Gboat2 Web Bundle – FindBugs Bug Detector Report

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 2.0.3

Threshold is medium

Effort is min

Summary

Classes	Bugs	Errors	Missing Classes
150	119	0	0

Files

Class	Bugs
gboat2.web.Activator	1
gboat2.web.action.AuthorityAction	8
gboat2.web.action.ForwardAction	2
gboat2.web.action.GIndexAction	11
gboat2.web.action.GrepAction	3
gboat2.web.action.GroupAction	12
gboat2.web.action.GroupRoleAction	1
gboat2.web.action.LoginAction	10
gboat2.web.action.MetadataAction	6
gboat2.web.action.PreferenceAction	1
gboat2.web.action.ProfileAction	1
gboat2.web.action.ResourceAction	8
gboat2.web.action.RoleAction	10
gboat2.web.action.ShortcutAction	7
gboat2.web.action.SystemConfigAction	5
gboat2.web.action.UserAction	11
gboat2.web.action.WidgetAction	2
gboat2.web.action.WidgetAuthorityConfigAction	6
gboat2.web.business.impl.AuthorityBusinessImpl	1
gboat2.web.model.OrganDefine	2
gboat2.web.model.PreferenceConfig	2
gboat2.web.model.User	4
gboat2.web.model.Version	2
gboat2.web.service.AbstractUserAuthService	1
gboat2.web.service.impl.SessionServiceImpl	1
gboat2.web.util.IPTimeStamp	1

gboat2.web.Activator

Bug	Category	Details	Line	Priority
gboat2.web.Activator.LOCAL_BUNDLE isn't final and can't be protected from malicious code	MALICIOUS_CODE	MS_CANNOT_BE_FINAL	37	Medium
Write to static field gboat2.web.Activator.LOCAL_BUNDLE from instance method gboat2.web.Activator.start(BundleContext)	STYLE	ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD	31	Medium

gboat2.web.action.AuthorityAction

Bug	Category	Details	Line	Priority
gboat2.web.action.AuthorityAction.getOperations() may expose internal representation by returning AuthorityAction.operations	MALICIOUS_CODE	EI_EXPOSE_REP	212	Medium
gboat2.web.action.AuthorityAction.setOperations(String[]) may expose internal representation by storing an externally mutable object into AuthorityAction.operations	MALICIOUS_CODE	EI_EXPOSE_REP2	216	Medium
resource could be null and is guaranteed to be dereferenced in gboat2.web.action.AuthorityAction.authorityLog(boolean, String, String, String)	CORRECTNESS	NP_GUARANTEED_DEREF	170	Medium
role could be null and is guaranteed to be dereferenced in gboat2.web.action.AuthorityAction.authorityLog(boolean, String, String, String)	CORRECTNESS	NP_GUARANTEED_DEREF	178	Medium
Class gboat2.web.action.AuthorityAction defines non-transient non-serializable instance field authorityBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.AuthorityAction defines non-transient non-serializable instance field cacheAssistBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.AuthorityAction defines non-transient non-serializable instance field logger	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.AuthorityAction defines non-transient non-serializable instance field loggingService	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.ForwardAction

Bug	Category	Details	Line	Priority
Class gboat2.web.action.ForwardAction defines non-transient non-serializable instance field systemService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ForwardAction defines non-transient non-serializable instance field systems	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.GIndexAction

Bug	Category	Details	Line	Priority
Call to org.slf4j.Logger.equals(String) in gboat2.web.action.GIndexAction.initUserInfo()	CORRECTNESS	EC_UNRELATED_CLASS_AND_INTERFACE	273	High
Possible null pointer dereference of GIndexAction.DEV_MODE_FLAG in gboat2.web.action.GIndexAction.initDevMode() on exception path	CORRECTNESS	NP_NULL_ON_SOME_PATH_EXCEPTION	202	Medium
gboat2.web.action.GIndexAction.initDevMode() may fail to clean up java.io.InputStream	EXPERIMENTAL	OBL_UNSATISFIED_OBLIGATION	195	Medium
gboat2.web.action.GIndexAction.initDevMode() may fail to close stream	BAD_PRACTICE	OS_OPEN_STREAM	195	Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field logger	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field profileService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field sysCfg	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field sysCfgSer	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field userService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GIndexAction defines non-transient non-serializable instance field versionBus	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.GrepAction

