FindBugs Bug Detector Report
The following document contains the results of FindBugs
FindBugs Version is 3.0.1
Threshold is
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 716 |
100 |
0 |
0 |
fr.paris.lutece.portal.business.file.File
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.file.File.getDateCreation() may expose internal representation by returning File._dateCreation |
MALICIOUS_CODE |
EI_EXPOSE_REP |
210 |
Medium |
| fr.paris.lutece.portal.business.file.File.setDateCreation(Timestamp) may expose internal representation by storing an externally mutable object into File._dateCreation |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
221 |
Medium |
fr.paris.lutece.portal.business.page.Page
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.page.Page.getDateUpdate() may expose internal representation by returning Page._dateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
383 |
Medium |
| fr.paris.lutece.portal.business.page.Page.getImageContent() may expose internal representation by returning Page._strImageContent |
MALICIOUS_CODE |
EI_EXPOSE_REP |
162 |
Medium |
| fr.paris.lutece.portal.business.page.Page.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into Page._dateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
373 |
Medium |
| fr.paris.lutece.portal.business.page.Page.setImageContent(byte[]) may expose internal representation by storing an externally mutable object into Page._strImageContent |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
173 |
Medium |
fr.paris.lutece.portal.business.physicalfile.PhysicalFile
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.physicalfile.PhysicalFile.getValue() may expose internal representation by returning PhysicalFile._byValue |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
| fr.paris.lutece.portal.business.physicalfile.PhysicalFile.setValue(byte[]) may expose internal representation by storing an externally mutable object into PhysicalFile._byValue |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
85 |
Medium |
fr.paris.lutece.portal.business.portlet.Portlet
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.portlet.Portlet.getDateUpdate() may expose internal representation by returning Portlet._dateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
286 |
Medium |
| fr.paris.lutece.portal.business.portlet.Portlet.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into Portlet._dateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
297 |
Medium |
fr.paris.lutece.portal.business.rss.FeedResource
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.rss.FeedResource.getDate() may expose internal representation by returning FeedResource._date |
MALICIOUS_CODE |
EI_EXPOSE_REP |
175 |
Medium |
| fr.paris.lutece.portal.business.rss.FeedResource.setDate(Date) may expose internal representation by storing an externally mutable object into FeedResource._date |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
184 |
Medium |
fr.paris.lutece.portal.business.rss.FeedResourceItem
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.rss.FeedResourceItem.getDate() may expose internal representation by returning FeedResourceItem._date |
MALICIOUS_CODE |
EI_EXPOSE_REP |
128 |
Medium |
| fr.paris.lutece.portal.business.rss.FeedResourceItem.setDate(Date) may expose internal representation by storing an externally mutable object into FeedResourceItem._date |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
137 |
Medium |
fr.paris.lutece.portal.business.stylesheet.StyleSheet
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.stylesheet.StyleSheet.getSource() may expose internal representation by returning StyleSheet._strSource |
MALICIOUS_CODE |
EI_EXPOSE_REP |
162 |
Medium |
| fr.paris.lutece.portal.business.stylesheet.StyleSheet.setSource(byte[]) may expose internal representation by storing an externally mutable object into StyleSheet._strSource |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
173 |
Medium |
fr.paris.lutece.portal.business.user.AdminUser
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.user.AdminUser.getAccountMaxValidDate() may expose internal representation by returning AdminUser._accountMaxValidDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
357 |
Medium |
| fr.paris.lutece.portal.business.user.AdminUser.getDateLastLogin() may expose internal representation by returning AdminUser._dateLastLogin |
MALICIOUS_CODE |
EI_EXPOSE_REP |
631 |
Medium |
| fr.paris.lutece.portal.business.user.AdminUser.getPasswordMaxValidDate() may expose internal representation by returning AdminUser._passwordMaxValidDate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
336 |
Medium |
| fr.paris.lutece.portal.business.user.AdminUser.setAccountMaxValidDate(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._accountMaxValidDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
368 |
Medium |
| fr.paris.lutece.portal.business.user.AdminUser.setDateLastLogin(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._dateLastLogin |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
642 |
Medium |
