Project Information
Project:
lib (spotbugsDebugReport)
SpotBugs version: 3.1.12
Code analyzed:
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/ParcelFileDescriptorUtil.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/ParcelFileDescriptorUtil$TransferThread.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/NextcloudRequest.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/IInputStreamService$Stub.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/IInputStreamService$Stub$Proxy.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/NextcloudRequest$Builder.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/IInputStreamService.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/IInputStreamService$Default.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/aidl/IThreadListener.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ExceptionMessage.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsResponse$OcsWrapper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsCapabilitiesResponse.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsCapabilitiesResponse$OcsCapabilities.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsResponse.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsUser.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsResponse$OcsWrapper$OcsMeta.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsUser$OcsQuota.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/ocs/OcsCapabilitiesResponse$OcsVersion.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/SingleSignOnAccount.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/model/FilesAppType.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/QueryParam.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/BuildConfig.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/Constants.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/ui/UiExceptionManager.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudHttpRequestFailedException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudApiNotRespondingException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/SSOException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NoCurrentAccountSelectedException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudFilesAppAccountNotFoundException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudFilesAppNotInstalledException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudUnsupportedMethodException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudInvalidRequestUrlException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudFilesAppNotSupportedException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/AccountImportCancelledException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/NextcloudFilesAppAccountPermissionNotGrantedException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/UnknownErrorException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/TokenMismatchException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/CurrentAccountNotFoundException.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/exceptions/AndroidGetAccountsPermissionNotGranted.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/ExponentialBackoff$WrapperRunnable.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/ExponentialBackoff$1.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/Retrofit2Helper$1.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/BufferedSourceSSO.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/ExponentialBackoff.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/SingleAccountHelper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/Retrofit2Helper$3.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/Retrofit2Helper$2.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/VersionCheckHelper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/Retrofit2Helper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/ExponentialBackoff$HandlerAdapter.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/FilesAppNotInstalledHelperUtil.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/ReactivexHelper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/helper/Okhttp3Helper.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/AidlNetworkRequest$1.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/NextcloudAPI.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/NextcloudAPI$FollowRedirects.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/NetworkRequest.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/NextcloudAPI$ApiConnectedListener.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/AidlNetworkRequest$PlainHeader.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/AidlNetworkRequest$ExceptionResponse.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/NextcloudRetrofitServiceMethod.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/Response.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/ParsedResponse.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/api/AidlNetworkRequest.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/AccountImporter$IAccountAccessGranted.class
- /drone/src/lib/build/intermediates/javac/debug/classes/com/nextcloud/android/sso/AccountImporter.class
- /drone/src/lib/build/intermediates/javac/debug/classes/retrofit2/NextcloudRetrofitApiBuilder.class
Metrics
2007 lines of code analyzed,
in 68 classes,
in 9 packages.
High Priority Warnings |
12 |
5.98 |
Medium Priority Warnings |
70 |
34.88 |
Total Warnings
|
82
|
40.86
|
(* Defects per Thousand lines of non-commenting source statements)
Contents
Summary
Warnings
Click on a warning row to see full context information.
HE
|
com.nextcloud.android.sso.aidl.NextcloudRequest defines equals and uses Object.hashCode() |
