Fork me on GitHub

FindBugs Bug Detector Report

The following document contains the results of FindBugs

FindBugs Version is 3.0.1

Threshold is

Effort is max

Summary

Classes Bugs Errors Missing Classes
706 95 0 0

Files

Class Bugs
fr.paris.lutece.portal.business.file.File 2
fr.paris.lutece.portal.business.page.Page 4
fr.paris.lutece.portal.business.physicalfile.PhysicalFile 2
fr.paris.lutece.portal.business.portlet.Portlet 2
fr.paris.lutece.portal.business.rss.FeedResource 2
fr.paris.lutece.portal.business.rss.FeedResourceItem 2
fr.paris.lutece.portal.business.stylesheet.StyleSheet 2
fr.paris.lutece.portal.business.user.AdminUser 6
fr.paris.lutece.portal.business.user.AdminUserFilter 1
fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser 3
fr.paris.lutece.portal.business.user.authentication.PasswordFactory$PBKDF2Password 1
fr.paris.lutece.portal.business.user.log.UserLog 2
fr.paris.lutece.portal.service.accesscontrol.AccessControlService 1
fr.paris.lutece.portal.service.captcha.CaptchaSecurityService 1
fr.paris.lutece.portal.service.content.PageData 2
fr.paris.lutece.portal.service.csv.CSVReaderService 3
fr.paris.lutece.portal.service.daemon.AnonymizationDaemon 1
fr.paris.lutece.portal.service.daemon.AppDaemonService 1
fr.paris.lutece.portal.service.daemon.DaemonEntry 1
fr.paris.lutece.portal.service.daemon.DaemonScheduler 1
fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon 1
fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon$RunnableWrapper 1
fr.paris.lutece.portal.service.database.DAOUtilTransactionManager 1
fr.paris.lutece.portal.service.datastore.LocalizedData 1
fr.paris.lutece.portal.service.event.AbstractEventManager 1
fr.paris.lutece.portal.service.i18n.I18nService 1
fr.paris.lutece.portal.service.image.ImageResource 2
fr.paris.lutece.portal.service.image.ImageResourceManager 1
fr.paris.lutece.portal.service.init.AppInit 1
fr.paris.lutece.portal.service.jpa.EntityManagerService 1
fr.paris.lutece.portal.service.plugin.PluginFile 1
fr.paris.lutece.portal.service.plugin.PluginService 1
fr.paris.lutece.portal.service.portal.PortalService 1
fr.paris.lutece.portal.service.regularexpression.RegularExpressionService 1
fr.paris.lutece.portal.service.scheduler.JobSchedulerService 1
fr.paris.lutece.portal.service.search.LuceneSearchEngine 1
fr.paris.lutece.portal.service.search.PageIndexer 1
fr.paris.lutece.portal.service.search.SearchResult 2
fr.paris.lutece.portal.service.search.SponsoredLinksSearchService 1
fr.paris.lutece.portal.service.security.LuteceUser 2
fr.paris.lutece.portal.service.security.RsaService 1
fr.paris.lutece.portal.service.spring.SpringContextService 1
fr.paris.lutece.portal.service.user.attribute.AttributeTypeService 1
fr.paris.lutece.portal.web.dashboard.DashboardJspBean 1
fr.paris.lutece.portal.web.documentation.AdminDocumentationJspBean 1
fr.paris.lutece.portal.web.download.AbstractDownloadServlet 1
fr.paris.lutece.portal.web.l10n.LocaleService 1
fr.paris.lutece.portal.web.search.SearchApp 1
fr.paris.lutece.portal.web.system.SystemFile 3
fr.paris.lutece.portal.web.system.SystemJspBean 3
fr.paris.lutece.portal.web.user.AdminLoginJspBean 1
fr.paris.lutece.util.ReferenceList 1
fr.paris.lutece.util.annotation.ScannotationDB 1
fr.paris.lutece.util.beanvalidation.DefaultValidationErrorConfig 1
fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator 1
fr.paris.lutece.util.datatable.FilterPanel 1
fr.paris.lutece.util.env.EnvUtil 1
fr.paris.lutece.util.jpa.transaction.ChainedTransactionManager 1
fr.paris.lutece.util.jpa.transaction.MultiTransactionStatus 1
fr.paris.lutece.util.mail.ByteArrayDataSource 1
fr.paris.lutece.util.mail.FileAttachment 3
fr.paris.lutece.util.mail.HtmlDocument 1
fr.paris.lutece.util.pool.service.C3p0ConnectionService 1
fr.paris.lutece.util.pool.service.ConnectionPool 1
fr.paris.lutece.util.rsa.RSAKeyPairUtil 1
fr.paris.lutece.util.sql.Transaction 1