| fr.paris.lutece.portal.business.user.AdminUser.setPasswordMaxValidDate(Timestamp) may expose internal representation by storing an externally mutable object into AdminUser._passwordMaxValidDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
347 |
Medium |
fr.paris.lutece.portal.business.user.AdminUserFilter
| Bug |
Category |
Details |
Line |
Priority |
| Boxing/unboxing to parse a primitive fr.paris.lutece.portal.business.user.AdminUserFilter.setAdminUserFilter(HttpServletRequest) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
252 |
High |
fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser.getDateValidityPassword() may expose internal representation by returning LuteceDefaultAdminUser._dateValidityPassword |
MALICIOUS_CODE |
EI_EXPOSE_REP |
101 |
Medium |
| fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser.setDateValidityPassword(Date) may expose internal representation by storing an externally mutable object into LuteceDefaultAdminUser._dateValidityPassword |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
112 |
Medium |
| Class fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser defines non-transient non-serializable instance field _password |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
fr.paris.lutece.portal.business.user.authentication.PasswordFactory$PBKDF2Password
| Bug |
Category |
Details |
Line |
Priority |
| Boxing/unboxing to parse a primitive new fr.paris.lutece.portal.business.user.authentication.PasswordFactory$PBKDF2Password(String, PasswordFactory$PBKDF2Password$PASSWORD_REPRESENTATION) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
199 |
High |
fr.paris.lutece.portal.business.user.log.UserLog
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.business.user.log.UserLog.getDateLogin() may expose internal representation by returning UserLog._dateLogin |
MALICIOUS_CODE |
EI_EXPOSE_REP |
110 |
Medium |
| fr.paris.lutece.portal.business.user.log.UserLog.setDateLogin(Timestamp) may expose internal representation by storing an externally mutable object into UserLog._dateLogin |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
121 |
Medium |
fr.paris.lutece.portal.service.accesscontrol.AccessControlService
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of fr.paris.lutece.portal.service.accesscontrol.AccessControlService._provider, which is known to be non-null in new fr.paris.lutece.portal.service.accesscontrol.AccessControlService() |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
68 |
Medium |
fr.paris.lutece.portal.service.captcha.CaptchaSecurityService
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of fr.paris.lutece.portal.service.captcha.CaptchaSecurityService._captchaService, which is known to be non-null in new fr.paris.lutece.portal.service.captcha.CaptchaSecurityService() |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
64 |
Medium |
fr.paris.lutece.portal.service.content.PageData
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.content.PageData.getDateUpdate() may expose internal representation by returning PageData._tsDateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP |
430 |
Medium |
| fr.paris.lutece.portal.service.content.PageData.setDateUpdate(Timestamp) may expose internal representation by storing an externally mutable object into PageData._tsDateUpdate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
441 |
Medium |
fr.paris.lutece.portal.service.csv.CSVReaderService
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(PhysicalFile, int, boolean, boolean, boolean, Locale, String): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
302 |
High |
| Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(String, int, boolean, boolean, boolean, Locale, String): new java.io.FileReader(File) |
I18N |
DM_DEFAULT_ENCODING |
220 |
High |
| Found reliance on default encoding in fr.paris.lutece.portal.service.csv.CSVReaderService.readCSVFile(FileItem, int, boolean, boolean, boolean, Locale, String): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
171 |
High |
fr.paris.lutece.portal.service.daemon.AnonymizationDaemon
| Bug |
Category |
Details |
Line |
Priority |
| Useless object stored in variable sbResult of method fr.paris.lutece.portal.service.daemon.AnonymizationDaemon.run() |
STYLE |
UC_USELESS_OBJECT |
61 |
Medium |
fr.paris.lutece.portal.service.daemon.AppDaemonService
| Bug |
Category |
Details |
Line |
Priority |
| Boxing/unboxing to parse a primitive fr.paris.lutece.portal.service.daemon.AppDaemonService.modifyDaemonInterval(String, String) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
271 |
High |
fr.paris.lutece.portal.service.daemon.DaemonEntry
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.daemon.DaemonEntry.setLastRunDate(Date) may expose internal representation by storing an externally mutable object into DaemonEntry._dateLastRunDate |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
275 |
Medium |
fr.paris.lutece.portal.service.daemon.DaemonScheduler
| Bug |
Category |
Details |
Line |
Priority |
| Useless object stored in variable scheduled of method fr.paris.lutece.portal.service.daemon.DaemonScheduler.shutdown() |
STYLE |