|
Bug type HE_EQUALS_USE_HASHCODE (click for details)
In class com.nextcloud.android.sso.aidl.NextcloudRequest
In method com.nextcloud.android.sso.aidl.NextcloudRequest.equals(Object)
At NextcloudRequest.java:[lines 295-323]
|
HE
|
com.nextcloud.android.sso.QueryParam defines equals and uses Object.hashCode() |
|
Bug type HE_EQUALS_USE_HASHCODE (click for details)
In class com.nextcloud.android.sso.QueryParam
In method com.nextcloud.android.sso.QueryParam.equals(Object)
At QueryParam.java:[lines 22-30]
|
Nm
|
The method name com.nextcloud.android.sso.helper.Retrofit2Helper.WrapInCall(NextcloudAPI, NextcloudRequest, Type) doesn't start with a lower case letter |
|
Bug type NM_METHOD_NAMING_CONVENTION (click for details)
In class com.nextcloud.android.sso.helper.Retrofit2Helper
In method com.nextcloud.android.sso.helper.Retrofit2Helper.WrapInCall(NextcloudAPI, NextcloudRequest, Type)
At Retrofit2Helper.java:[line 47]
|
CLI
|
Method com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil.pipeFrom(InputStream, IThreadListener) accesses list or array with constant index |
|
Bug type CLI_CONSTANT_LIST_INDEX (click for details)
In class com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil
In method com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil.pipeFrom(InputStream, IThreadListener)
At ParcelFileDescriptorUtil.java:[line 37]
|
CLI
|
Method com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil.pipeTo(OutputStream, IThreadListener) accesses list or array with constant index |
|
Bug type CLI_CONSTANT_LIST_INDEX (click for details)
In class com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil
In method com.nextcloud.android.sso.aidl.ParcelFileDescriptorUtil.pipeTo(OutputStream, IThreadListener)
At ParcelFileDescriptorUtil.java:[line 51]
|
CLI
|
Method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[]) accesses list or array with constant index |
|
Bug type CLI_CONSTANT_LIST_INDEX (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[])
At NextcloudRetrofitServiceMethod.java:[line 122]
|
FCBL
|
Class com.nextcloud.android.sso.api.AidlNetworkRequest$ExceptionResponse defines fields that are used only as locals |
|
Bug type FCBL_FIELD_COULD_BE_LOCAL (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest$ExceptionResponse
Field com.nextcloud.android.sso.api.AidlNetworkRequest$ExceptionResponse.headers
At AidlNetworkRequest.java:[line 374]
|
IMC
|
Class com.nextcloud.android.sso.aidl.NextcloudRequest defines a computed serialVersionUID that doesn't equate to the calculated value |
|
Bug type IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID (click for details)
In class com.nextcloud.android.sso.aidl.NextcloudRequest
Field com.nextcloud.android.sso.aidl.NextcloudRequest.serialVersionUID
In NextcloudRequest.java
|
IMC
|
Class com.nextcloud.android.sso.aidl.NextcloudRequest$Builder defines a computed serialVersionUID that doesn't equate to the calculated value |
|
Bug type IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID (click for details)
In class com.nextcloud.android.sso.aidl.NextcloudRequest$Builder
Field com.nextcloud.android.sso.aidl.NextcloudRequest$Builder.serialVersionUID
In NextcloudRequest.java
|
IMC
|
Class com.nextcloud.android.sso.model.SingleSignOnAccount defines a computed serialVersionUID that doesn't equate to the calculated value |
|
Bug type IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID (click for details)
In class com.nextcloud.android.sso.model.SingleSignOnAccount
Field com.nextcloud.android.sso.model.SingleSignOnAccount.serialVersionUID
In SingleSignOnAccount.java
|
IMC
|
Class com.nextcloud.android.sso.QueryParam defines a computed serialVersionUID that doesn't equate to the calculated value |
|
Bug type IMC_IMMATURE_CLASS_BAD_SERIALVERSIONUID (click for details)
In class com.nextcloud.android.sso.QueryParam
Field com.nextcloud.android.sso.QueryParam.serialVersionUID
In QueryParam.java
|
ISB
|
Method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceConnected(ComponentName, IBinder) concatenates the result of a toString() call |
|
Bug type ISB_TOSTRING_APPENDING (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest$1
In method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceConnected(ComponentName, IBinder)
At AidlNetworkRequest.java:[line 72]
|
ISB
|
Method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceDisconnected(ComponentName) concatenates the result of a toString() call |
|
Bug type ISB_TOSTRING_APPENDING (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest$1
In method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceDisconnected(ComponentName)
At AidlNetworkRequest.java:[line 83]
|
ISB
|
Method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceDisconnected(ComponentName) concatenates the result of a toString() call |
|
Bug type ISB_TOSTRING_APPENDING (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest$1
In method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceDisconnected(ComponentName)
At AidlNetworkRequest.java:[line 90]
|
ISB
|
Method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type) concatenates the result of a toString() call |
|
Bug type ISB_TOSTRING_APPENDING (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type)
At NextcloudAPI.java:[line 166]
|
LEST
|
Method com.nextcloud.android.sso.AccountImporter.requestAuthToken(Activity, Intent) throws alternative exception from catch block without history |
|
Bug type LEST_LOST_EXCEPTION_STACK_TRACE (click for details)
In class com.nextcloud.android.sso.AccountImporter
In method com.nextcloud.android.sso.AccountImporter.requestAuthToken(Activity, Intent)
At AccountImporter.java:[line 362]
|
LEST
|
