SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 33 |
48 |
0 |
0 |
nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel at new nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel(String, OtsSimulatorInterface) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
97 |
Medium |
| Dead store to params in nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel.handle(String, Request, HttpServletRequest, HttpServletResponse) |
STYLE |
DLS_DEAD_LOCAL_STORE |
244 |
Medium |
| nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel.getAnimationPanel() may expose internal representation by returning OtsWebModel.animationPanel |
MALICIOUS_CODE |
EI_EXPOSE_REP |
123 |
Medium |
| HTTP parameter written to Servlet output in nl.tudelft.simulation.dsol.jetty.sse.OtsWebModel.handle(String, Request, HttpServletRequest, HttpServletResponse) |
SECURITY |
XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER |
524 |
Medium |
nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer at new nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer(String, OtsSimulatorInterface, Bounds2d) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
96 |
Medium |
| nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer.getAnimationPanel() may expose internal representation by returning OtsWebServer.animationPanel |
MALICIOUS_CODE |
EI_EXPOSE_REP |
158 |
Medium |
| new nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer(String, OtsSimulatorInterface, Bounds2d) invokes nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$ServerThread.start() |
MT_CORRECTNESS |
SC_START_IN_CTOR |
100 |
High |
nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$ServerThread
| Bug |
Category |
Details |
Line |
Priority |
| Hard coded reference to an absolute pathname in nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$ServerThread.run() |
STYLE |
DMI_HARDCODED_ABSOLUTE_FILENAME |
113 |
High |
nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$XHRHandler
| Bug |
Category |
Details |
Line |
Priority |
| Dead store to params in nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$XHRHandler.handle(String, Request, HttpServletRequest, HttpServletResponse) |
STYLE |
DLS_DEAD_LOCAL_STORE |
277 |
Medium |
| new nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$XHRHandler(OtsWebServer) may expose internal representation by storing an externally mutable object into OtsWebServer$XHRHandler.webServer |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
266 |
Medium |
| HTTP parameter written to Servlet output in nl.tudelft.simulation.dsol.jetty.sse.OtsWebServer$XHRHandler.handle(String, Request, HttpServletRequest, HttpServletResponse) |
SECURITY |
XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER |
557 |
Medium |
nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$ServerThread
| Bug |
Category |
Details |
Line |
Priority |
| Hard coded reference to an absolute pathname in nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$ServerThread.run() |
STYLE |
DMI_HARDCODED_ABSOLUTE_FILENAME |
101 |
High |
nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler
| Bug |
Category |
Details |
Line |
Priority |
| Boxing/unboxing to parse a primitive nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.setParameters(OtsModelInterface, String) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
503 |
High |
| Boxing/unboxing to parse a primitive nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.setParameters(OtsModelInterface, String) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
508 |
High |
| Boxing/unboxing to parse a primitive nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.setParameters(OtsModelInterface, String) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
523 |
High |
| Boxing/unboxing to parse a primitive nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.setParameters(OtsModelInterface, String) |
PERFORMANCE |
DM_BOXED_PRIMITIVE_FOR_PARSING |
518 |
High |
| Exception is caught when Exception is not thrown in nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.setParameters(OtsModelInterface, String) |
STYLE |
REC_CATCH_EXCEPTION |
551 |
Medium |
| HTTP parameter written to Servlet output in nl.tudelft.simulation.dsol.jetty.sse.TestDemoServer$XHRHandler.handle(String, Request, HttpServletRequest, HttpServletResponse) |
SECURITY |
XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER |
278 |
Medium |
nl.tudelft.simulation.dsol.web.animation.HtmlDevice
| Bug |
Category |
Details |
Line |
Priority |
| nl.tudelft.simulation.dsol.web.animation.HtmlDevice.getConfigurations() may expose internal representation by returning HtmlDevice.htmlGraphicsConfigurations |
MALICIOUS_CODE |
EI_EXPOSE_REP |
53 |
Medium |
nl.tudelft.simulation.dsol.web.animation.HtmlGraphics2d
| Bug |
Category |
Details |
Line |
Priority |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphics2d.getRenderingHints() may expose internal representation by returning HtmlGraphics2d.renderingHints |
MALICIOUS_CODE |
EI_EXPOSE_REP |
658 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphics2d.getTransform() may expose internal representation by returning HtmlGraphics2d.affineTransform |
MALICIOUS_CODE |
EI_EXPOSE_REP |
729 |
Medium |
nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration
| Bug |
Category |
Details |
Line |
Priority |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration.getBounds() may expose internal representation by returning HtmlGraphicsConfiguration.bounds |
MALICIOUS_CODE |
EI_EXPOSE_REP |
98 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration.getDefaultTransform() may expose internal representation by returning HtmlGraphicsConfiguration.identityTransform |
MALICIOUS_CODE |
EI_EXPOSE_REP |