fr.paris.lutece.portal.business.file.File

Bug Category Details Line Priority
fr.paris.lutece.portal.business.file.File.getDateCreation() may expose internal representation by returning File._dateCreation MALICIOUS_CODE EI_EXPOSE_REP 201 Medium
fr.paris.lutece.portal.business.file.File.setDateCreation(Timestamp) may expose internal representation by storing an externally mutable object into File._dateCreation MALICIOUS_CODE EI_EXPOSE_REP2 212 Medium

fr.paris.lutece.portal.business.page.Page

Bug Category Details Line Priority
fr.paris.lutece.portal.business.page.Page.getDateUpdate() may expose internal representation by returning Page._dateUpdate MALICIOUS_CODE EI_EXPOSE_REP 383 Medium
fr.paris.lutece.portal.business.page.Page.getImageContent() may expose internal representation by returning Page._strImageContent MALICIOUS_CODE EI_EXPOSE_REP 162 Medium
fr.paris.lutece.portal.business.page.Page.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into Page._dateUpdate MALICIOUS_CODE EI_EXPOSE_REP2 373 Medium
fr.paris.lutece.portal.business.page.Page.setImageContent(byte[]) may expose internal representation by storing an externally mutable object into Page._strImageContent MALICIOUS_CODE EI_EXPOSE_REP2 173 Medium

fr.paris.lutece.portal.business.physicalfile.PhysicalFile

Bug Category Details Line Priority
fr.paris.lutece.portal.business.physicalfile.PhysicalFile.getValue() may expose internal representation by returning PhysicalFile._byValue MALICIOUS_CODE EI_EXPOSE_REP 74 Medium
fr.paris.lutece.portal.business.physicalfile.PhysicalFile.setValue(byte[]) may expose internal representation by storing an externally mutable object into PhysicalFile._byValue MALICIOUS_CODE EI_EXPOSE_REP2 85 Medium

fr.paris.lutece.portal.business.portlet.Portlet

Bug Category Details Line Priority
fr.paris.lutece.portal.business.portlet.Portlet.getDateUpdate() may expose internal representation by returning Portlet._dateUpdate MALICIOUS_CODE EI_EXPOSE_REP 286 Medium
fr.paris.lutece.portal.business.portlet.Portlet.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into Portlet._dateUpdate MALICIOUS_CODE EI_EXPOSE_REP2 297 Medium

fr.paris.lutece.portal.business.rss.FeedResource

Bug Category Details Line Priority
fr.paris.lutece.portal.business.rss.FeedResource.getDate() may expose internal representation by returning FeedResource._date MALICIOUS_CODE EI_EXPOSE_REP 175 Medium
fr.paris.lutece.portal.business.rss.FeedResource.setDate(Date) may expose internal representation by storing an externally mutable object into FeedResource._date MALICIOUS_CODE EI_EXPOSE_REP2 184 Medium

fr.paris.lutece.portal.business.rss.FeedResourceItem

Bug Category Details Line Priority
fr.paris.lutece.portal.business.rss.FeedResourceItem.getDate() may expose internal representation by returning FeedResourceItem._date MALICIOUS_CODE EI_EXPOSE_REP 128 Medium
fr.paris.lutece.portal.business.rss.FeedResourceItem.setDate(Date) may expose internal representation by storing an externally mutable object into FeedResourceItem._date MALICIOUS_CODE EI_EXPOSE_REP2 137 Medium

fr.paris.lutece.portal.business.stylesheet.StyleSheet

Bug Category Details Line Priority
fr.paris.lutece.portal.business.stylesheet.StyleSheet.getSource() may expose internal representation by returning StyleSheet._strSource MALICIOUS_CODE EI_EXPOSE_REP 162 Medium
fr.paris.lutece.portal.business.stylesheet.StyleSheet.setSource(byte[]) may expose internal representation by storing an externally mutable object into StyleSheet._strSource MALICIOUS_CODE EI_EXPOSE_REP2 173 Medium