Method com.nextcloud.android.sso.AccountImporter.requestAuthToken(Fragment, Intent) throws alternative exception from catch block without history |
|
Bug type LEST_LOST_EXCEPTION_STACK_TRACE (click for details)
In class com.nextcloud.android.sso.AccountImporter
In method com.nextcloud.android.sso.AccountImporter.requestAuthToken(Fragment, Intent)
At AccountImporter.java:[line 353]
|
LEST
|
Method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance() throws alternative exception from catch block without history |
|
Bug type LEST_LOST_EXCEPTION_STACK_TRACE (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance()
At NextcloudAPI.java:[line 60]
|
MDM
|
Method com.nextcloud.android.sso.model.SingleSignOnAccount.toString(SingleSignOnAccount) encodes String bytes without specifying the character encoding |
|
Bug type MDM_STRING_BYTES_ENCODING (click for details)
In class com.nextcloud.android.sso.model.SingleSignOnAccount
In method com.nextcloud.android.sso.model.SingleSignOnAccount.toString(SingleSignOnAccount)
Called method new String(byte[])
At SingleSignOnAccount.java:[line 67]
|
NP
|
Null passed for non-null parameter of new java.io.File(String, String) in new com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod(String, Method) |
|
Bug type NP_NULL_PARAM_DEREF (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method new com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod(String, Method)
Called method new java.io.File(String, String)
Argument 2 might be null but must not be null
Value contained in com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.relativeUrl
Method invoked at NextcloudRetrofitServiceMethod.java:[line 98]
Known null at NextcloudRetrofitServiceMethod.java:[line 98]
|
OC
|
Method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[]) manually casts the right hand side of an assignment more specifically than needed |
|
Bug type OC_OVERZEALOUS_CASTING (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[])
At NextcloudRetrofitServiceMethod.java:[line 142]
|
RCN
|
Nullcheck of inputStream at line 173 of value previously dereferenced in com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type) |
|
Bug type RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type)
Value loaded from inputStream
At NextcloudAPI.java:[line 157]
Redundant null check at NextcloudAPI.java:[line 173]
|
RFI
|
Method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance() uses AccessibleObject.setAccessible to modify accessibility of classes |
|
Bug type RFI_SET_ACCESSIBLE (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance()
At NextcloudAPI.java:[line 56]
|
SPP
|
Method com.nextcloud.android.sso.aidl.IInputStreamService$Stub.asInterface(IBinder) checks a reference for null before calling instanceof |
|
Bug type SPP_NULL_BEFORE_INSTANCEOF (click for details)
In class com.nextcloud.android.sso.aidl.IInputStreamService$Stub
In method com.nextcloud.android.sso.aidl.IInputStreamService$Stub.asInterface(IBinder)
At IInputStreamService.java:[line 50]
|
Dm
|
Found reliance on default encoding in com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type): new java.io.InputStreamReader(InputStream) |
|
Bug type DM_DEFAULT_ENCODING (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type)
Called method new java.io.InputStreamReader(InputStream)
At NextcloudAPI.java:[line 157]
|
Dm
|
Found reliance on default encoding in com.nextcloud.android.sso.model.SingleSignOnAccount.toString(SingleSignOnAccount): new String(byte[]) |
|
Bug type DM_DEFAULT_ENCODING (click for details)
In class com.nextcloud.android.sso.model.SingleSignOnAccount
In method com.nextcloud.android.sso.model.SingleSignOnAccount.toString(SingleSignOnAccount)
Called method new String(byte[])
At SingleSignOnAccount.java:[line 67]
|
JLM
|
Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in com.nextcloud.android.sso.api.AidlNetworkRequest.waitForApi() |
|
Bug type JLM_JSR166_UTILCONCURRENT_MONITORENTER (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest
In method com.nextcloud.android.sso.api.AidlNetworkRequest.waitForApi()
Type java.util.concurrent.atomic.AtomicBoolean
Value loaded from field com.nextcloud.android.sso.api.AidlNetworkRequest.mBound
At AidlNetworkRequest.java:[line 153]
|
JLM
|
Synchronization performed on java.util.concurrent.atomic.AtomicBoolean in com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceConnected(ComponentName, IBinder) |
|
Bug type JLM_JSR166_UTILCONCURRENT_MONITORENTER (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest$1
In method com.nextcloud.android.sso.api.AidlNetworkRequest$1.onServiceConnected(ComponentName, IBinder)
Type java.util.concurrent.atomic.AtomicBoolean
Value loaded from field com.nextcloud.android.sso.api.AidlNetworkRequest.mBound
At AidlNetworkRequest.java:[line 76]
|
JLM
|
Synchronization performed on java.util.concurrent.ConcurrentHashMap in retrofit2.NextcloudRetrofitApiBuilder.loadServiceMethod(Method) |
|
Bug type JLM_JSR166_UTILCONCURRENT_MONITORENTER (click for details)
In class retrofit2.NextcloudRetrofitApiBuilder
In method retrofit2.NextcloudRetrofitApiBuilder.loadServiceMethod(Method)
Type java.util.concurrent.ConcurrentHashMap
Value loaded from field retrofit2.NextcloudRetrofitApiBuilder.serviceMethodCache
At NextcloudRetrofitApiBuilder.java:[line 37]
|
PSC
|
Method com.nextcloud.android.sso.aidl.NextcloudRequest$Builder.setParameter(Collection) does not presize the allocation of a collection |
|
Bug type PSC_PRESIZE_COLLECTIONS (click for details)
In class com.nextcloud.android.sso.aidl.NextcloudRequest$Builder
In method com.nextcloud.android.sso.aidl.NextcloudRequest$Builder.setParameter(Collection)
At NextcloudRequest.java:[line 128]
|
PSC
|
Method com.nextcloud.android.sso.aidl.NextcloudRequest$Builder.setParameter(Map) does not presize the allocation of a collection |