Bug	Category	Details	Line	Priority
gboat2.web.action.GrepAction.execute() might ignore java.lang.Exception	BAD_PRACTICE	DE_MIGHT_IGNORE	51	Medium
Exception is caught when Exception is not thrown in gboat2.web.action.GrepAction.execute()	STYLE	REC_CATCH_EXCEPTION	51	Medium
Unwritten field: gboat2.web.action.GrepAction.errorMessage	CORRECTNESS	UWF_UNWRITTEN_FIELD	73	Medium

gboat2.web.action.GroupAction

Bug	Category	Details	Line	Priority
gboat2.web.action.GroupAction.getAllOrgans() may expose internal representation by returning GroupAction.allOrgans	MALICIOUS_CODE	EI_EXPOSE_REP	379	Medium
gboat2.web.action.GroupAction.getAllRoles() may expose internal representation by returning GroupAction.allRoles	MALICIOUS_CODE	EI_EXPOSE_REP	371	Medium
gboat2.web.action.GroupAction.setAllOrgans(String[]) may expose internal representation by storing an externally mutable object into GroupAction.allOrgans	MALICIOUS_CODE	EI_EXPOSE_REP2	383	Medium
gboat2.web.action.GroupAction.setAllRoles(String[]) may expose internal representation by storing an externally mutable object into GroupAction.allRoles	MALICIOUS_CODE	EI_EXPOSE_REP2	375	Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field authBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field cacheAssistBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field dataLevelAuthorityBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field dataLevelBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field groupBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field groupRoleBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field loggingService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.GroupAction defines non-transient non-serializable instance field systemCfgBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.GroupRoleAction

Bug	Category	Details	Line	Priority
Class gboat2.web.action.GroupRoleAction defines non-transient non-serializable instance field resBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.LoginAction

Bug	Category	Details	Priority
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field authorityService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field gropBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field loginBusiness	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field profileService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field sessionService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field shortcutService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field systemConfigService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field userService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.LoginAction defines non-transient non-serializable instance field userStatus	BAD_PRACTICE	SE_BAD_FIELD	Medium

gboat2.web.action.MetadataAction

Bug	Category	Details	Line	Priority
Load of known null value in gboat2.web.action.MetadataAction.getFileUrl(String, String)	STYLE	NP_LOAD_OF_KNOWN_NULL_VALUE	109	Medium
Possible null pointer dereference of path in gboat2.web.action.MetadataAction.getFileUrl(String, String) on exception path	CORRECTNESS	NP_NULL_ON_SOME_PATH_EXCEPTION	106	Medium
Repeated conditional test in gboat2.web.action.MetadataAction.getFileUrl(String, String)	CORRECTNESS	RpC_REPEATED_CONDITIONAL_TEST	107	Medium
Class gboat2.web.action.MetadataAction defines non-transient non-serializable instance field cacheService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.MetadataAction defines non-transient non-serializable instance field contentMetadata	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.MetadataAction defines non-transient non-serializable instance field metadataBusiness	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.PreferenceAction

Bug	Category	Details	Line	Priority
Class gboat2.web.action.PreferenceAction defines non-transient non-serializable instance field moduleSer	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.ProfileAction

Bug	Category	Details	Line	Priority
Class gboat2.web.action.ProfileAction defines non-transient non-serializable instance field profileService	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.ResourceAction