fr.paris.lutece.portal.business.user.AdminUser

Bug Category Details Line Priority
fr.paris.lutece.portal.business.user.AdminUser.getAccountMaxValidDate() may expose internal representation by returning AdminUser._accountMaxValidDate MALICIOUS_CODE EI_EXPOSE_REP 357 Medium
fr.paris.lutece.portal.business.user.AdminUser.getDateLastLogin() may expose internal representation by returning AdminUser._dateLastLogin MALICIOUS_CODE EI_EXPOSE_REP 631 Medium
fr.paris.lutece.portal.business.user.AdminUser.getPasswordMaxValidDate() may expose internal representation by returning AdminUser._passwordMaxValidDate MALICIOUS_CODE EI_EXPOSE_REP 336 Medium
fr.paris.lutece.portal.business.user.AdminUser.setAccountMaxValidDate(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._accountMaxValidDate MALICIOUS_CODE EI_EXPOSE_REP2 368 Medium
fr.paris.lutece.portal.business.user.AdminUser.setDateLastLogin(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._dateLastLogin MALICIOUS_CODE EI_EXPOSE_REP2 642 Medium
fr.paris.lutece.portal.business.user.AdminUser.setPasswordMaxValidDate(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._passwordMaxValidDate MALICIOUS_CODE EI_EXPOSE_REP2 347 Medium

fr.paris.lutece.portal.business.user.AdminUserFilter

Bug Category Details Line Priority
Boxing/unboxing to parse a primitive fr.paris.lutece.portal.business.user.AdminUserFilter.setAdminUserFilter(HttpServletRequest) PERFORMANCE DM_BOXED_PRIMITIVE_FOR_PARSING 252 High

fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser

Bug Category Details Line Priority
fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser.getDateValidityPassword() may expose internal representation by returning LuteceDefaultAdminUser._dateValidityPassword MALICIOUS_CODE EI_EXPOSE_REP 101 Medium
fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser.setDateValidityPassword(Date) may expose internal representation by storing an externally mutable object into LuteceDefaultAdminUser._dateValidityPassword MALICIOUS_CODE EI_EXPOSE_REP2 112 Medium
Class fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser defines non-transient non-serializable instance field _password BAD_PRACTICE SE_BAD_FIELD Not available Medium

fr.paris.lutece.portal.business.user.authentication.PasswordFactory$PBKDF2Password

Bug Category Details Line Priority
Boxing/unboxing to parse a primitive new fr.paris.lutece.portal.business.user.authentication.PasswordFactory$PBKDF2Password(String, PasswordFactory$PBKDF2Password$PASSWORD_REPRESENTATION) PERFORMANCE DM_BOXED_PRIMITIVE_FOR_PARSING 199 High

fr.paris.lutece.portal.business.user.log.UserLog

Bug Category Details Line Priority
fr.paris.lutece.portal.business.user.log.UserLog.getDateLogin() may expose internal representation by returning UserLog._dateLogin MALICIOUS_CODE EI_EXPOSE_REP 110 Medium
fr.paris.lutece.portal.business.user.log.UserLog.setDateLogin(Timestamp) may expose internal representation by storing an externally mutable object into UserLog._dateLogin MALICIOUS_CODE EI_EXPOSE_REP2 121 Medium

fr.paris.lutece.portal.service.accesscontrol.AccessControlService

Bug Category Details Line Priority
Redundant nullcheck of fr.paris.lutece.portal.service.accesscontrol.AccessControlService._provider, which is known to be non-null in new fr.paris.lutece.portal.service.accesscontrol.AccessControlService() STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 68 Medium

fr.paris.lutece.portal.service.captcha.CaptchaSecurityService

Bug Category Details Line Priority
Redundant nullcheck of fr.paris.lutece.portal.service.captcha.CaptchaSecurityService._captchaService, which is known to be non-null in new fr.paris.lutece.portal.service.captcha.CaptchaSecurityService() STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 64 Medium