|
Bug type PSC_PRESIZE_COLLECTIONS (click for details)
In class com.nextcloud.android.sso.aidl.NextcloudRequest$Builder
In method com.nextcloud.android.sso.aidl.NextcloudRequest$Builder.setParameter(Map)
At NextcloudRequest.java:[line 112]
|
UCPM
|
Method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters() passes constant String of length 1 to character overridden method |
|
Bug type UCPM_USE_CHARACTER_PARAMETERIZED_METHOD (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters()
At NextcloudRetrofitServiceMethod.java:[line 322]
|
UCPM
|
Method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters() passes constant String of length 1 to character overridden method |
|
Bug type UCPM_USE_CHARACTER_PARAMETERIZED_METHOD (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters()
At NextcloudRetrofitServiceMethod.java:[line 337]
|
WMI
|
com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[]) makes inefficient use of keySet iterator instead of entrySet iterator |
|
Bug type WMI_WRONG_MAP_ITERATOR (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.invoke(NextcloudAPI, Object[])
At NextcloudRetrofitServiceMethod.java:[line 144]
|
SECOBDES
|
Object deserialization is used in com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObject(InputStream) |
|
Bug type OBJECT_DESERIALIZATION (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest
In method com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObject(InputStream)
At AidlNetworkRequest.java:[line 319]
|
SECOBDES
|
Object deserialization is used in com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObjectV2(InputStream) |
|
Bug type OBJECT_DESERIALIZATION (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest
In method com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObjectV2(InputStream)
At AidlNetworkRequest.java:[line 325]
|
SECOBDES
|
Object deserialization is used in com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObjectV2(InputStream) |
|
Bug type OBJECT_DESERIALIZATION (click for details)
In class com.nextcloud.android.sso.api.AidlNetworkRequest
In method com.nextcloud.android.sso.api.AidlNetworkRequest.deserializeObjectV2(InputStream)
At AidlNetworkRequest.java:[line 328]
|
SECOBDES
|
Object deserialization is used in com.nextcloud.android.sso.model.SingleSignOnAccount.fromString(String) |
|
Bug type OBJECT_DESERIALIZATION (click for details)
In class com.nextcloud.android.sso.model.SingleSignOnAccount
In method com.nextcloud.android.sso.model.SingleSignOnAccount.fromString(String)
At SingleSignOnAccount.java:[line 55]
|
SECPR
|
This random generator (java.lang.Math.random()) is predictable |
|
Bug type PREDICTABLE_RANDOM (click for details)
In class com.nextcloud.android.sso.helper.ExponentialBackoff
In method com.nextcloud.android.sso.helper.ExponentialBackoff.notifyFailed(Exception)
At ExponentialBackoff.java:[line 125]
Value java.lang.Math.random()
|
EXS
|
Unconstrained method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type) converts checked exception to unchecked |
|
Bug type EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.convertStreamToTargetEntity(InputStream, Type)
At NextcloudAPI.java:[line 166]
|
EXS
|
Unconstrained method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance() converts checked exception to unchecked |
|
Bug type EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS (click for details)
In class com.nextcloud.android.sso.api.NextcloudAPI
In method com.nextcloud.android.sso.api.NextcloudAPI.getVoidInstance()
At NextcloudAPI.java:[line 60]
|
EXS
|
Unconstrained method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.bodyToStream(RequestBody) converts checked exception to unchecked |
|
Bug type EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.bodyToStream(RequestBody)
At NextcloudRetrofitServiceMethod.java:[line 231]
|
STT
|
This method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters() parses a String that is a field |
|
Bug type STT_STRING_PARSING_A_FIELD (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters()
At NextcloudRetrofitServiceMethod.java:[line 322]
|
STT
|
This method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters() parses a String that is a field |
|
Bug type STT_STRING_PARSING_A_FIELD (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters()
At NextcloudRetrofitServiceMethod.java:[line 325]
|
STT
|
This method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters() parses a String that is a field |
|
Bug type STT_STRING_PARSING_A_FIELD (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parsePathParameters()
At NextcloudRetrofitServiceMethod.java:[line 342]
|
UP
|
Static or private method com.nextcloud.android.sso.AccountImporter.onRequestPermissionsResult(int, String[], int[], Activity, Fragment) has unused parameters |
|
Bug type UP_UNUSED_PARAMETER (click for details)
In class com.nextcloud.android.sso.AccountImporter
In method com.nextcloud.android.sso.AccountImporter.onRequestPermissionsResult(int, String[], int[], Activity, Fragment)
Value Parameter 2: permissions
At AccountImporter.java:[lines 305-329]
|
UP
|
Static or private method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parseHttpMethodAndPath(String, String, boolean) has unused parameters |
|
Bug type UP_UNUSED_PARAMETER (click for details)
In class com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod
In method com.nextcloud.android.sso.api.NextcloudRetrofitServiceMethod.parseHttpMethodAndPath(String, String, boolean)
Value Parameter 3: hasBody
At NextcloudRetrofitServiceMethod.java:[lines 275-286]
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse.capabilities |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse.capabilities
