JEXL – SpotBugs Bug Detector Report

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.5

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
333	31	0	0

Files

Class	Bugs
org.apache.commons.jexl3.JexlArithmetic	6
org.apache.commons.jexl3.JexlException	1
org.apache.commons.jexl3.JexlFeatures	1
org.apache.commons.jexl3.JexlOptions	2
org.apache.commons.jexl3.ObjectContext	1
org.apache.commons.jexl3.internal.Engine	2
org.apache.commons.jexl3.internal.introspection.ArrayIterator	1
org.apache.commons.jexl3.internal.introspection.ArrayListWrapper	1
org.apache.commons.jexl3.internal.introspection.ClassTool	2
org.apache.commons.jexl3.internal.introspection.Introspector	2
org.apache.commons.jexl3.internal.introspection.SandboxUberspect	1
org.apache.commons.jexl3.internal.introspection.Uberspect	4
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions	3
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt	1
org.apache.commons.jexl3.scripting.JexlScriptEngine	2
org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject	1

org.apache.commons.jexl3.JexlArithmetic

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	271	Medium
Exception thrown in class org.apache.commons.jexl3.JexlArithmetic at new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	261	Medium
org.apache.commons.jexl3.JexlArithmetic.collectionContains(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	486	Medium
org.apache.commons.jexl3.JexlArithmetic.endsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	839	Medium
org.apache.commons.jexl3.JexlArithmetic.startsWith(Object, Object) has Boolean return type and returns explicit null	BAD_PRACTICE	NP_BOOLEAN_RETURN_NULL	1877	Medium
Exception is caught when Exception is not thrown in new org.apache.commons.jexl3.JexlArithmetic(boolean, MathContext, int)	STYLE	REC_CATCH_EXCEPTION	289	Medium

org.apache.commons.jexl3.JexlException

Bug	Category	Details	Line	Priority
Useless condition: it's known that length >= 21 at this point	STYLE	UC_USELESS_CONDITION	1110	Medium

org.apache.commons.jexl3.JexlFeatures

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.JexlFeatures.getReservedNames() may expose internal representation by returning JexlFeatures.reservedNames	MALICIOUS_CODE	EI_EXPOSE_REP	414	Medium

org.apache.commons.jexl3.JexlOptions

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.JexlOptions.getImports() may expose internal representation by returning JexlOptions.imports	MALICIOUS_CODE	EI_EXPOSE_REP	175	Medium
org.apache.commons.jexl3.JexlOptions.getNamespaces() may expose internal representation by returning JexlOptions.namespaces	MALICIOUS_CODE	EI_EXPOSE_REP	199	Medium

org.apache.commons.jexl3.ObjectContext

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.ObjectContext(JexlEngine, Object) may expose internal representation by storing an externally mutable object into ObjectContext.jexl	MALICIOUS_CODE	EI_EXPOSE_REP2	43	Medium

org.apache.commons.jexl3.internal.Engine

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	312	Medium
Exception thrown in class org.apache.commons.jexl3.internal.Engine at new org.apache.commons.jexl3.internal.Engine(JexlBuilder) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	332	Medium

org.apache.commons.jexl3.internal.introspection.ArrayIterator

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayIterator at new org.apache.commons.jexl3.internal.introspection.ArrayIterator(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	58	Medium

org.apache.commons.jexl3.internal.introspection.ArrayListWrapper

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.ArrayListWrapper at new org.apache.commons.jexl3.internal.introspection.ArrayListWrapper(Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	42	Medium

org.apache.commons.jexl3.internal.introspection.ClassTool

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.internal.introspection.ClassTool.<static initializer for ClassTool>() might ignore java.lang.Exception	BAD_PRACTICE	DE_MIGHT_IGNORE	50	Medium
Exception is caught when Exception is not thrown in org.apache.commons.jexl3.internal.introspection.ClassTool.<static initializer for ClassTool>()	STYLE	REC_CATCH_EXCEPTION	50	Medium

org.apache.commons.jexl3.internal.introspection.Introspector

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.internal.introspection.Introspector.getLoader() may expose internal representation by returning Introspector.loader	MALICIOUS_CODE	EI_EXPOSE_REP	258	Medium
new org.apache.commons.jexl3.internal.introspection.Introspector(Log, ClassLoader, JexlPermissions) may expose internal representation by storing an externally mutable object into Introspector.loader	MALICIOUS_CODE	EI_EXPOSE_REP2	125	Medium

org.apache.commons.jexl3.internal.introspection.SandboxUberspect

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.internal.introspection.SandboxUberspect(JexlUberspect, JexlSandbox) may expose internal representation by storing an externally mutable object into SandboxUberspect.uberspect	MALICIOUS_CODE	EI_EXPOSE_REP2	63	Medium

org.apache.commons.jexl3.internal.introspection.Uberspect

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	112	Medium
Exception thrown in class org.apache.commons.jexl3.internal.introspection.Uberspect at new org.apache.commons.jexl3.internal.introspection.Uberspect(Log, JexlUberspect$ResolverStrategy, JexlPermissions) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	122	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertyGet(List, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	363	Medium
Comparison of String objects using == or != in org.apache.commons.jexl3.internal.introspection.Uberspect.getPropertySet(List, Object, Object, Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	429	Medium

org.apache.commons.jexl3.introspection.JexlSandbox$Permissions

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.execute() may expose internal representation by returning JexlSandbox$Permissions.execute	MALICIOUS_CODE	EI_EXPOSE_REP	244	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.read() may expose internal representation by returning JexlSandbox$Permissions.read	MALICIOUS_CODE	EI_EXPOSE_REP	274	Medium
org.apache.commons.jexl3.introspection.JexlSandbox$Permissions.write() may expose internal representation by returning JexlSandbox$Permissions.write	MALICIOUS_CODE	EI_EXPOSE_REP	296	Medium

org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt

Bug	Category	Details	Line	Priority
org.apache.commons.jexl3.parser.ASTIdentifierAccessJxlt is Serializable; consider declaring a serialVersionUID	BAD_PRACTICE	SE_NO_SERIALVERSIONID	29-43	Medium

org.apache.commons.jexl3.scripting.JexlScriptEngine

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jexl3.scripting.JexlScriptEngine at new org.apache.commons.jexl3.scripting.JexlScriptEngine() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	391	Medium
Exception thrown in class org.apache.commons.jexl3.scripting.JexlScriptEngine at new org.apache.commons.jexl3.scripting.JexlScriptEngine(ScriptEngineFactory) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	402	Medium

org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject

Bug	Category	Details	Line	Priority
new org.apache.commons.jexl3.scripting.JexlScriptEngine$JexlScriptObject(JexlScriptEngine) may expose internal representation by storing an externally mutable object into JexlScriptEngine$JexlScriptObject.this$0	MALICIOUS_CODE	EI_EXPOSE_REP2	180	Medium