fr.paris.lutece.portal.service.content.PageData

Bug Category Details Line Priority
fr.paris.lutece.portal.service.content.PageData.getDateUpdate() may expose internal representation by returning PageData._tsDateUpdate MALICIOUS_CODE EI_EXPOSE_REP 430 Medium
fr.paris.lutece.portal.service.content.PageData.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into PageData._tsDateUpdate MALICIOUS_CODE EI_EXPOSE_REP2 441 Medium

fr.paris.lutece.portal.service.csv.CSVReaderService

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(PhysicalFile, int, boolean, boolean, boolean, Locale, String): new java.io.InputStreamReader(InputStream) I18N DM_DEFAULT_ENCODING 302 High
Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(String, int, boolean, boolean, boolean, Locale, String): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 220 High
Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(FileItem, int, boolean, boolean, boolean, Locale, String): new java.io.InputStreamReader(InputStream) I18N DM_DEFAULT_ENCODING 171 High

fr.paris.lutece.portal.service.daemon.AnonymizationDaemon

Bug Category Details Line Priority
Useless object stored in variable sbResult of method fr.paris.lutece.portal.service.daemon.AnonymizationDaemon.run() STYLE UC_USELESS_OBJECT 61 Medium

fr.paris.lutece.portal.service.daemon.AppDaemonService

Bug Category Details Line Priority
Boxing/unboxing to parse a primitive fr.paris.lutece.portal.service.daemon.AppDaemonService.modifyDaemonInterval(String, String) PERFORMANCE DM_BOXED_PRIMITIVE_FOR_PARSING 271 High

fr.paris.lutece.portal.service.daemon.DaemonEntry

Bug Category Details Line Priority
fr.paris.lutece.portal.service.daemon.DaemonEntry.setLastRunDate(Date) may expose internal representation by storing an externally mutable object into DaemonEntry._dateLastRunDate MALICIOUS_CODE EI_EXPOSE_REP2 275 Medium

fr.paris.lutece.portal.service.daemon.DaemonScheduler

Bug Category Details Line Priority
Useless object stored in variable scheduled of method fr.paris.lutece.portal.service.daemon.DaemonScheduler.shutdown() STYLE UC_USELESS_OBJECT 257 Medium

fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon

Bug Category Details Line Priority
Load of known null value in fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon.run() STYLE NP_LOAD_OF_KNOWN_NULL_VALUE 148 Medium

fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon$RunnableWrapper

Bug Category Details Line Priority
Should fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon$RunnableWrapper be a _static_ inner class? PERFORMANCE SIC_INNER_SHOULD_BE_STATIC 70-87 Medium

fr.paris.lutece.portal.service.database.DAOUtilTransactionManager

Bug Category Details Line Priority
The field fr.paris.lutece.portal.service.database.DAOUtilTransactionManager._logger is transient but isn't set by deserialization BAD_PRACTICE SE_TRANSIENT_FIELD_NOT_RESTORED Not available Medium

fr.paris.lutece.portal.service.datastore.LocalizedData

Bug Category Details Line Priority
fr.paris.lutece.portal.service.datastore.LocalizedData defines compareTo(Object) and uses Object.equals() BAD_PRACTICE EQ_COMPARETO_USE_OBJECT_EQUALS 178-184 Medium

fr.paris.lutece.portal.service.event.AbstractEventManager

Bug Category Details Line Priority
fr.paris.lutece.portal.service.event.AbstractEventManager.notifyListeners(AbstractLuteceEvent) makes inefficient use of keySet iterator instead of entrySet iterator PERFORMANCE WMI_WRONG_MAP_ITERATOR 37 Medium

fr.paris.lutece.portal.service.i18n.I18nService

Bug Category Details Line Priority
fr.paris.lutece.portal.service.i18n.I18nService.<static initializer for I18nService>() creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block MALICIOUS_CODE DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED 119 Medium

fr.paris.lutece.portal.service.image.ImageResource

Bug Category Details Line Priority
fr.paris.lutece.portal.service.image.ImageResource.getImage() may expose internal representation by returning ImageResource._strImage MALICIOUS_CODE EI_EXPOSE_REP 69 Medium
fr.paris.lutece.portal.service.image.ImageResource.setImage(byte[]) may expose internal representation by storing an externally mutable object into ImageResource._strImage MALICIOUS_CODE EI_EXPOSE_REP2 80 Medium