UC_USELESS_OBJECT |
257 |
Medium |
fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon
| Bug |
Category |
Details |
Line |
Priority |
| Load of known null value in fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon.run() |
STYLE |
NP_LOAD_OF_KNOWN_NULL_VALUE |
148 |
Medium |
fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon$RunnableWrapper
| Bug |
Category |
Details |
Line |
Priority |
| Should fr.paris.lutece.portal.service.daemon.ThreadLauncherDaemon$RunnableWrapper be a _static_ inner class? |
PERFORMANCE |
SIC_INNER_SHOULD_BE_STATIC |
70-87 |
Medium |
fr.paris.lutece.portal.service.database.DAOUtilTransactionManager
| Bug |
Category |
Details |
Line |
Priority |
| The field fr.paris.lutece.portal.service.database.DAOUtilTransactionManager._logger is transient but isn't set by deserialization |
BAD_PRACTICE |
SE_TRANSIENT_FIELD_NOT_RESTORED |
Not available |
Medium |
fr.paris.lutece.portal.service.datastore.LocalizedData
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.datastore.LocalizedData defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
200-206 |
Medium |
fr.paris.lutece.portal.service.event.AbstractEventManager
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.event.AbstractEventManager.notifyListeners(AbstractLuteceEvent) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
37 |
Medium |
fr.paris.lutece.portal.service.i18n.I18nService
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.i18n.I18nService.<static initializer for I18nService>() creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block |
MALICIOUS_CODE |
DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED |
119 |
Medium |
fr.paris.lutece.portal.service.image.ImageResource
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.image.ImageResource.getImage() may expose internal representation by returning ImageResource._strImage |
MALICIOUS_CODE |
EI_EXPOSE_REP |
69 |
Medium |
| fr.paris.lutece.portal.service.image.ImageResource.setImage(byte[]) may expose internal representation by storing an externally mutable object into ImageResource._strImage |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
fr.paris.lutece.portal.service.image.ImageResourceManager
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.image.ImageResourceManager.IMAGE_SERVLET_BASE_URL isn't final but should be |
MALICIOUS_CODE |
MS_SHOULD_BE_FINAL |
51 |
High |
fr.paris.lutece.portal.service.init.AppInit
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.portal.service.init.AppInit.initProperties(String): new java.io.FileWriter(String) |
I18N |
DM_DEFAULT_ENCODING |
341 |
High |
fr.paris.lutece.portal.service.jpa.EntityManagerService
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field fr.paris.lutece.portal.service.jpa.EntityManagerService._mapFactories from instance method fr.paris.lutece.portal.service.jpa.EntityManagerService.setMapFactories(Map) |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
61 |
High |
fr.paris.lutece.portal.service.plugin.PluginFile
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.plugin.PluginFile.load(String) may fail to clean up java.io.InputStream |
EXPERIMENTAL |
OBL_UNSATISFIED_OBLIGATION |
151 |
Medium |
fr.paris.lutece.portal.service.plugin.PluginService
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in fr.paris.lutece.portal.service.plugin.PluginService.loadPlugins() due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
149 |
Medium |
fr.paris.lutece.portal.service.portal.PortalService
| Bug |
Category |
Details |
Line |
Priority |
| Nullcheck of request at line 321 of value previously dereferenced in fr.paris.lutece.portal.service.portal.PortalService.buildPageContent(int, PageData, int, HttpServletRequest) |
CORRECTNESS |
RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE |
274 |
High |
fr.paris.lutece.portal.service.regularexpression.RegularExpressionService
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of fr.paris.lutece.portal.service.regularexpression.RegularExpressionService._service, which is known to be non-null in new fr.paris.lutece.portal.service.regularexpression.RegularExpressionService() |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
65 |
Medium |
fr.paris.lutece.portal.service.scheduler.JobSchedulerService
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field fr.paris.lutece.portal.service.scheduler.JobSchedulerService._scheduler from instance method fr.paris.lutece.portal.service.scheduler.JobSchedulerService.init() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
86 |
Medium |
fr.paris.lutece.portal.service.search.LuceneSearchEngine
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in fr.paris.lutece.portal.service.search.LuceneSearchEngine.search(String, String, Query, HttpServletRequest, boolean) |
STYLE |
REC_CATCH_EXCEPTION |
286 |
Medium |
fr.paris.lutece.portal.service.search.PageIndexer
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.portal.service.search.PageIndexer.getDocument(Page, String): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
229 |
High |
fr.paris.lutece.portal.service.search.SearchResult
