FindBugs Report

Project Information

Project: <<unnamed project>>

FindBugs version: 1.3.5

Code analyzed:



Metrics

33054 lines of code analyzed, in 475 classes, in 71 packages.

Metric Total Density*
High Priority Warnings 9 0.27
Medium Priority Warnings 31 0.94
Total Warnings 40 1.21

(* Defects per Thousand lines of non-commenting source statements)



Contents

Summary

Warning Type Number
Bad practice Warnings 2
Correctness Warnings 8
Malicious code vulnerability Warnings 15
Performance Warnings 10
Dodgy Warnings 5
Total 40

Warnings

Click on a warning row to see full context information.

Bad practice Warnings

Code Warning
HE com.plumtree.portaluiinfrastructure.navtype.NavAreaEnum defines equals and uses Object.hashCode()
HE com.plumtree.portaluiinfrastructure.navtype.NavFeatureEnum defines equals and uses Object.hashCode()

Correctness Warnings

Code Warning
DMI Invocation of toString on data in com.plumtree.portaluiinfrastructure.editor.commonpages.objectsecurity.ObjectSecurityModel.SaveRow(PTGrowableSortedArrayWrapper, int, XPHashtable)
DMI Invocation of toString on navtypes in com.plumtree.portaluiinfrastructure.navtype.NavManager.InternalLoadClasses(String, String, boolean, boolean)
DMI Invocation of toString on data in com.plumtree.portaluiinfrastructure.securitymatrix.MultiObjectsSecurityModel.SaveRow(PTGrowableSortedArrayWrapper, int, XPHashtable)
DMI Invocation of toString on data in com.plumtree.portaluiinfrastructure.statichelpers.XUIHelperMethods.GetDataSourceIDFromQS(XPHashtable)
DMI Invocation of toString on nIDs in com.plumtree.portaluiinfrastructure.tree.AdminTreeModel.SetClassIDsToDisplay(int[])
EC Call to equals() with null argument in com.plumtree.portaluiinfrastructure.restconsumerframework.pathways.PathwaysRestAPIService.DoSearch(PathwaysQueryArguments)
IL There is an apparent infinite loop in com.plumtree.portaluiinfrastructure.navtype.NavManager.InternalLoadClasses(String, String, boolean, boolean)
RpC Repeated conditional test in com.plumtree.portaluiinfrastructure.tree.AdminTreeModel.SetQueryFilter(int, int, String[])

Malicious code vulnerability Warnings

Code Warning
MS com.plumtree.portaluiinfrastructure.editor.saveobject.SaveObjectMainFrameDP.BOTTOM_SIZES should be package protected
MS com.plumtree.portaluiinfrastructure.failover.ReplicationCache.CLEANUP_MINUTES should be package protected
MS com.plumtree.portaluiinfrastructure.navtype.NavAreaEnum.m_navAreaEnums should be package protected
MS com.plumtree.portaluiinfrastructure.navtype.NavFeatureEnum.m_navFeatureEnums should be package protected
MS com.plumtree.portaluiinfrastructure.restconsumerframework.pathways.PathwaysConstants.COLLAB_ITEMS is a mutable array
MS com.plumtree.portaluiinfrastructure.search.pathways.PathwaysQueryArguments.opAND isn't final but should be
MS com.plumtree.portaluiinfrastructure.search.pathways.PathwaysQueryArguments.opOR isn't final but should be
MS public static com.plumtree.portaluiinfrastructure.search.SearchObjectTypes.GetOrderedSearchObjectTypes() may expose internal representation by returning SearchObjectTypes._searchObjectTypes
MS com.plumtree.portaluiinfrastructure.statichelpers.GatewayHelpers.GATEWAY_FRIENDLYURL_KEYWORD isn't final but should be
MS com.plumtree.portaluiinfrastructure.statichelpers.PlumtreeHelpers.s_strDefaultStyleSheet isn't final and can't be protected from malicious code
MS com.plumtree.portaluiinfrastructure.tags.helper.TagState.TEST_PORTLET_REQUEST_DATA should be package protected
MS public static com.plumtree.portaluiinfrastructure.tags.Scope.GetScopeSearchOrder() may expose internal representation by returning Scope.SCOPE_SEARCH_ORDER
MS com.plumtree.portaluiinfrastructure.tags.tagdef.TagOutputDefinitionManager.m_testInstance should be package protected
MS com.plumtree.portaluiinfrastructure.tags.tagdef.TagOutputDefinitionManager.m_instance isn't final but should be
MS com.plumtree.portaluiinfrastructure.tree.AObjectTreeModel.m_ptClassTypeDescManager should be package protected

