FindBugs Report

Project Information

Project:

FindBugs version: 3.0.1

Code analyzed:



Metrics

4427 lines of code analyzed, in 114 classes, in 14 packages.

Metric Total Density*
High Priority Warnings 17 3.84
Medium Priority Warnings 36 8.13
Total Warnings 53 11.97

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 3
Correctness Warnings 6
Experimental Warnings 4
Internationalization Warnings 3
Malicious code vulnerability Warnings 20
Multithreaded correctness Warnings 1
Performance Warnings 11
Dodgy code Warnings 5
Total 53

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
DE com.adobe.connectpro.telephony.service.main.InitService.initGlobal(GlobalSettings, ServletContext) might ignore java.lang.Exception
RV Exceptional return value of java.io.File.mkdirs() ignored in com.adobe.connectpro.telephony.adaptor.impl.AdaptorInstanceHandler.addPendingAudioDownload(String, String[], String[])
RV Exceptional return value of java.io.File.mkdir() ignored in com.adobe.connectpro.telephony.adaptor.impl.AdaptorInstanceHandler.audioDownloadComplete(String, boolean)

Correctness Warnings

Code Warning
NP Possible null pointer dereference of target in com.adobe.connectpro.telephony.interservice.ServiceAPICallerBasic.openConnectionCheckRedirects(HttpURLConnection, String, Map)
NP Possible null pointer dereference of target in com.adobe.connectpro.telephony.interservice.ServiceAPICallerBasic.openConnectionCheckRedirects(HttpURLConnection, String, Map)
NP Possible null pointer dereference of sharedSecret in com.adobe.connectpro.telephony.service.servlet.XMLApiServlet.doPost(HttpServletRequest, HttpServletResponse)
NP Possible null pointer dereference of inputStreamAES in com.adobe.connectpro.telephony.service.util.EncryptUtil.initKey(String)
NP Possible null pointer dereference of inputStreamDES in com.adobe.connectpro.telephony.service.util.EncryptUtil.initKey(String)
USELESS_STRING Invocation of toString on args in com.adobe.connectpro.telephony.service.rtmp.RTMPConnection.onResolve(String, Object[])

Experimental Warnings

Code Warning
OBL com.adobe.connectpro.telephony.service.main.InitService.initGlobal(GlobalSettings, ServletContext) may fail to clean up java.io.OutputStream
OBL com.adobe.connectpro.telephony.service.prefs.ConfigReader.initialize(String) may fail to clean up java.io.InputStream
OBL com.adobe.connectpro.telephony.service.util.EncryptUtil.initKey(String) may fail to clean up java.io.InputStream on checked exception
OBL com.adobe.connectpro.telephony.service.util.EncryptUtil.initPublicKey(String) may fail to clean up java.io.InputStream on checked exception

Internationalization Warnings

Code Warning
Dm Found reliance on default encoding in com.adobe.connectpro.telephony.service.prefs.capabilities.AdaptorCapabilities.parse(): String.getBytes()
Dm Found reliance on default encoding in com.adobe.connectpro.telephony.service.util.TextUtil.elementToString(Element): new String(byte[])
Dm Found reliance on default encoding in com.adobe.connectpro.telephony.service.util.TextUtil.generateMessageDigest(String, String): String.getBytes()

Malicious code vulnerability Warnings

Code Warning
EI com.adobe.connectpro.telephony.adaptor.impl.RecordingInfo.getDownloadFiles() may expose internal representation by returning RecordingInfo.downloadFiles
EI2 new com.adobe.connectpro.telephony.adaptor.impl.RecordingInfo(String, String[], String) may expose internal representation by storing an externally mutable object into RecordingInfo.downloadFiles
MS com.adobe.connectpro.telephony.interservice.APIException.ERROR_ANY isn't final but should be
MS com.adobe.connectpro.telephony.interservice.APIException.ERROR_API_RESPONSE_PARSING isn't final but should be
MS com.adobe.connectpro.telephony.interservice.APIException.ERROR_SERVER_CONNECTING isn't final but should be
MS com.adobe.connectpro.telephony.service.global.Constants.BREEZE_COOKIE_NAME isn't final but should be
MS com.adobe.connectpro.telephony.service.global.Constants.GENERAL_CONFIG_FILENAME isn't final but should be
MS com.adobe.connectpro.telephony.service.global.Constants.TELEPHONY_CAPABILITIES_FILENAME isn't final but should be
MS com.adobe.connectpro.telephony.service.global.Constants.TELEPHONY_PROVIDERS_FILENAME isn't final but should be
MS com.adobe.connectpro.telephony.service.global.Constants.TELEPHONY_SETTINGS_FILENAME isn't final but should be
MS com.adobe.connectpro.telephony.service.main.TelephonyManager.m_adaptorCapabilities should be package protected
MS com.adobe.connectpro.telephony.service.main.TelephonyManager.m_adaptorSettings should be package protected
MS com.adobe.connectpro.telephony.service.main.TelephonyManager.m_providerSettings should be package protected
MS com.adobe.connectpro.telephony.service.main.TelephonyManager.actionMap isn't final but should be
MS com.adobe.connectpro.telephony.service.main.TelephonyManager.m_adaptorInstanceHandlers isn't final but should be
MS Public static com.adobe.connectpro.telephony.service.prefs.capabilities.AdaptorCapabilities.getV2CapIds() may expose internal representation by returning AdaptorCapabilities.m_v2capIds
MS com.adobe.connectpro.telephony.service.util.EncryptUtil.AESKey should be package protected
MS com.adobe.connectpro.telephony.service.util.EncryptUtil.DESKey should be package protected
MS com.adobe.connectpro.telephony.service.util.EncryptUtil.DEFAULT_INIT_VECTOR isn't final but should be
MS com.adobe.connectpro.telephony.service.util.EncryptUtil.INIT_VECTOR_STR isn't final but should be