fr.paris.lutece.portal.service.image.ImageResourceManager

Bug Category Details Line Priority
fr.paris.lutece.portal.service.image.ImageResourceManager.IMAGE_SERVLET_BASE_URL isn't final but should be MALICIOUS_CODE MS_SHOULD_BE_FINAL 51 High

fr.paris.lutece.portal.service.init.AppInit

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.portal.service.init.AppInit.initProperties(String): new java.io.FileWriter(String) I18N DM_DEFAULT_ENCODING 339 High

fr.paris.lutece.portal.service.jpa.EntityManagerService

Bug Category Details Line Priority
Write to static field fr.paris.lutece.portal.service.jpa.EntityManagerService._mapFactories from instance method fr.paris.lutece.portal.service.jpa.EntityManagerService.setMapFactories(Map) STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD 61 High

fr.paris.lutece.portal.service.plugin.PluginFile

Bug Category Details Line Priority
fr.paris.lutece.portal.service.plugin.PluginFile.load(String) may fail to clean up java.io.InputStream EXPERIMENTAL OBL_UNSATISFIED_OBLIGATION 151 Medium

fr.paris.lutece.portal.service.plugin.PluginService

Bug Category Details Line Priority
Possible null pointer dereference in fr.paris.lutece.portal.service.plugin.PluginService.loadPlugins() due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 149 Medium

fr.paris.lutece.portal.service.portal.PortalService

Bug Category Details Line Priority
Nullcheck of request at line 321 of value previously dereferenced in fr.paris.lutece.portal.service.portal.PortalService.buildPageContent(int, PageData, int, HttpServletRequest) CORRECTNESS RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE 274 High

fr.paris.lutece.portal.service.regularexpression.RegularExpressionService

Bug Category Details Line Priority
Redundant nullcheck of fr.paris.lutece.portal.service.regularexpression.RegularExpressionService._service, which is known to be non-null in new fr.paris.lutece.portal.service.regularexpression.RegularExpressionService() STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 65 Medium

fr.paris.lutece.portal.service.scheduler.JobSchedulerService

Bug Category Details Line Priority
Write to static field fr.paris.lutece.portal.service.scheduler.JobSchedulerService._scheduler from instance method fr.paris.lutece.portal.service.scheduler.JobSchedulerService.init() STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD 86 Medium

fr.paris.lutece.portal.service.search.LuceneSearchEngine

Bug Category Details Line Priority
Exception is caught when Exception is not thrown in fr.paris.lutece.portal.service.search.LuceneSearchEngine.search(String, String, Query, HttpServletRequest, boolean) STYLE REC_CATCH_EXCEPTION 286 Medium

fr.paris.lutece.portal.service.search.PageIndexer

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.portal.service.search.PageIndexer.getDocument(Page, String): String.getBytes() I18N DM_DEFAULT_ENCODING 229 High

fr.paris.lutece.portal.service.search.SearchResult

Bug Category Details Line Priority
fr.paris.lutece.portal.service.search.SearchResult.getDate() may expose internal representation by returning SearchResult._date MALICIOUS_CODE EI_EXPOSE_REP 81 Medium
fr.paris.lutece.portal.service.search.SearchResult.setDate(Date) may expose internal representation by storing an externally mutable object into SearchResult._date MALICIOUS_CODE EI_EXPOSE_REP2 92 Medium

fr.paris.lutece.portal.service.search.SponsoredLinksSearchService

Bug Category Details Line Priority
Redundant nullcheck of fr.paris.lutece.portal.service.search.SponsoredLinksSearchService._sponsoredLinksService, which is known to be non-null in new fr.paris.lutece.portal.service.search.SponsoredLinksSearchService() STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 64 Medium

fr.paris.lutece.portal.service.security.LuteceUser

Bug Category Details Line Priority
fr.paris.lutece.portal.service.security.LuteceUser.getGroups() may expose internal representation by returning LuteceUser._groups MALICIOUS_CODE EI_EXPOSE_REP 332 Medium
fr.paris.lutece.portal.service.security.LuteceUser.getRoles() may expose internal representation by returning LuteceUser._roles MALICIOUS_CODE EI_EXPOSE_REP 286 Medium

fr.paris.lutece.portal.service.security.RsaService

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.portal.service.security.RsaService.decryptRsa(String): new String(byte[]) I18N DM_DEFAULT_ENCODING 81 High