Bug	Category	Details	Line	Priority
gboat2.web.action.ResourceAction.getOperation() may expose internal representation by returning ResourceAction.operation	MALICIOUS_CODE	EI_EXPOSE_REP	331	Medium
gboat2.web.action.ResourceAction.setOperation(String[]) may expose internal representation by storing an externally mutable object into ResourceAction.operation	MALICIOUS_CODE	EI_EXPOSE_REP2	335	Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field cacheAssistBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field loggingService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field operaBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field resBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ResourceAction defines non-transient non-serializable instance field systemCfgBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.RoleAction

Bug	Category	Details	Priority
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field authorityBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field cacheAssistBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field dataLevelAuthorityBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field groupBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field groupRoleBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field loggingService	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field resBusiness	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field roleBusiness	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field systemCfgBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.RoleAction defines non-transient non-serializable instance field userService	BAD_PRACTICE	SE_BAD_FIELD	Medium

gboat2.web.action.ShortcutAction

Bug	Category	Details	Line	Priority
Possible null pointer dereference in gboat2.web.action.ShortcutAction.getAllShortcutIcons() due to return value of called method	STYLE	NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE	131	Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field authorityBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field gropBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field loggingService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field resourceBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.ShortcutAction defines non-transient non-serializable instance field shortcutBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.SystemConfigAction

Bug	Category	Details	Priority
Class gboat2.web.action.SystemConfigAction defines non-transient non-serializable instance field cache	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.SystemConfigAction defines non-transient non-serializable instance field gropBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.SystemConfigAction defines non-transient non-serializable instance field loginBusiness	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.SystemConfigAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium
Class gboat2.web.action.SystemConfigAction defines non-transient non-serializable instance field syscfgBusi	BAD_PRACTICE	SE_BAD_FIELD	Medium

gboat2.web.action.UserAction

Bug	Category	Details	Line	Priority
Comparison of String objects using == or != in gboat2.web.action.UserAction.postList(Page)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	281	Medium
"." or "\|" used for regular expression in gboat2.web.action.UserAction.backAuthorityToRole()	CORRECTNESS	RE_POSSIBLE_UNINTENDED_PATTERN	196	High
"." or "\|" used for regular expression in gboat2.web.action.UserAction.backAuthorityToRole()	CORRECTNESS	RE_POSSIBLE_UNINTENDED_PATTERN	197	High
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field authBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field dataLevelAuthorityBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field dataLevelBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field groupService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field loggerService	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field systemCfgBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.UserAction defines non-transient non-serializable instance field userService	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.WidgetAction

Bug	Category	Details	Line	Priority
Class gboat2.web.action.WidgetAction defines non-transient non-serializable instance field roleBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.WidgetAction defines non-transient non-serializable instance field widgetService	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.action.WidgetAuthorityConfigAction

Bug	Category	Details	Line	Priority
Possible null pointer dereference of widgetServices in gboat2.web.action.WidgetAuthorityConfigAction.createWidgetList()	CORRECTNESS	NP_NULL_ON_SOME_PATH	145	High
gboat2.web.action.WidgetAuthorityConfigAction.postList(Page) concatenates strings using + in a loop	PERFORMANCE	SBSC_USE_STRINGBUFFER_CONCATENATION	121	Medium
Class gboat2.web.action.WidgetAuthorityConfigAction defines non-transient non-serializable instance field roleBusiness	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.WidgetAuthorityConfigAction defines non-transient non-serializable instance field syscfgBusi	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.WidgetAuthorityConfigAction defines non-transient non-serializable instance field systemList	BAD_PRACTICE	SE_BAD_FIELD		Medium
Class gboat2.web.action.WidgetAuthorityConfigAction defines non-transient non-serializable instance field widgetList	BAD_PRACTICE	SE_BAD_FIELD		Medium

gboat2.web.business.impl.AuthorityBusinessImpl

Bug	Category	Details	Line	Priority
Nullcheck of curr at line 602 of value previously dereferenced in gboat2.web.business.impl.AuthorityBusinessImpl.findResourceTreeForRole(String, String, String)	CORRECTNESS	RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE	602	Medium