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse.version |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse.version
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities.theming |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities.theming
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.background |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.background
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.color |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.color
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.favicon |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.favicon
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.logo |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.logo
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.name |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.name
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.slogan |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.slogan
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.url |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsCapabilities$OcsTheming.url
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.edition |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.edition
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.extendedSupport |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.extendedSupport
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.macro |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.macro
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.major |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.major
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.minor |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.minor
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.string |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion
Field com.nextcloud.android.sso.model.ocs.OcsCapabilitiesResponse$OcsVersion.string
In OcsCapabilitiesResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsResponse.ocs |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsResponse
Field com.nextcloud.android.sso.model.ocs.OcsResponse.ocs
In OcsResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper.data |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper
Field com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper.data
In OcsResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper.meta |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper
Field com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper.meta
In OcsResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta.message |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta
Field com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta.message
In OcsResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta.status |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta
Field com.nextcloud.android.sso.model.ocs.OcsResponse$OcsWrapper$OcsMeta.status
In OcsResponse.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.address |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.address
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.email |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.email
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.enabled |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.enabled
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.groups |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.groups
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.language |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.language
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.lastLogin |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.lastLogin
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.locale |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.locale
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.phone |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.phone
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.quota |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.quota
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.twitter |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.twitter
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser.website |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser
Field com.nextcloud.android.sso.model.ocs.OcsUser.website
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.free |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota
Field com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.free
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.total |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota
Field com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.total
In OcsUser.java
|
UuF
|
Unused public or protected field: com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.used |
|
Bug type UUF_UNUSED_PUBLIC_OR_PROTECTED_FIELD (click for details)
In class com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota
Field com.nextcloud.android.sso.model.ocs.OcsUser$OcsQuota.used
In OcsUser.java
|
This method accesses an array or list using a constant integer index. Often,
this is a typo where a loop variable is intended to be used. If however, specific
list indices mean different specific things, then perhaps replacing the list with
a first-class object with meaningful accessors would make the code less brittle.
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
This method is not constrained by an interface or superclass, but converts a caught checked exception
to an unchecked exception and throws it. It would be more appropriate just to throw the checked exception,
adding the exception to the throws clause of the method.