fr.paris.lutece.portal.service.spring.SpringContextService

Bug Category Details Line Priority
Exception is caught when Exception is not thrown in fr.paris.lutece.portal.service.spring.SpringContextService.init(ServletContext) STYLE REC_CATCH_EXCEPTION 208 Medium

fr.paris.lutece.portal.service.user.attribute.AttributeTypeService

Bug Category Details Line Priority
Write to static field fr.paris.lutece.portal.service.user.attribute.AttributeTypeService._listAttributeTypes from instance method fr.paris.lutece.portal.service.user.attribute.AttributeTypeService.getAttributeTypes(Locale) STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD 90 Medium

fr.paris.lutece.portal.web.dashboard.DashboardJspBean

Bug Category Details Line Priority
fr.paris.lutece.portal.web.dashboard.DashboardJspBean is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID 57-188 Medium

fr.paris.lutece.portal.web.documentation.AdminDocumentationJspBean

Bug Category Details Line Priority
Relative path traversal in fr.paris.lutece.portal.web.documentation.AdminDocumentationJspBean.getDocumentation(HttpServletRequest) SECURITY PT_RELATIVE_PATH_TRAVERSAL 122 Medium

fr.paris.lutece.portal.web.download.AbstractDownloadServlet

Bug Category Details Line Priority
Redundant nullcheck of fileStoreServiceProvider, which is known to be non-null in fr.paris.lutece.portal.web.download.AbstractDownloadServlet.doGet(HttpServletRequest, HttpServletResponse) STYLE RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE 70 Medium

fr.paris.lutece.portal.web.l10n.LocaleService

Bug Category Details Line Priority
Possible null pointer dereference of request in fr.paris.lutece.portal.web.l10n.LocaleService.getContextUserLocale(HttpServletRequest) CORRECTNESS NP_NULL_ON_SOME_PATH 170 Medium

fr.paris.lutece.portal.web.search.SearchApp

Bug Category Details Line Priority
Class fr.paris.lutece.portal.web.search.SearchApp defines non-transient non-serializable instance field _engine BAD_PRACTICE SE_BAD_FIELD Not available Medium

fr.paris.lutece.portal.web.system.SystemFile

Bug Category Details Line Priority
fr.paris.lutece.portal.web.system.SystemFile.getDate() may expose internal representation by returning SystemFile._date MALICIOUS_CODE EI_EXPOSE_REP 120 Medium
fr.paris.lutece.portal.web.system.SystemFile.setDate(Date) may expose internal representation by storing an externally mutable object into SystemFile._date MALICIOUS_CODE EI_EXPOSE_REP2 131 Medium
fr.paris.lutece.portal.web.system.SystemFile defines compareTo(Object) and uses Object.equals() BAD_PRACTICE EQ_COMPARETO_USE_OBJECT_EQUALS 165 Medium

fr.paris.lutece.portal.web.system.SystemJspBean

Bug Category Details Line Priority
Possible null pointer dereference in fr.paris.lutece.portal.web.system.SystemJspBean.getManageFilesSystemDir(HttpServletRequest) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 160 Medium
Relative path traversal in fr.paris.lutece.portal.web.system.SystemJspBean.getFileView(HttpServletRequest) SECURITY PT_RELATIVE_PATH_TRAVERSAL 195 Medium
Relative path traversal in fr.paris.lutece.portal.web.system.SystemJspBean.getManageFilesSystemDir(HttpServletRequest) SECURITY PT_RELATIVE_PATH_TRAVERSAL 150 Medium

fr.paris.lutece.portal.web.user.AdminLoginJspBean

Bug Category Details Line Priority
Boxing/unboxing to parse a primitive fr.paris.lutece.portal.web.user.AdminLoginJspBean.doResetPassword(HttpServletRequest) PERFORMANCE DM_BOXED_PRIMITIVE_FOR_PARSING 574 High

fr.paris.lutece.util.ReferenceList

Bug Category Details Line Priority
Exception is caught when Exception is not thrown in fr.paris.lutece.util.ReferenceList.convert(Collection, String, String, boolean) STYLE REC_CATCH_EXCEPTION 145 Medium

