SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.0

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
199	17	0	0

Files

Class	Bugs
org.apache.commons.jxpath.JXPathContext	1
org.apache.commons.jxpath.JXPathContextFactory	1
org.apache.commons.jxpath.functions.ConstructorFunction	1
org.apache.commons.jxpath.ri.NamespaceResolver	1
org.apache.commons.jxpath.ri.model.beans.PropertyIterator	1
org.apache.commons.jxpath.ri.model.dom.DOMAttributeIterator	1
org.apache.commons.jxpath.ri.model.dynabeans.StrictLazyDynaBeanPointerFactory$StrictLazyDynaBeanPointer	1
org.apache.commons.jxpath.servlet.HttpSessionAndServletContext	4
org.apache.commons.jxpath.servlet.KeywordVariables	1
org.apache.commons.jxpath.servlet.PageScopeContext	1
org.apache.commons.jxpath.servlet.ServletRequestAndContext	2
org.apache.commons.jxpath.xml.DocumentContainer	2

org.apache.commons.jxpath.JXPathContext

Bug	Category	Details	Line	Priority
org.apache.commons.jxpath.JXPathContext.getParentContext() may expose internal representation by returning JXPathContext.parentContext	MALICIOUS_CODE	EI_EXPOSE_REP	667	Medium

org.apache.commons.jxpath.JXPathContextFactory

Bug	Category	Details	Line	Priority
org.apache.commons.jxpath.JXPathContextFactory.findFactory(String, String) may fail to close stream	BAD_PRACTICE	OS_OPEN_STREAM	117	Medium

org.apache.commons.jxpath.functions.ConstructorFunction

Bug	Category	Details	Line	Priority
new org.apache.commons.jxpath.functions.ConstructorFunction(Constructor) may expose internal representation by storing an externally mutable object into ConstructorFunction.constructor	MALICIOUS_CODE	EI_EXPOSE_REP2	42	Medium

org.apache.commons.jxpath.ri.NamespaceResolver

Bug	Category	Details	Line	Priority
Inconsistent synchronization of org.apache.commons.jxpath.ri.NamespaceResolver.pointer; locked 50% of time	MT_CORRECTNESS	IS2_INCONSISTENT_SYNC	137	Medium

org.apache.commons.jxpath.ri.model.beans.PropertyIterator

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jxpath.ri.model.beans.PropertyIterator at new org.apache.commons.jxpath.ri.model.beans.PropertyIterator(PropertyOwnerPointer, String, boolean, NodePointer) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	62	Medium

org.apache.commons.jxpath.ri.model.dom.DOMAttributeIterator

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jxpath.ri.model.dom.DOMAttributeIterator at new org.apache.commons.jxpath.ri.model.dom.DOMAttributeIterator(NodePointer, QName) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	56	Medium

org.apache.commons.jxpath.ri.model.dynabeans.StrictLazyDynaBeanPointerFactory$StrictLazyDynaBeanPointer

Bug	Category	Details	Line	Priority
org.apache.commons.jxpath.ri.model.dynabeans.StrictLazyDynaBeanPointerFactory$StrictLazyDynaBeanPointer doesn't override DynaBeanPointer.equals(Object)	STYLE	EQ_DOESNT_OVERRIDE_EQUALS	1	Medium

org.apache.commons.jxpath.servlet.HttpSessionAndServletContext

Bug	Category	Details	Line	Priority
org.apache.commons.jxpath.servlet.HttpSessionAndServletContext.getServletContext() may expose internal representation by returning HttpSessionAndServletContext.context	MALICIOUS_CODE	EI_EXPOSE_REP	48	Medium
org.apache.commons.jxpath.servlet.HttpSessionAndServletContext.getSession() may expose internal representation by returning HttpSessionAndServletContext.session	MALICIOUS_CODE	EI_EXPOSE_REP	57	Medium
new org.apache.commons.jxpath.servlet.HttpSessionAndServletContext(HttpSession, ServletContext) may expose internal representation by storing an externally mutable object into HttpSessionAndServletContext.context	MALICIOUS_CODE	EI_EXPOSE_REP2	39	Medium
new org.apache.commons.jxpath.servlet.HttpSessionAndServletContext(HttpSession, ServletContext) may expose internal representation by storing an externally mutable object into HttpSessionAndServletContext.session	MALICIOUS_CODE	EI_EXPOSE_REP2	38	Medium

org.apache.commons.jxpath.servlet.KeywordVariables

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jxpath.servlet.KeywordVariables at new org.apache.commons.jxpath.servlet.KeywordVariables(String, Object) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	47	Medium

org.apache.commons.jxpath.servlet.PageScopeContext

Bug	Category	Details	Line	Priority
new org.apache.commons.jxpath.servlet.PageScopeContext(PageContext) may expose internal representation by storing an externally mutable object into PageScopeContext.pageContext	MALICIOUS_CODE	EI_EXPOSE_REP2	38	Medium

org.apache.commons.jxpath.servlet.ServletRequestAndContext

Bug	Category	Details	Line	Priority
org.apache.commons.jxpath.servlet.ServletRequestAndContext.getServletRequest() may expose internal representation by returning ServletRequestAndContext.request	MALICIOUS_CODE	EI_EXPOSE_REP	49	Medium
new org.apache.commons.jxpath.servlet.ServletRequestAndContext(ServletRequest, ServletContext) may expose internal representation by storing an externally mutable object into ServletRequestAndContext.request	MALICIOUS_CODE	EI_EXPOSE_REP2	40	Medium

org.apache.commons.jxpath.xml.DocumentContainer

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.commons.jxpath.xml.DocumentContainer at new org.apache.commons.jxpath.xml.DocumentContainer(URL) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	111	Medium
Exception thrown in class org.apache.commons.jxpath.xml.DocumentContainer at new org.apache.commons.jxpath.xml.DocumentContainer(URL, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	124	Medium