SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is max
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 40 | 210 | 0 | 1 |
Files
com.googlecode.htmlcompressor.CmdLineCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method com.googlecode.htmlcompressor.CmdLineCompressor.createXmlCompressor() declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 525 | Medium |
| Collection variable fileStack is named with a different type of collection in the name | STYLE | CNC_COLLECTION_NAMING_CONFUSION | 584 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createXmlCompressor() declares RuntimeException in throws clause | STYLE | DRE_DECLARED_RUNTIME_EXCEPTION | 525-529 | Medium |
| Unconstrained method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 451 | High |
| Unconstrained method com.googlecode.htmlcompressor.CmdLineCompressor.process() converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 350 | High |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.buildReader(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 651 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.buildWriter(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 670 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 434 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 451 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.buildInputOutputMap() uses integer based for loops to iterate over a List | STYLE | LII_LIST_INDEXED_ITERATING | 564 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 490 | High |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 502 | High |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 247 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 248 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 249 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 250 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 256 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 257 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 258 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 259 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 260 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 261 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 262 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 263 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 264 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 265 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 266 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 269 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 270 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 271 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 272 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 273 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 274 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 275 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 276 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 277 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 278 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 280 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 282 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 283 | Medium |
| Method new com.googlecode.htmlcompressor.CmdLineCompressor(String[]) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 287 | Medium |
| Possible null pointer dereference in com.googlecode.htmlcompressor.CmdLineCompressor.buildInputOutputMap() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 572 | Medium |
| Possible null pointer dereference in com.googlecode.htmlcompressor.CmdLineCompressor.buildInputOutputMap() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 588 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 547 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 553 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 566 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 598 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 598 | Medium |
| This API (java/io/FileInputStream.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 651 | Medium |
| This API (java/io/FileInputStream.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 434 | Medium |
| This API (java/io/FileOutputStream.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_OUT | 670 | Medium |
| Method com.googlecode.htmlcompressor.CmdLineCompressor.createHtmlCompressor() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 498 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in com.googlecode.htmlcompressor.CmdLineCompressor.buildInputOutputMap() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 551 | Medium |
| To make log readable, log format ({}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 317 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 318 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 392 | Medium |
| To make log readable, log format ({}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 394 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 395 | Medium |
| To make log readable, log format ({}) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 398 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 399 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 443 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 450 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 729 | Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. | SECURITY | URLCONNECTION_SSRF_FD | 649 | Medium |
com.googlecode.htmlcompressor.analyzer.HtmlAnalyzer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.analyzer.HtmlAnalyzer.analyze(String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 191 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 71 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 75 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 81 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 87 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 93 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 99 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 105 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 111 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 117 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 123 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 129 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 135 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 141 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 147 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 153 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 159 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 165 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 171 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 177 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 184 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 187 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 196 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 198 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 207 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 209 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 277 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 278 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 281 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 289 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 188 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 199 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 210 | Medium |