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.search.SearchResult.getDate() may expose internal representation by returning SearchResult._date |
MALICIOUS_CODE |
EI_EXPOSE_REP |
81 |
Medium |
| fr.paris.lutece.portal.service.search.SearchResult.setDate(Date) may expose internal representation by storing an externally mutable object into SearchResult._date |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
fr.paris.lutece.portal.service.search.SponsoredLinksSearchService
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of fr.paris.lutece.portal.service.search.SponsoredLinksSearchService._sponsoredLinksService, which is known to be non-null in new fr.paris.lutece.portal.service.search.SponsoredLinksSearchService() |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
64 |
Medium |
fr.paris.lutece.portal.service.security.LuteceUser
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.service.security.LuteceUser.getGroups() may expose internal representation by returning LuteceUser._groups |
MALICIOUS_CODE |
EI_EXPOSE_REP |
332 |
Medium |
| fr.paris.lutece.portal.service.security.LuteceUser.getRoles() may expose internal representation by returning LuteceUser._roles |
MALICIOUS_CODE |
EI_EXPOSE_REP |
286 |
Medium |
fr.paris.lutece.portal.service.security.RsaService
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.portal.service.security.RsaService.decryptRsa(String, PrivateKey): new String(byte[]) |
I18N |
DM_DEFAULT_ENCODING |
108 |
High |
fr.paris.lutece.portal.service.spring.SpringContextService
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in fr.paris.lutece.portal.service.spring.SpringContextService.init(ServletContext) |
STYLE |
REC_CATCH_EXCEPTION |
208 |
Medium |
fr.paris.lutece.portal.service.user.attribute.AttributeTypeService
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field fr.paris.lutece.portal.service.user.attribute.AttributeTypeService._listAttributeTypes from instance method fr.paris.lutece.portal.service.user.attribute.AttributeTypeService.getAttributeTypes(Locale) |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
90 |
Medium |
fr.paris.lutece.portal.web.dashboard.DashboardJspBean
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.web.dashboard.DashboardJspBean is Serializable; consider declaring a serialVersionUID |
BAD_PRACTICE |
SE_NO_SERIALVERSIONID |
57-188 |
Medium |
fr.paris.lutece.portal.web.documentation.AdminDocumentationJspBean
| Bug |
Category |
Details |
Line |
Priority |
| Relative path traversal in fr.paris.lutece.portal.web.documentation.AdminDocumentationJspBean.getDocumentation(HttpServletRequest) |
SECURITY |
PT_RELATIVE_PATH_TRAVERSAL |
122 |
Medium |
fr.paris.lutece.portal.web.download.AbstractDownloadServlet
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of fileStoreServiceProvider, which is known to be non-null in fr.paris.lutece.portal.web.download.AbstractDownloadServlet.doGet(HttpServletRequest, HttpServletResponse) |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE |
70 |
Medium |
fr.paris.lutece.portal.web.l10n.LocaleService
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference of request in fr.paris.lutece.portal.web.l10n.LocaleService.getContextUserLocale(HttpServletRequest) |
CORRECTNESS |
NP_NULL_ON_SOME_PATH |
170 |
Medium |
fr.paris.lutece.portal.web.search.SearchApp
| Bug |
Category |
Details |
Line |
Priority |
| Class fr.paris.lutece.portal.web.search.SearchApp defines non-transient non-serializable instance field _engine |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
fr.paris.lutece.portal.web.system.SystemFile
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.portal.web.system.SystemFile.getDate() may expose internal representation by returning SystemFile._date |
MALICIOUS_CODE |
EI_EXPOSE_REP |
120 |
Medium |
| fr.paris.lutece.portal.web.system.SystemFile.setDate(Date) may expose internal representation by storing an externally mutable object into SystemFile._date |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
131 |
Medium |
| fr.paris.lutece.portal.web.system.SystemFile defines compareTo(Object) and uses Object.equals() |
BAD_PRACTICE |
EQ_COMPARETO_USE_OBJECT_EQUALS |
165 |
Medium |
fr.paris.lutece.portal.web.system.SystemJspBean
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in fr.paris.lutece.portal.web.system.SystemJspBean.getManageFilesSystemDir(HttpServletRequest) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
160 |
Medium |
| Relative path traversal in fr.paris.lutece.portal.web.system.SystemJspBean.getFileView(HttpServletRequest) |
SECURITY |
PT_RELATIVE_PATH_TRAVERSAL |
195 |
Medium |
| Relative path traversal in fr.paris.lutece.portal.web.system.SystemJspBean.getManageFilesSystemDir(HttpServletRequest) |
SECURITY |
PT_RELATIVE_PATH_TRAVERSAL |
150 |
Medium |
fr.paris.lutece.portal.web.user.AdminLoginJspBean
| Bug |
Category |
Details |
Line |
Priority |
| Boxing/unboxing to parse a primitive fr.paris.lutece.portal.web.user.AdminLoginJspBean.doResetPassword(HttpServletRequest) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
574 |
High |
fr.paris.lutece.util.PropertiesService
| Bug |
Category |
Details |
Line |
Priority |