Performance Warnings

Code Warning
SBSC Method com.plumtree.portaluiinfrastructure.editor.commonpages.objectsecurity.ObjectSecurityModel.GetSelectedItems() concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.editor.ObjEditorModel.CheckEditorAccessAndStart(XPHashtable) concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.editor.saveobject.SaveObjectModel.AddAdminFolderIDToCookie(IXPRequest, IWebData) concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.ptmulticolumnlist.PTMultiColumnListModel.GetObjectClassIDs() concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.ptmulticolumnlist.PTMultiColumnListModel.GetSelectedItems() concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.restconsumerframework.pathways.PathwaysRestAPIService.DoSearch(PathwaysQueryArguments) concatenates strings using + in a loop
SBSC Method com.plumtree.portaluiinfrastructure.search.SearchResultModel.ancestorKey(String, int) concatenates strings using + in a loop
SS Unread field: com.plumtree.portaluiinfrastructure.application.PTGarbageCollectorRunnable.m_checkShutDown; should this field be static?
UrF Unread field: com.plumtree.portaluiinfrastructure.subscribematrix.MultiObjectsSubscribeModel.m_bEditAdminFolderSecurity
UrF Unread field: com.plumtree.portaluiinfrastructure.tags.manager.TagLibManager.m_TagLibraryMetaDataType

Dodgy Warnings

Code Warning
DB Method com.plumtree.portaluiinfrastructure.search.SearchResultModel.restoreState(String) uses the same code for two branches
ICAST Result of integer multiplication cast to long in com.plumtree.portaluiinfrastructure.failover.ReplicationCache.IsExpired(XPDateTime, int)
ICAST Result of integer multiplication cast to long in com.plumtree.portaluiinfrastructure.tags.helper.TagState.AddCacheEntry(String, Object, Scope, int)
SF Switch statement found in com.plumtree.portaluiinfrastructure.login.PTLoginHelper.StaticInit(PTConfigVarPack) where one case falls through to the next case
ST Write to static field com.plumtree.portaluiinfrastructure.tree.AObjectTreeModel.m_ptClassTypeDescManager from instance method com.plumtree.portaluiinfrastructure.tree.AObjectTreeModel.Init(AActivitySpace)

Details

DB_DUPLICATE_BRANCHES: Method uses the same code for two branches

This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.

DMI_INVOKING_TOSTRING_ON_ARRAY: Invocation of toString on an array

The code invokes toString on an array, which will generate a fairly useless result such as [C@16f0472. Consider using Arrays.toString to convert the array into a readable String that gives the contents of the array. See Programming Puzzlers, chapter 3, puzzle 12.

EC_NULL_ARG: Call to equals() with null argument

This method calls equals(Object), passing a null value as the argument. According to the contract of the equals() method, this call should always return false.

HE_EQUALS_USE_HASHCODE: Class defines equals() and uses Object.hashCode()

This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

public int hashCode() {
  assert false : "hashCode not designed";
  return 42; // any arbitrary constant will do 
  }

ICAST_INTEGER_MULTIPLY_CAST_TO_LONG: Result of integer multiplication cast to long

This code performs integer multiply and then converts the result to a long, as in:

 
	long convertDaysToMilliseconds(int days) { return 1000*3600*24*days; } 
If the multiplication is done using long arithmetic, you can avoid the possibility that the result will overflow. For example, you could fix the above code to:
 
	long convertDaysToMilliseconds(int days) { return 1000L*3600*24*days; } 
or
 
	static final long MILLISECONDS_PER_DAY = 24L*3600*1000;
	long convertDaysToMilliseconds(int days) { return days * MILLISECONDS_PER_DAY; } 

IL_INFINITE_LOOP: An apparent infinite loop

This loop doesn't seem to have a way to terminate (other than by perhaps throwing an exception).

MS_MUTABLE_ARRAY: Field is a mutable array

A final static field references an array and can be accessed by malicious code or by accident from another package. This code can freely modify the contents of the array.

MS_CANNOT_BE_FINAL: Field isn't final and can't be protected from malicious code

A mutable static field could be changed by malicious code or by accident from another package. Unfortunately, the way the field is used doesn't allow any easy fix to this problem.

MS_SHOULD_BE_FINAL: Field isn't final but should be

A mutable static field could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

MS_PKGPROTECT: Field should be package protected

A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

MS_EXPOSE_REP: Public static method may expose internal representation by returning array

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. One fix is to return a copy of the array.

RpC_REPEATED_CONDITIONAL_TEST: Repeated conditional tests

The code contains a conditional test is performed twice, one right after the other (e.g., x == 0 || x == 0). Perhaps the second occurrence is intended to be something else (e.g., x == 0 || y == 0).

SBSC_USE_STRINGBUFFER_CONCATENATION: Method concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();

SF_SWITCH_FALLTHROUGH: Switch statement found where one case falls through to the next case

This method contains a switch statement where one case branch will fall through to the next case. Usually you need to end this case with a break or return.

SS_SHOULD_BE_STATIC: Unread field: should this field be static?

This class contains an instance final field that is initialized to a compile-time static value. Consider making the field static.

ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD: Write to static field from instance method

This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

URF_UNREAD_FIELD: Unread field

This field is never read.  Consider removing it from the class.