| To make log readable, log format (\n) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 276 | Medium |
| To make log readable, log format (\n) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 280 | Medium |
| To make log readable, log format (\n) should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 290 | Medium |
com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.getCompilerOptions() may expose internal representation by returning ClosureJavaScriptCompressor.compilerOptions | MALICIOUS_CODE | EI_EXPOSE_REP | 217 | Medium |
| com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.getExterns() may expose internal representation by returning ClosureJavaScriptCompressor.externs | MALICIOUS_CODE | EI_EXPOSE_REP | 264 | Medium |
| com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.setCompilerOptions(CompilerOptions) may expose internal representation by storing an externally mutable object into ClosureJavaScriptCompressor.compilerOptions | MALICIOUS_CODE | EI_EXPOSE_REP2 | 231 | Medium |
| com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.setExterns(List) may expose internal representation by storing an externally mutable object into ClosureJavaScriptCompressor.externs | MALICIOUS_CODE | EI_EXPOSE_REP2 | 288 | Medium |
| Method com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.compress(String) calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 109 | Medium |
| Method com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.compress(String) appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 130 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 115 | Medium |
| Method com.googlecode.htmlcompressor.compressor.ClosureJavaScriptCompressor.compress(String) uses simple loop to copy contents of one collection to another | STYLE | UAA_USE_ADD_ALL | 121 | Medium |
com.googlecode.htmlcompressor.compressor.HtmlCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.googlecode.htmlcompressor.compressor.HtmlCompressor.getPreservePatterns() may expose internal representation by returning HtmlCompressor.preservePatterns | MALICIOUS_CODE | EI_EXPOSE_REP | 1879 | Medium |
| com.googlecode.htmlcompressor.compressor.HtmlCompressor.getStatistics() may expose internal representation by returning HtmlCompressor.statistics | MALICIOUS_CODE | EI_EXPOSE_REP | 2299 | Medium |
| com.googlecode.htmlcompressor.compressor.HtmlCompressor.setPreservePatterns(List) may expose internal representation by storing an externally mutable object into HtmlCompressor.preservePatterns | MALICIOUS_CODE | EI_EXPOSE_REP2 | 1897 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.removeSurroundingSpaces(String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 906 | High |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.removeSurroundingSpaces(String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 908 | High |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.removeSurroundingSpaces(String) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 911 | High |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.setRemoveSurroundingSpaces(String) treats null and normal strings the same, when it should probably treat null and empty strings the same | CORRECTNESS | SPP_SUSPECT_STRING_TEST | 2342 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 537 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 553 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 567 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 581 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 592 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 605 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 619 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 651 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.preserveBlocks(String, List, List, List, List, List, List, List, List, List) trims a String temporarily | STYLE | SPP_TEMPORARY_TRIM | 664 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.<static initializer for HtmlCompressor>() passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 368 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.<static initializer for HtmlCompressor>() passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 373 | Medium |
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressor.removeSpacesInsideTags(String) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 986 | Medium |
com.googlecode.htmlcompressor.compressor.HtmlCompressorStatistics
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| com.googlecode.htmlcompressor.compressor.HtmlCompressorStatistics.getCompressedMetrics() may expose internal representation by returning HtmlCompressorStatistics.compressedMetrics | MALICIOUS_CODE | EI_EXPOSE_REP | 68 | Medium |
| com.googlecode.htmlcompressor.compressor.HtmlCompressorStatistics.getOriginalMetrics() may expose internal representation by returning HtmlCompressorStatistics.originalMetrics | MALICIOUS_CODE | EI_EXPOSE_REP | 47 | Medium |
| com.googlecode.htmlcompressor.compressor.HtmlCompressorStatistics.setCompressedMetrics(HtmlMetrics) may expose internal representation by storing an externally mutable object into HtmlCompressorStatistics.compressedMetrics | MALICIOUS_CODE | EI_EXPOSE_REP2 | 78 | Medium |
| com.googlecode.htmlcompressor.compressor.HtmlCompressorStatistics.setOriginalMetrics(HtmlMetrics) may expose internal representation by storing an externally mutable object into HtmlCompressorStatistics.originalMetrics | MALICIOUS_CODE | EI_EXPOSE_REP2 | 57 | Medium |
com.googlecode.htmlcompressor.compressor.HtmlCompressorTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.compressor.HtmlCompressorTest.readResource(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 453 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 453 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 463 | Medium |
com.googlecode.htmlcompressor.compressor.XmlCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.compressor.XmlCompressor.preserveBlocks(String, List) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 126 | Medium |
| Method com.googlecode.htmlcompressor.compressor.XmlCompressor.processXml(String) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 171 | Medium |
| Method com.googlecode.htmlcompressor.compressor.XmlCompressor.removeSpacesInsideTags(String) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 191 | Medium |
| Method com.googlecode.htmlcompressor.compressor.XmlCompressor.returnBlocks(String, List) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 150 | Medium |
