New reports between findbugs 1.3.2 and 1.3.8 :
- DMI_CONSTANT_DB_PASSWORD: This code creates a database connect using a hard coded, constant password
- HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed from untrusted input
- HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter directly written to HTTP header output
- CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines clone() but doesn't implement Cloneable
- DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization on boxed primitive could lead to deadlock
- DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on Boolean could lead to deadlock
- ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD: Synchronization on field in futile attempt to guard that field
- DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in return statement
- WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL: Synchronization on getClass rather than class literal
- EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method overrides equals in superclass and may not be symmetric
- EQ_ALWAYS_TRUE: equals method always returns true
- EQ_ALWAYS_FALSE: equals method always returns false
- EQ_COMPARING_CLASS_NAMES: equals method compares class names rather than class objects
- EQ_UNUSUAL: Unusual equals method
- EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails for subtypes
- SE_READ_RESOLVE_IS_STATIC: The readResolve method must not be declared as a static method.
- SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private readResolve method not inherited by subclasses
- MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field
- XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected cross site scripting vulnerability
- SKIPPED_CLASS_TOO_BIG: Class too big for analysis
- Bitwise add of signed byte value (BIT_ADD_OF_SIGNED_BYTE)
- Equals checks for noncompatible operand (EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS)
- Invocation of hashCode on an array (DMI_INVOKING_HASHCODE_ON_ARRAY)
- DMI: Don't use removeAll to clear a collection (DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION)
- DMI: Vacuous call to collections (DMI_VACUOUS_SELF_COLLECTION_CALL)
- SF_SWITCH_NO_DEFAULT: missing default case in switch statement.
- SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: value ignored when switch fallthrough leads to thrown exception.
- INT_VACUOUS_BIT_OPERATION: bit operations that don't do any meaningful work.
- FB_UNEXPECTED_WARNING: warning generated that conflicts with @NoWarning FindBugs annotation.
- FB_MISSING_EXPECTED_WARNING: warning not generated despite presence of @ExpectedWarning FindBugs annotation.
- NOISE category: intended for use in data mining experiments.
o NOISE_NULL_DEREFERENCE: fake null point dereference warning.
o NOISE_METHOD_CALL: fake method call warning.
o NOISE_FIELD_REFERENCE: fake field dereference warning.
o NOISE_OPERATION: fake operation warning.
New bug codes :
- HRS: HTTP Response splitting vulnerability
- WL: Possible locking on wrong object
Improvement
Closed
Critical
New reports between findbugs 1.3.2 and 1.3.8 :
o NOISE_NULL_DEREFERENCE: fake null point dereference warning.
o NOISE_METHOD_CALL: fake method call warning.
o NOISE_FIELD_REFERENCE: fake field dereference warning.
o NOISE_OPERATION: fake operation warning.
New bug codes :
- DMI_CONSTANT_DB_PASSWORD: This code creates a database connect using a hard coded, constant password
- HRS_REQUEST_PARAMETER_TO_COOKIE: HTTP cookie formed from untrusted input
- HRS_REQUEST_PARAMETER_TO_HTTP_HEADER: HTTP parameter directly written to HTTP header output
- CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE: Class defines clone() but doesn't implement Cloneable
- DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE: Synchronization on boxed primitive could lead to deadlock
- DL_SYNCHRONIZATION_ON_BOOLEAN: Synchronization on Boolean could lead to deadlock
- ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD: Synchronization on field in futile attempt to guard that field
- DLS_DEAD_LOCAL_STORE_IN_RETURN: Useless assignment in return statement
- WL_USING_GETCLASS_RATHER_THAN_CLASS_LITERAL: Synchronization on getClass rather than class literal
- EQ_OVERRIDING_EQUALS_NOT_SYMMETRIC: equals method overrides equals in superclass and may not be symmetric
- EQ_ALWAYS_TRUE: equals method always returns true
- EQ_ALWAYS_FALSE: equals method always returns false
- EQ_COMPARING_CLASS_NAMES: equals method compares class names rather than class objects
- EQ_UNUSUAL: Unusual equals method
- EQ_GETCLASS_AND_CLASS_CONSTANT: equals method fails for subtypes
- SE_READ_RESOLVE_IS_STATIC: The readResolve method must not be declared as a static method.
- SE_PRIVATE_READ_RESOLVE_NOT_INHERITED: private readResolve method not inherited by subclasses
- MSF_MUTABLE_SERVLET_FIELD: Mutable servlet field
- XSS_REQUEST_PARAMETER_TO_SEND_ERROR: Servlet reflected cross site scripting vulnerability
- SKIPPED_CLASS_TOO_BIG: Class too big for analysis
- Bitwise add of signed byte value (BIT_ADD_OF_SIGNED_BYTE)
- Equals checks for noncompatible operand (EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS)
- Invocation of hashCode on an array (DMI_INVOKING_HASHCODE_ON_ARRAY)
- DMI: Don't use removeAll to clear a collection (DMI_USING_REMOVEALL_TO_CLEAR_COLLECTION)
- DMI: Vacuous call to collections (DMI_VACUOUS_SELF_COLLECTION_CALL)
- SF_SWITCH_NO_DEFAULT: missing default case in switch statement.
- SF_DEAD_STORE_DUE_TO_SWITCH_FALLTHROUGH_TO_THROW: value ignored when switch fallthrough leads to thrown exception.
- INT_VACUOUS_BIT_OPERATION: bit operations that don't do any meaningful work.
- FB_UNEXPECTED_WARNING: warning generated that conflicts with @NoWarning FindBugs annotation.
- FB_MISSING_EXPECTED_WARNING: warning not generated despite presence of @ExpectedWarning FindBugs annotation.
- NOISE category: intended for use in data mining experiments.
o NOISE_NULL_DEREFERENCE: fake null point dereference warning.
o NOISE_METHOD_CALL: fake method call warning.
o NOISE_FIELD_REFERENCE: fake field dereference warning.
o NOISE_OPERATION: fake operation warning.
New bug codes :