This class defines fields that are used in a local only fashion,
specifically private fields or protected fields in final classes that are accessed
first in each method with a store vs. a load. This field could be replaced by one
or more local variables.
This class overrides equals(Object)
, but does not
override hashCode()
, and inherits the implementation of
hashCode()
from java.lang.Object
(which returns
the identity hash code, an arbitrary value assigned to the object
by the VM). Therefore, the class is very likely to violate the
invariant that equal objects must have equal hashcodes.
If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended hashCode
implementation to use is:
public int hashCode() {
assert false : "hashCode not designed";
return 42; // any arbitrary constant will do
}
This serializable class defines a serialVersionUID that appears to be a computed value, however the value does not
match the computed value, and thus losses it's value as version indicator. Either create a custom value like 1, 2, 3, 4.. etc, or
recompute the serialVersionUID using your IDE.
This method concatenates the output of a toString()
call into a StringBuffer
or StringBuilder
.
It is simpler just to pass the object you want to append to the append call, as that form
does not suffer the potential for NullPointerException
s, and is easier to read.
Keep in mind that Java compiles simple String
concatenation to use StringBuilder
s,
so you may see this bug even when you don't use StringBuilder
s explicitly.
Instead of:
StringBuilder builder = ...;
builder.append(someObj.toString());
...
System.out.println("Problem with the object :" + someObj.toString());
just do:
StringBuilder builder = ...
builder.append(someObj);
...
System.out.println("Problem with the object :" + someObj);
to avoid the possibility of NullPointerException
s when someObj is null
.
This method performs synchronization an object that is an instance of
a class from the java.util.concurrent package (or its subclasses). Instances
of these classes have their own concurrency control mechanisms that are orthogonal to
the synchronization provided by the Java keyword synchronized
. For example,
synchronizing on an AtomicBoolean
will not prevent other threads
from modifying the AtomicBoolean
.
Such code may be correct, but should be carefully reviewed and documented,
and may confuse people who have to maintain the code at a later date.
This method catches an exception, and throws a different exception, without incorporating the
original exception. Doing so hides the original source of the exception, making debugging and fixing
these problems difficult. It is better to use the constructor of this new exception that takes an
original exception so that this detail can be passed along to the user. If this exception has no constructor
that takes an initial cause parameter, use the initCause method to initialize it instead.
catch (IOException e) {
throw new MySpecialException("Failed to open configuration", e);
}
The behavior of the String(byte[] bytes)
and String.getBytes()
is undefined if the string cannot be encoded in the platform's default charset. Instead, use the String(byte[] bytes, String encoding)
or String.getBytes(String encoding)
constructor which accepts the string's encoding as an argument. Be sure to specify the encoding used for the user's locale.
As per the Java specifications, "UTF-8", "US-ASCII", "UTF-16" and "ISO-8859-1" will all be valid encoding charsets. If you aren't sure, try "UTF-8".
New in Java 1.7, you can specify an encoding from StandardCharsets
, like StandardCharsets.UTF_8
. These are generally preferrable because you don't have to deal with UnsupportedEncodingException
.
Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.
This method call passes a null value for a non-null method parameter.
Either the parameter is annotated as a parameter that should
always be non-null, or analysis has shown that it will always be
dereferenced.
This method casts the right hand side of an expression to a class that is more specific than the
variable on the left hand side of the assignment. The cast only has to be as specific as the variable
that is on the left. Using a more specific type on the right hand side just increases cohesion.
This method allocates a collection using the default constructor even though it is known
a priori (or at least can be reasonably guessed) how many items are going to be placed in the collection,
and thus needlessly causes intermediate reallocations of the collection.
You can use the constructor that takes an initial size and that will be much better, but
due to the loadFactor of Maps and Sets, even this will not be a correct estimate.
If you are using Guava, use its methods that allocate maps and sets with a predetermined size,
to get the best chance for no reallocations, such as:
- Sets.newHashSetWithExpectedSize(int)
- Maps.newHashMapWithExpectedSize(int)
If not, a good estimate would be the expectedSize / {LOADING_FACTOR} which by default is 0.75
A value is checked here to see whether it is null, but this value can't
be null because it was previously dereferenced and if it were null a null pointer
exception would have occurred at the earlier dereference.
Essentially, this code and the previous dereference
disagree as to whether this value is allowed to be null. Either the check is redundant
or the previous dereference is erroneous.