com.googlecode.htmlcompressor.compressor.XmlCompressorTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.compressor.XmlCompressorTest.readResource(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 120 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 120 | Medium |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 130 | Medium |
com.googlecode.htmlcompressor.compressor.YuiCssCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 53 | Medium |
com.googlecode.htmlcompressor.compressor.YuiJavaScriptCompressor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 69 | Medium |
com.googlecode.htmlcompressor.taglib.CssCompressorTag
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 76 | Medium |
com.googlecode.htmlcompressor.taglib.HtmlCompressorTag
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.taglib.HtmlCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 163 | High |
| Method com.googlecode.htmlcompressor.taglib.HtmlCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 165 | High |
| Method com.googlecode.htmlcompressor.taglib.HtmlCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 167 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 180 | Medium |
com.googlecode.htmlcompressor.taglib.JavaScriptCompressorTag
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.googlecode.htmlcompressor.taglib.JavaScriptCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 86 | High |
| Method com.googlecode.htmlcompressor.taglib.JavaScriptCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 89 | High |
| Method com.googlecode.htmlcompressor.taglib.JavaScriptCompressorTag.doEndTag() makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 92 | High |
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 121 | Medium |
com.googlecode.htmlcompressor.taglib.XmlCompressorTag
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| To make log readable, log format () should contain non-sign character. | BAD_PRACTICE | SLF4J_SIGN_ONLY_FORMAT | 70 | Medium |
com.googlecode.htmlcompressor.velocity.CssCompressorDirective
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constrained method com.googlecode.htmlcompressor.velocity.CssCompressorDirective.render(InternalContextAdapter, Writer, Node) converts checked exception to unchecked instead of another allowable checked exception | STYLE | EXS_EXCEPTION_SOFTENING_HAS_CHECKED | 92 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 91 | High |
com.googlecode.htmlcompressor.velocity.HtmlCompressorDirective
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constrained method com.googlecode.htmlcompressor.velocity.HtmlCompressorDirective.render(InternalContextAdapter, Writer, Node) converts checked exception to unchecked instead of another allowable checked exception | STYLE | EXS_EXCEPTION_SOFTENING_HAS_CHECKED | 127 | Medium |
| Method com.googlecode.htmlcompressor.velocity.HtmlCompressorDirective.init(RuntimeServices, InternalContextAdapter, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 95 | High |
| Method com.googlecode.htmlcompressor.velocity.HtmlCompressorDirective.init(RuntimeServices, InternalContextAdapter, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 100 | High |
| Method com.googlecode.htmlcompressor.velocity.HtmlCompressorDirective.init(RuntimeServices, InternalContextAdapter, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 102 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 126 | High |
com.googlecode.htmlcompressor.velocity.JavaScriptCompressorDirective
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constrained method com.googlecode.htmlcompressor.velocity.JavaScriptCompressorDirective.render(InternalContextAdapter, Writer, Node) converts checked exception to unchecked instead of another allowable checked exception | STYLE | EXS_EXCEPTION_SOFTENING_HAS_CHECKED | 139 | Medium |
| Method com.googlecode.htmlcompressor.velocity.JavaScriptCompressorDirective.render(InternalContextAdapter, Writer, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 109 | High |
| Method com.googlecode.htmlcompressor.velocity.JavaScriptCompressorDirective.render(InternalContextAdapter, Writer, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 112 | High |
| Method com.googlecode.htmlcompressor.velocity.JavaScriptCompressorDirective.render(InternalContextAdapter, Writer, Node) makes literal string comparisons passing the literal as an argument | STYLE | LSC_LITERAL_STRING_COMPARISON | 115 | High |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 138 | High |
com.googlecode.htmlcompressor.velocity.XmlCompressorDirective
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Constrained method com.googlecode.htmlcompressor.velocity.XmlCompressorDirective.render(InternalContextAdapter, Writer, Node) converts checked exception to unchecked instead of another allowable checked exception | STYLE | EXS_EXCEPTION_SOFTENING_HAS_CHECKED | 80 | Medium |
| Format should be constant. Use placeholder to reduce the needless cost of parameter construction. see http://www.slf4j.org/faq.html#logging_performance | CORRECTNESS | SLF4J_FORMAT_SHOULD_BE_CONST | 79 | High |
jargs.gnu.CmdLineParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| jargs.gnu.CmdLineParser.getRemainingArgs() may expose internal representation by returning CmdLineParser.remainingArgs | MALICIOUS_CODE | EI_EXPOSE_REP | 768 | Medium |
| Method jargs.gnu.CmdLineParser.addValue(CmdLineParser$Option, Object) manually casts the right hand side of an assignment more specifically than needed | CORRECTNESS | OC_OVERZEALOUS_CASTING | 891 | Medium |
| Method jargs.gnu.CmdLineParser.getOptionValue(CmdLineParser$Option, Object) manually casts the right hand side of an assignment more specifically than needed | CORRECTNESS | OC_OVERZEALOUS_CASTING | 726 | Medium |
| Method jargs.gnu.CmdLineParser.parse(String[], Locale) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 872 | Medium |
jargs.gnu.CmdLineParser$Option
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class jargs.gnu.CmdLineParser$Option at new jargs.gnu.CmdLineParser$Option(char, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 277 | Medium |
| Exception thrown in class jargs.gnu.CmdLineParser$Option at new jargs.gnu.CmdLineParser$Option(String, String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 292 | Medium |
| Exception thrown in class jargs.gnu.CmdLineParser$Option at new jargs.gnu.CmdLineParser$Option(String, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 263 | Medium |
jargs.gnu.CmdLineParser$Option$DoubleOption
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method jargs.gnu.CmdLineParser$Option$DoubleOption.parseValue(String, Locale) throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 514 | Medium |
jargs.gnu.CmdLineParser$Option$IntegerOption
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method jargs.gnu.CmdLineParser$Option$IntegerOption.parseValue(String, Locale) throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 432 | Medium |
jargs.gnu.CmdLineParser$Option$LongOption
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method jargs.gnu.CmdLineParser$Option$LongOption.parseValue(String, Locale) throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 472 | Medium |