| Unread field: fr.paris.lutece.util.PropertiesService.MESSAGE_CIPHERED_PROPERTY_SECURITY_EXCEPTION; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
61 |
Medium |
| Unread field: fr.paris.lutece.util.PropertiesService.RSA_KEY_PREFIX; should this field be static? |
PERFORMANCE |
SS_SHOULD_BE_STATIC |
60 |
Medium |
fr.paris.lutece.util.ReferenceList
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in fr.paris.lutece.util.ReferenceList.convert(Collection, String, String, boolean) |
STYLE |
REC_CATCH_EXCEPTION |
145 |
Medium |
fr.paris.lutece.util.annotation.ScannotationDB
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in fr.paris.lutece.util.annotation.ScannotationDB.init() due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
119 |
Medium |
fr.paris.lutece.util.beanvalidation.DefaultValidationErrorConfig
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.util.beanvalidation.DefaultValidationErrorConfig.getVariablesPrefix() may expose internal representation by returning DefaultValidationErrorConfig.VARIABLES_PREFIX |
MALICIOUS_CODE |
EI_EXPOSE_REP |
74 |
Medium |
fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator
| Bug |
Category |
Details |
Line |
Priority |
| Write to static field fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator._locale from instance method new fr.paris.lutece.util.beanvalidation.LuteceMessageInterpolator() |
STYLE |
ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD |
61 |
Medium |
fr.paris.lutece.util.datatable.FilterPanel
| Bug |
Category |
Details |
Line |
Priority |
| Class fr.paris.lutece.util.datatable.FilterPanel defines non-transient non-serializable instance field _listFilter |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
High |
fr.paris.lutece.util.env.EnvUtil
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.util.env.EnvUtil.getFileContent(String): new String(byte[]) |
I18N |
DM_DEFAULT_ENCODING |
128 |
High |
fr.paris.lutece.util.jpa.transaction.ChainedTransactionManager
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.util.jpa.transaction.ChainedTransactionManager.getTransaction(TransactionDefinition) may return null, but is declared @Nonnull |
CORRECTNESS |
NP_NONNULL_RETURN_VIOLATION |
75 |
High |
fr.paris.lutece.util.jpa.transaction.MultiTransactionStatus
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.util.jpa.transaction.MultiTransactionStatus.createSavepoint() may return null, but is declared @Nonnull |
CORRECTNESS |
NP_NONNULL_RETURN_VIOLATION |
169 |
High |
fr.paris.lutece.util.mail.ByteArrayDataSource
| Bug |
Category |
Details |
Line |
Priority |
| new fr.paris.lutece.util.mail.ByteArrayDataSource(byte[], String) may expose internal representation by storing an externally mutable object into ByteArrayDataSource._data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
96 |
Medium |
fr.paris.lutece.util.mail.FileAttachment
| Bug |
Category |
Details |
Line |
Priority |
| fr.paris.lutece.util.mail.FileAttachment.getData() may expose internal representation by returning FileAttachment._data |
MALICIOUS_CODE |
EI_EXPOSE_REP |
73 |
Medium |
| new fr.paris.lutece.util.mail.FileAttachment(String, byte[], String) may expose internal representation by storing an externally mutable object into FileAttachment._data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
63 |
Medium |
| fr.paris.lutece.util.mail.FileAttachment.setData(byte[]) may expose internal representation by storing an externally mutable object into FileAttachment._data |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
84 |
Medium |
fr.paris.lutece.util.mail.HtmlDocument
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in new fr.paris.lutece.util.mail.HtmlDocument(String, String, boolean): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
120 |
High |
fr.paris.lutece.util.pool.service.C3p0ConnectionService
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in fr.paris.lutece.util.pool.service.C3p0ConnectionService.init(Map) |
STYLE |
REC_CATCH_EXCEPTION |
104 |
Medium |
fr.paris.lutece.util.pool.service.ConnectionPool
| Bug |
Category |
Details |
Line |
Priority |
| Return value of java.sql.Statement.executeQuery(String) ignored in fr.paris.lutece.util.pool.service.ConnectionPool.isConnectionOK(Connection) |
CORRECTNESS |
RV_RETURN_VALUE_IGNORED |
236 |
Medium |
fr.paris.lutece.util.rsa.RSAKeyDatastoreProvider
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.util.rsa.RSAKeyDatastoreProvider.getPrivateKey(): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
81 |
High |
| Found reliance on default encoding in fr.paris.lutece.util.rsa.RSAKeyDatastoreProvider.getPublicKey(): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
64 |
High |
fr.paris.lutece.util.rsa.RSAKeyEnvironmentProvider
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in fr.paris.lutece.util.rsa.RSAKeyEnvironmentProvider.getPrivateKey(): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
79 |
High |
| Found reliance on default encoding in fr.paris.lutece.util.rsa.RSAKeyEnvironmentProvider.getPublicKey(): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
61 |
High |
fr.paris.lutece.util.sql.Transaction
