low
Redundant nullcheck of elemName, which is known to be non-null in org.apache.myfaces.shared_impl.renderkit.html.HtmlTableRendererBase.renderFacet(FacesContext, ResponseWriter, UIComponent, boolean)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE631Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST191Low

org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase

BugCategoryDetailsLinePriority
Unchecked/unconfirmed cast from javax.faces.component.UIComponent to javax.faces.component.UIOutput in org.apache.myfaces.shared_impl.renderkit.html.HtmlTextareaRendererBase.getConvertedValue(FacesContext, UIComponent, Object)STYLEBC_UNCONFIRMED_CAST92Low

org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils

BugCategoryDetailsLinePriority
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE149Low
Switch statement found in org.apache.myfaces.shared_impl.renderkit.html.util.JavascriptUtils.encodeString(String) where default case is missingSTYLESF_SWITCH_NO_DEFAULT206Low

org.apache.myfaces.shared_impl.test.ClassElementHandler

BugCategoryDetailsLinePriority
ClassElementHandler.buffer not initialized in constructorSTYLEUWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTORLow

org.apache.myfaces.shared_impl.util.ExceptionUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.ExceptionUtils.getExceptions(Throwable)STYLEREC_CATCH_EXCEPTION59Low

org.apache.myfaces.shared_impl.util.LocaleUtils

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.LocaleUtils.converterTagLocaleFromString(String)STYLEREC_CATCH_EXCEPTION136Low

org.apache.myfaces.shared_impl.util.MessageUtils

BugCategoryDetailsLinePriority
Method call in org.apache.myfaces.shared_impl.util.MessageUtils.getMessageFromBundle(String, String, Object[]) passes null for nonnull parameter of getMessageFromBundle(String, FacesContext, Locale, String, Object[])CORRECTNESSNP_NULL_PARAM_DEREF263Medium
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE588Low
Redundant comparison of non-null value to null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE568Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(String, FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE591Low
Redundant nullcheck of message, which is known to be non-null in org.apache.myfaces.shared_impl.util.MessageUtils.getMessage(FacesContext, String, Object[])STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE571Low

org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage

BugCategoryDetailsLinePriority
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP254Medium
new org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage(FacesMessage$Severity, String, String, Object[], Locale) may expose internal representation by storing an externally mutable object into ParametrizableFacesMessage._argsMALICIOUS_CODEEI_EXPOSE_REP263Medium
The field org.apache.myfaces.shared_impl.util.ParametrizableFacesMessage._evaluatedArgs is transient but isn't set by deserializationBAD_PRACTICESE_TRANSIENT_FIELD_NOT_RESTOREDLow

org.apache.myfaces.shared_impl.util.StateUtils

BugCategoryDetailsLinePriority
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getMacSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF936Medium
instanceof will always return true in org.apache.myfaces.shared_impl.util.StateUtils.getSecret(ExternalContext), since all javax.crypto.SecretKey are instances of javax.crypto.SecretKeySTYLEBC_VACUOUS_INSTANCEOF791Medium
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL346Low
Dead store of null to gzip in org.apache.myfaces.shared_impl.util.StateUtils.compress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL345Low
Dead store of null to bais in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL417Low
Dead store of null to baos in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL416Low
Dead store of null to gis in org.apache.myfaces.shared_impl.util.StateUtils.decompress(byte[])STYLEDLS_DEAD_LOCAL_STORE_OF_NULL418Low
Dead store of null to outputStream in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL274Low
Dead store of null to writer in org.apache.myfaces.shared_impl.util.StateUtils.getAsByteArray(Object, ExternalContext)STYLEDLS_DEAD_LOCAL_STORE_OF_NULL273Low
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findMacSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE986High
Random object created and used only once in org.apache.myfaces.shared_impl.util.StateUtils.findSecret(String, String)BAD_PRACTICEDMI_RANDOM_USED_ONLY_ONCE841High
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE667Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE679Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE645Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE630Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE861Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE874Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE950Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE962Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE805Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE817Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE907Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE762Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE724Low
Use of non-localized String.toUpperCase() or String.toLowerCaseI18NDM_CONVERT_CASE189Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.decrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION490Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.encrypt(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION328Low
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.StateUtils.getAsObject(byte[], ExternalContext)STYLEREC_CATCH_EXCEPTION552Low

org.apache.myfaces.shared_impl.util.StringUtils

BugCategoryDetailsLinePriority
Should org.apache.myfaces.shared_impl.util.StringUtils.trim(String[]) return a zero length array rather than null?STYLEPZLA_PREFER_ZERO_LENGTH_ARRAYS685Low

org.apache.myfaces.shared_impl.util._Constants

BugCategoryDetailsLinePriority
Redundant nullcheck of ret, which is known to be non-null in org.apache.myfaces.shared_impl.util._Constants.getStringResource(String)STYLERCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE185Low

org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet.doGet(HttpServletRequest, HttpServletResponse)STYLEREC_CATCH_EXCEPTION87Low
org.apache.myfaces.shared_impl.util.servlet.SourceCodeServlet is Serializable; consider declaring a serialVersionUIDBAD_PRACTICESE_NO_SERIALVERSIONID26Low

org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser

BugCategoryDetailsLinePriority
Exception is caught when Exception is not thrown in org.apache.myfaces.shared_impl.webapp.webxml.WebXmlParser.parse()STYLEREC_CATCH_EXCEPTION112Low