82 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration.getDevice() may expose internal representation by returning HtmlGraphicsConfiguration.htmlDevice |
MALICIOUS_CODE |
EI_EXPOSE_REP |
47 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration.getNormalizingTransform() may expose internal representation by returning HtmlGraphicsConfiguration.identityTransform |
MALICIOUS_CODE |
EI_EXPOSE_REP |
90 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsConfiguration.setDevice(HtmlDevice) may expose internal representation by storing an externally mutable object into HtmlGraphicsConfiguration.htmlDevice |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
58 |
Medium |
nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsEnvironment
| Bug |
Category |
Details |
Line |
Priority |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsEnvironment.createGraphics(BufferedImage) may expose internal representation by returning HtmlGraphicsEnvironment.graphics2D |
MALICIOUS_CODE |
EI_EXPOSE_REP |
67 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.HtmlGraphicsEnvironment.getDefaultScreenDevice() may expose internal representation by returning HtmlGraphicsEnvironment.htmlDevice |
MALICIOUS_CODE |
EI_EXPOSE_REP |
59 |
Medium |
nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel at new nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel(Bounds2d, OtsSimulatorInterface) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
110 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel.getDragLine() may expose internal representation by returning HtmlAnimationPanel.dragLine |
MALICIOUS_CODE |
EI_EXPOSE_REP |
385 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel.getElements() may expose internal representation by returning HtmlAnimationPanel.elements |
MALICIOUS_CODE |
EI_EXPOSE_REP |
377 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel.getToggleButtons() may expose internal representation by returning HtmlAnimationPanel.toggleButtons |
MALICIOUS_CODE |
EI_EXPOSE_REP |
575 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlAnimationPanel.isShowClass(Class) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
187 |
Medium |
nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel
| Bug |
Category |
Details |
Line |
Priority |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.getPreferredSize() may expose internal representation by returning HtmlGridPanel.preferredSize |
MALICIOUS_CODE |
EI_EXPOSE_REP |
519 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.getSize() may expose internal representation by returning HtmlGridPanel.size |
MALICIOUS_CODE |
EI_EXPOSE_REP |
471 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.setPreferredSize(Dimension) may expose internal representation by storing an externally mutable object into HtmlGridPanel.preferredSize |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
527 |
Medium |
| nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.setSize(Dimension) may expose internal representation by storing an externally mutable object into HtmlGridPanel.size |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
479 |
Medium |
| Inconsistent synchronization of nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.extent; locked 92% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
198 |
Medium |
| Inconsistent synchronization of nl.tudelft.simulation.dsol.web.animation.d2.HtmlGridPanel.renderableScale; locked 60% of time |
MT_CORRECTNESS |
IS2_INCONSISTENT_SYNC |
454 |
Medium |
org.opentrafficsim.web.test.CircularModelWeb
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.opentrafficsim.web.test.CircularModelWeb at new org.opentrafficsim.web.test.CircularModelWeb(String, OtsSimulatorInterface, OtsModelInterface) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
35 |
Medium |
org.opentrafficsim.web.test.CircularRoadModel
| Bug |
Category |
Details |
Line |
Priority |
| Random object created and used only once in org.opentrafficsim.web.test.CircularRoadModel.constructModel() |
BAD_PRACTICE |
DMI_RANDOM_USED_ONLY_ONCE |
215 |
High |
| org.opentrafficsim.web.test.CircularRoadModel.getMinimumDistance() may expose internal representation by returning CircularRoadModel.minimumDistance |
MALICIOUS_CODE |
EI_EXPOSE_REP |
280 |
Medium |
| org.opentrafficsim.web.test.CircularRoadModel.getNetwork() may expose internal representation by returning CircularRoadModel.network |
MALICIOUS_CODE |
EI_EXPOSE_REP |
272 |
Medium |
| Exception is caught when Exception is not thrown in org.opentrafficsim.web.test.CircularRoadModel.constructModel() |
STYLE |
REC_CATCH_EXCEPTION |
222 |
Medium |
org.opentrafficsim.web.test.InputParameterHelper
| Bug |
Category |
Details |
Line |
Priority |
| new org.opentrafficsim.web.test.InputParameterHelper(InputParameterMap) may expose internal representation by storing an externally mutable object into InputParameterHelper.rootMap |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
41 |
Medium |
org.opentrafficsim.web.test.TJunctionDemo
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.opentrafficsim.web.test.TJunctionDemo at new org.opentrafficsim.web.test.TJunctionDemo(String, OtsSimulatorInterface, OtsModelInterface) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
36 |
Medium |
org.opentrafficsim.web.test.TJunctionModel
| Bug |
Category |
Details |
Line |
Priority |
| Hard coded reference to an absolute pathname in org.opentrafficsim.web.test.TJunctionModel.constructModel() |
STYLE |
DMI_HARDCODED_ABSOLUTE_FILENAME |
57 |
Medium |
| org.opentrafficsim.web.test.TJunctionModel.getNetwork() may expose internal representation by returning TJunctionModel.network |
MALICIOUS_CODE |
EI_EXPOSE_REP |
122 |
Medium |