fr.paris.lutece.util.annotation.ScannotationDB

Bug Category Details Line Priority
Possible null pointer dereference in fr.paris.lutece.util.annotation.ScannotationDB.init() due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 119 Medium

fr.paris.lutece.util.beanvalidation.DefaultValidationErrorConfig

Bug Category Details Line Priority
fr.paris.lutece.util.beanvalidation.DefaultValidationErrorConfig.getVariablesPrefix() may expose internal representation by returning DefaultValidationErrorConfig.VARIABLES_PREFIX MALICIOUS_CODE EI_EXPOSE_REP 74 Medium

fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator

Bug Category Details Line Priority
Write to static field fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator._locale from instance method new fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator() STYLE ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD 61 Medium

fr.paris.lutece.util.datatable.FilterPanel

Bug Category Details Line Priority
Class fr.paris.lutece.util.datatable.FilterPanel defines non-transient non-serializable instance field _listFilter BAD_PRACTICE SE_BAD_FIELD Not available High

fr.paris.lutece.util.env.EnvUtil

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.util.env.EnvUtil.getFileContent(String): new String(byte[]) I18N DM_DEFAULT_ENCODING 128 High

fr.paris.lutece.util.jpa.transaction.ChainedTransactionManager

Bug Category Details Line Priority
fr.paris.lutece.util.jpa.transaction.ChainedTransactionManager.getTransaction(TransactionDefinition) may return null, but is declared @Nonnull CORRECTNESS NP_NONNULL_RETURN_VIOLATION 75 High

fr.paris.lutece.util.jpa.transaction.MultiTransactionStatus

Bug Category Details Line Priority
fr.paris.lutece.util.jpa.transaction.MultiTransactionStatus.createSavepoint() may return null, but is declared @Nonnull CORRECTNESS NP_NONNULL_RETURN_VIOLATION 169 High

fr.paris.lutece.util.mail.ByteArrayDataSource

Bug Category Details Line Priority
new fr.paris.lutece.util.mail.ByteArrayDataSource(byte[], String) may expose internal representation by storing an externally mutable object into ByteArrayDataSource._data MALICIOUS_CODE EI_EXPOSE_REP2 96 Medium

fr.paris.lutece.util.mail.FileAttachment

Bug Category Details Line Priority
fr.paris.lutece.util.mail.FileAttachment.getData() may expose internal representation by returning FileAttachment._data MALICIOUS_CODE EI_EXPOSE_REP 73 Medium
new fr.paris.lutece.util.mail.FileAttachment(String, byte[], String) may expose internal representation by storing an externally mutable object into FileAttachment._data MALICIOUS_CODE EI_EXPOSE_REP2 63 Medium
fr.paris.lutece.util.mail.FileAttachment.setData(byte[]) may expose internal representation by storing an externally mutable object into FileAttachment._data MALICIOUS_CODE EI_EXPOSE_REP2 84 Medium

fr.paris.lutece.util.mail.HtmlDocument

Bug Category Details Line Priority
Found reliance on default encoding in new fr.paris.lutece.util.mail.HtmlDocument(String, String, boolean): String.getBytes() I18N DM_DEFAULT_ENCODING 120 High

fr.paris.lutece.util.pool.service.C3p0ConnectionService

Bug Category Details Line Priority
Exception is caught when Exception is not thrown in fr.paris.lutece.util.pool.service.C3p0ConnectionService.init(Map) STYLE REC_CATCH_EXCEPTION 104 Medium

fr.paris.lutece.util.pool.service.ConnectionPool

Bug Category Details Line Priority
Return value of java.sql.Statement.executeQuery(String) ignored in fr.paris.lutece.util.pool.service.ConnectionPool.isConnectionOK(Connection) CORRECTNESS RV_RETURN_VALUE_IGNORED 236 Medium

fr.paris.lutece.util.rsa.RSAKeyPairUtil

Bug Category Details Line Priority
Found reliance on default encoding in fr.paris.lutece.util.rsa.RSAKeyPairUtil.readKeys(): String.getBytes() I18N DM_DEFAULT_ENCODING 93 High

fr.paris.lutece.util.sql.Transaction

Bug Category Details Line Priority
A prepared statement is generated from a nonconstant String in fr.paris.lutece.util.sql.Transaction.prepareStatement(String, Integer, boolean) SECURITY SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING 189 High