gboat2.web.model.OrganDefine

Bug	Category	Details	Line	Priority
gboat2.web.model.OrganDefine.getCommitTime() may expose internal representation by returning OrganDefine.commitTime	MALICIOUS_CODE	EI_EXPOSE_REP	110	Medium
gboat2.web.model.OrganDefine.setCommitTime(Date) may expose internal representation by storing an externally mutable object into OrganDefine.commitTime	MALICIOUS_CODE	EI_EXPOSE_REP2	114	Medium

gboat2.web.model.PreferenceConfig

Bug	Category	Details	Line	Priority
gboat2.web.model.PreferenceConfig.getCreateDate() may expose internal representation by returning PreferenceConfig.createDate	MALICIOUS_CODE	EI_EXPOSE_REP	92	Medium
gboat2.web.model.PreferenceConfig.setCreateDate(Date) may expose internal representation by storing an externally mutable object into PreferenceConfig.createDate	MALICIOUS_CODE	EI_EXPOSE_REP2	95	Medium

gboat2.web.model.User

Bug	Category	Details	Line	Priority
gboat2.web.model.User.getCommitTime() may expose internal representation by returning User.commitTime	MALICIOUS_CODE	EI_EXPOSE_REP	120	Medium
gboat2.web.model.User.getEndTime() may expose internal representation by returning User.endTime	MALICIOUS_CODE	EI_EXPOSE_REP	148	Medium
gboat2.web.model.User.setCommitTime(Date) may expose internal representation by storing an externally mutable object into User.commitTime	MALICIOUS_CODE	EI_EXPOSE_REP2	124	Medium
gboat2.web.model.User.setEndTime(Date) may expose internal representation by storing an externally mutable object into User.endTime	MALICIOUS_CODE	EI_EXPOSE_REP2	152	Medium

gboat2.web.model.Version

Bug	Category	Details	Line	Priority
gboat2.web.model.Version.getRecordTime() may expose internal representation by returning Version.recordTime	MALICIOUS_CODE	EI_EXPOSE_REP	78	Medium
gboat2.web.model.Version.setRecordTime(Date) may expose internal representation by storing an externally mutable object into Version.recordTime	MALICIOUS_CODE	EI_EXPOSE_REP2	83	Medium

gboat2.web.service.AbstractUserAuthService

Bug	Category	Details	Line	Priority

gboat2.web.service.impl.SessionServiceImpl

Bug	Category	Details	Line	Priority
Redundant nullcheck of user, which is known to be non-null in gboat2.web.service.impl.SessionServiceImpl.login(String, String, String, String)	STYLE	RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE	173	Medium

gboat2.web.util.IPTimeStamp

Bug	Category	Details	Line	Priority
gboat2.web.util.IPTimeStamp.getTimeStamp() concatenates strings using + in a loop	PERFORMANCE	SBSC_USE_STRINGBUFFER_CONCATENATION	35	Medium

父项目

项目文档

FindBugs Bug Detector Report

Summary

Files

gboat2.web.Activator

gboat2.web.action.AuthorityAction

gboat2.web.action.ForwardAction

gboat2.web.action.GIndexAction

gboat2.web.action.GrepAction

gboat2.web.action.GroupAction

gboat2.web.action.GroupRoleAction

gboat2.web.action.LoginAction

gboat2.web.action.MetadataAction

gboat2.web.action.PreferenceAction

gboat2.web.action.ProfileAction

gboat2.web.action.ResourceAction

gboat2.web.action.RoleAction

gboat2.web.action.ShortcutAction

gboat2.web.action.SystemConfigAction

gboat2.web.action.UserAction

gboat2.web.action.WidgetAction

gboat2.web.action.WidgetAuthorityConfigAction

gboat2.web.business.impl.AuthorityBusinessImpl

gboat2.web.model.OrganDefine

gboat2.web.model.PreferenceConfig

gboat2.web.model.User

gboat2.web.model.Version

gboat2.web.service.AbstractUserAuthService

gboat2.web.service.impl.SessionServiceImpl

gboat2.web.util.IPTimeStamp