This method uses the reflective setAccessible method to alter the behavior of methods and fields in classes
in ways that were not expected to be accessed by the author. Doing so circumvents the protections that the author
provided through the class definition, and may expose your application unexpected side effects and problems. This
functionality is deprecated in Java 9, and in Java 10 it is expected that this functionality won't work at all.
Object deserialization of untrusted data can lead to remote code execution, if there is a class in classpath that allows
the trigger of malicious operation.
Libraries developers tend to fix class that provided potential malicious trigger. There are still classes that are
known to trigger Denial of Service[1].
Deserialization is a sensible operation that has a great history of vulnerabilities. The web application might
become vulnerable as soon as a new vulnerability is found in the Java Virtual Machine[2] [3].
Code at risk:
public UserData deserializeObject(InputStream receivedFile) throws IOException, ClassNotFoundException {
try (ObjectInputStream in = new ObjectInputStream(receivedFile)) {
return (UserData) in.readObject();
}
}
Solutions:
Avoid deserializing object provided by remote users.
References
CWE-502: Deserialization of Untrusted Data
Deserialization of untrusted data
Serialization and Deserialization
A tool for generating payloads that exploit unsafe Java object deserialization
[1] Example of Denial of Service using the class java.util.HashSet
[2] OpenJDK: Deserialization issue in ObjectInputStream.readSerialData() (CVE-2015-2590)
[3] Rapid7: Sun Java Calendar Deserialization Privilege Escalation (CVE-2008-5353)
The use of a predictable random value can lead to vulnerabilities when used in certain security critical contexts. For example, when the value is used as:
- a CSRF token: a predictable token can lead to a CSRF attack as an attacker will know the value of the token
- a password reset token (sent by email): a predictable password token can lead to an account takeover, since an attacker will guess the URL of the "change password" form
- any other secret value
A quick fix could be to replace the use of java.util.Random
with something stronger, such as java.security.SecureRandom
.
Vulnerable Code:
String generateSecretToken() {
Random r = new Random();
return Long.toHexString(r.nextLong());
}
Solution:
import org.apache.commons.codec.binary.Hex;
String generateSecretToken() {
SecureRandom secRandom = new SecureRandom();
byte[] result = new byte[32];
secRandom.nextBytes(result);
return Hex.encodeHexString(result);
}
References
Cracking Random Number Generators - Part 1 (https://jazzy.id.au)
CERT: MSC02-J. Generate strong random numbers
CWE-330: Use of Insufficiently Random Values
Predicting Struts CSRF Token (Example of real-life vulnerability and exploitation)
This method checks a reference for null just before seeing if the reference is an instanceof some class.
Since instanceof will return false for null references, the null check is not needed.
This method calls a parsing method (indexOf, lastIndexOf, startsWith, endsWith, substring, indexOf) on a String
that is a field, or comes from a collection that is a field. This implies that the String in question is holding
multiple parts of information inside the string, which would be more maintainable and type safe if that value was a
true collection or a first class object with fields, rather than a String.
This method passes a constant literal String
of length 1 as a parameter to a method, when
a similar method is exposed that takes a char
. It is simpler and more expedient to handle one
character, rather than a String
.
Instead of making calls like:
String myString = ...
if (myString.indexOf("e") != -1) {
int i = myString.lastIndexOf("e");
System.out.println(myString + ":" + i); //the Java compiler will use a StringBuilder internally here [builder.append(":")]
...
return myString.replace("m","z");
}
Replace the single letter String
s with their char
equivalents like so:
String myString = ...
if (myString.indexOf('e') != -1) {
int i = myString.lastIndexOf('e');
System.out.println(myString + ':' + i); //the Java compiler will use a StringBuilder internally here [builder.append(':')]
...
return myString.replace('m','z');
}
This method defines parameters that are never used. As this method is either static or private,
and can't be derived from, it is safe to remove these parameters and simplify your method.
You should consider, while unlikely, that this method may be used reflectively, and thus you will
want to change that call as well. In this case, it is likely that once you remove the parameter,
there will be a chain of method calls that have spent time creating this parameter and passing it
down the line. All of this may be able to be removed.
This field is never used.
The field is public or protected, so perhaps
it is intended to be used with classes not seen as part of the analysis. If not,
consider removing it from the class.
This method accesses the value of a Map entry, using a key that was retrieved from
a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
Map.get(key) lookup.