Multithreaded correctness Warnings

Code Warning
DC Possible doublecheck on com.adobe.connectpro.telephony.service.global.GlobalSettings.instance in com.adobe.connectpro.telephony.service.global.GlobalSettings.getInstance()

Performance Warnings

Code Warning
Dm com.adobe.connectpro.telephony.service.action.BreezeCapabilityList.execute(RTMPConnection, AdaptorInstanceHandler, Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Dm com.adobe.connectpro.telephony.service.action.BridgeCapabilityList.execute(RTMPConnection, AdaptorInstanceHandler, Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
Dm com.adobe.connectpro.telephony.service.action.BridgeCapabilityList.execute(RTMPConnection, AdaptorInstanceHandler, Map) invokes inefficient new String(String) constructor
SBSC com.adobe.connectpro.telephony.service.prefs.capabilities.AdaptorCapabilities.toString() concatenates strings using + in a loop
SBSC com.adobe.connectpro.telephony.service.servlet.XMLApiServlet.logRequestParams(Map, String) concatenates strings using + in a loop
SBSC com.adobe.connectpro.telephony.service.util.TextUtil.byteToHex(byte[]) concatenates strings using + in a loop
UrF Unread field: com.adobe.connectpro.telephony.service.prefs.TelephonyCapabilities.logger
UrF Unread field: com.adobe.connectpro.telephony.service.rtmp.RTMPConnection.isDestroyed
WMI com.adobe.connectpro.telephony.service.prefs.TelephonyCapabilities.updateCapabilites() makes inefficient use of keySet iterator instead of entrySet iterator
WMI com.adobe.connectpro.telephony.service.util.InterfaceUtils.toTelephonyUserInfo(Map) makes inefficient use of keySet iterator instead of entrySet iterator
WMI com.adobe.connectpro.telephony.service.util.TextUtil.mapToString(Map) makes inefficient use of keySet iterator instead of entrySet iterator

Dodgy code Warnings

Code Warning
DLS Dead store to adaptorId in com.adobe.connectpro.telephony.adaptor.impl.AdaptorInstanceHandler.createConnection(Map)
DLS Dead store to capabilities in com.adobe.connectpro.telephony.service.action.ConferenceReconnect.execute(RTMPConnection, AdaptorInstanceHandler, Map)
DLS Dead store to adaptorInstance in com.adobe.connectpro.telephony.service.action.HealthCheck.execute(RTMPConnection, AdaptorInstanceHandler, Map)
DLS Dead store to capabilities in com.adobe.connectpro.telephony.service.action.InitConferenceSession.execute(RTMPConnection, AdaptorInstanceHandler, Map)
NP Possible null pointer dereference in com.adobe.connectpro.telephony.service.util.IOUtils.deleteFolder(File) due to return value of called method

Details

DC_DOUBLECHECK: Possible double check of field

This method may contain an instance of double-checked locking.  This idiom is not correct according to the semantics of the Java memory model.  For more information, see the web page http://www.cs.umd.edu/~pugh/java/memoryModel/DoubleCheckedLocking.html.

DE_MIGHT_IGNORE: Method might ignore exception

This method might ignore an exception.  In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.

DLS_DEAD_LOCAL_STORE: Dead store to local variable

This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

DM_BOOLEAN_CTOR: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead

Creating new instances of java.lang.Boolean wastes memory, since Boolean objects are immutable and there are only two useful values of this type.  Use the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean objects instead.

DM_STRING_CTOR: Method invokes inefficient new String(String) constructor

Using the java.lang.String(String) constructor wastes memory because the object so constructed will be functionally indistinguishable from the String passed as a parameter.  Just use the argument String directly.

DM_DEFAULT_ENCODING: Reliance on default encoding

Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

EI_EXPOSE_REP: May expose internal representation by returning reference to mutable object

Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.

EI_EXPOSE_REP2: May expose internal representation by incorporating reference to mutable object

This code stores a reference to an externally mutable object into the internal representation of the object.  If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.

MS_SHOULD_BE_FINAL: Field isn't final but should be

This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

MS_PKGPROTECT: Field should be package protected

A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

MS_EXPOSE_REP: Public static method may expose internal representation by returning array

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.

NP_NULL_ON_SOME_PATH: Possible null pointer dereference

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.

NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE: Possible null pointer dereference due to return value of called method

The return value from a method is dereferenced without a null check, and the return value of that method is one that should generally be checked for null. This may lead to a NullPointerException when the code is executed.

OBL_UNSATISFIED_OBLIGATION: Method may fail to clean up stream or resource

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. To send feedback, either:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a description of the analysis technique.

OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE: Method may fail to clean up stream or resource on checked exception

This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.

In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.

This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. To send feedback, either:

In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.

See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a description of the analysis technique.

RV_RETURN_VALUE_IGNORED_BAD_PRACTICE: Method ignores exceptional return value

This method returns a value that is not checked. The return value should be checked since it can indicate an unusual or unexpected function execution. For example, the File.delete() method returns false if the file could not be successfully deleted (rather than throwing an Exception). If you don't check the result, you won't notice if the method invocation signals unexpected behavior by returning an atypical return value.

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.

DMI_INVOKING_TOSTRING_ON_ARRAY: Invocation of toString on an array

The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.

WMI_WRONG_MAP_ITERATOR: Inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.