Produced using SpotBugs3.1.0-RC6.
Project:
3196 lines of code analyzed, in 93 classes, in 4 packages.
| Metric | Total | Density* |
|---|---|---|
| High Priority Warnings | 6 | 1.88 |
| Medium Priority Warnings | 9 | 2.82 |
| Low Priority Warnings | 11 | 3.44 |
| Total Warnings | 26 | 8.14 |
(* Defects per Thousand lines of non-commenting source statements)
| Warning Type | Number |
|---|---|
| Bad practice Warnings | 4 |
| Experimental Warnings | 1 |
| Internationalization Warnings | 7 |
| Malicious code vulnerability Warnings | 1 |
| Performance Warnings | 5 |
| Dodgy code Warnings | 8 |
| Total | 26 |
Click on each warning link to see a full description of the issue, and details of how to resolve it.
| Warning | Priority | Details |
|---|---|---|
| Method may fail to close stream | Medium |
groovyx.net.http.NativeHandlers$Parsers.textToString(ChainedHttpConfig, FromServer) may fail to close stream |
| Method ignores exceptional return value | Medium |
Exceptional return value of java.io.File.delete() ignored in groovyx.net.http.FileBackedCookieStore.deleteFile(NonBlockingCookieStore$Key) |
| Method ignores exceptional return value | Medium |
Exceptional return value of java.io.File.delete() ignored in groovyx.net.http.FileBackedCookieStore.lambda$readAll$5(File) |
| Confusing method names | Low |
Confusing to have methods groovyx.net.http.JavaHttpBuilder$Action$JavaFromServer.getUri() and groovyx.net.http.NonBlockingCookieStore$UriKey.getURI() |
| Warning | Priority | Details |
|---|---|---|
| Method may fail to clean up stream or resource | Medium |
groovyx.net.http.NativeHandlers$Encoders.handleRawUpload(ChainedHttpConfig, ToServer) may fail to clean up java.io.InputStream |
| Warning | Priority | Details |
|---|---|---|
| Reliance on default encoding | High |
Found reliance on default encoding in groovyx.net.http.FileBackedCookieStore.lambda$readAll$5(File): new java.io.FileReader(File) |
| Reliance on default encoding | High |
Found reliance on default encoding in groovyx.net.http.FileBackedCookieStore.lambda$store$3(NonBlockingCookieStore$Key, HttpCookie): new java.io.FileWriter(File) |
| Reliance on default encoding | High |
Found reliance on default encoding in groovyx.net.http.FromServer.getReader(): new java.io.InputStreamReader(InputStream) |
| Reliance on default encoding | High |
Found reliance on default encoding in groovyx.net.http.util.IoUtils.copyAsString(BufferedInputStream): new String(byte[]) |
| Consider using Locale parameterized version of invoked method | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase() in groovyx.net.http.JavaHttpBuilder$Action.addHeaders() |
| Consider using Locale parameterized version of invoked method | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase() in groovyx.net.http.NonBlockingCookieStore$Key.forStorage(String) |
| Consider using Locale parameterized version of invoked method | Low |
Use of non-localized String.toUpperCase() or String.toLowerCase() in groovyx.net.http.util.Misc.isPropertySet(String) |
| Warning | Priority | Details |
|---|---|---|
| Field isn't final but should be | High |
groovyx.net.http.NativeHandlers$Parsers.catalogResolver isn't final but should be |
| Warning | Priority | Details |
|---|---|---|
| Boxing/unboxing to parse a primitive | High |
Boxing/unboxing to parse a primitive groovyx.net.http.FileBackedCookieStore.fromProperties(Properties) |
| Unread field | Medium |
Unread field: groovyx.net.http.HttpConfigs$ThreadSafeAuth.preemptive |
| Private method is never called | Low |
Private method groovyx.net.http.NonBlockingCookieStore.makeURI(String) is never called |
| Unread field | Low |
Unread field: groovyx.net.http.CharSequenceInputStream.charset |
| Unread field | Low |
Unread field: groovyx.net.http.ReaderInputStream.charset |
| Warning | Priority | Details |
|---|---|---|
| Dead store to local variable | Medium |
Dead store to maxAge in groovyx.net.http.FileBackedCookieStore.fromProperties(Properties) |
| Dead store to local variable | Medium |
Dead store to H in groovyx.net.http.NonBlockingCookieStore.netscapeDomainMatches(String, String) |
| Possible null pointer dereference due to return value of called method | Medium |
Possible null pointer dereference in groovyx.net.http.FileBackedCookieStore.readAll() due to return value of called method |
| Possible null pointer dereference on branch that might be infeasible | Medium |
Possible null pointer dereference of NonBlockingCookieStore$DomainKey.path on branch that might be infeasible in groovyx.net.http.NonBlockingCookieStore$DomainKey.pathEquals(NonBlockingCookieStore$DomainKey) |
| Load of known null value | Low |
Load of known null value in groovyx.net.http.UriBuilder.forCookie(HttpCookie) |
| Load of known null value | Low |
Load of known null value in groovyx.net.http.UriBuilder.forCookie(HttpCookie) |
| Load of known null value | Low |
Load of known null value in groovyx.net.http.UriBuilder.forCookie(HttpCookie) |
| Method directly allocates a specific implementation of xml interfaces | Low |
groovyx.net.http.optional.Html.neckoParse(ChainedHttpConfig, FromServer) directly allocates a specific implementation of xml interfaces |
A boxed primitive is created from a String, just to extract the unboxed primitive value. It is more efficient to just call the static parseXXX method.
This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because SpotBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the
versions instead.
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
The referenced methods have names that differ only by capitalization.
The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was non-null).
The return value from a method is dereferenced without a null check,
and the return value of that method is one that should generally be checked
for null. This may lead to a NullPointerException when the code is executed.
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a NullPointerException when the code is executed.
Of course, the problem might be that the branch or statement is infeasible and that
the null pointer exception can't ever be executed; deciding that is beyond the ability of SpotBugs.
Due to the fact that this value had been previously tested for nullness,
this is a definite possibility.
This method may fail to clean up (close, dispose of) a stream, database object, or other resource requiring an explicit cleanup operation.
In general, if a method opens a stream or other resource, the method should use a try/finally block to ensure that the stream or resource is cleaned up before the method returns.
This bug pattern is essentially the same as the OS_OPEN_STREAM and ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and hopefully better) static analysis technique. We are interested is getting feedback about the usefulness of this bug pattern. For sending feedback, check:
In particular, the false-positive suppression heuristics for this bug pattern have not been extensively tuned, so reports about false positives are helpful to us.
See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes, for a description of the analysis technique.
The method creates an IO stream object, does not assign it to any
fields, pass it to other methods that might close it,
or return it, and does not appear to close
the stream on all paths out of the method. This may result in
a file descriptor leak. It is generally a good
idea to use a finally block to ensure that streams are
closed.
This method returns a value that is not checked. The return value should be checked
since it can indicate an unusual or unexpected function execution. For
example, the File.delete() method returns false
if the file could not be successfully deleted (rather than
throwing an Exception).
If you don't check the result, you won't notice if the method invocation
signals unexpected behavior by returning an atypical return value.
This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.
This field is never read. Consider removing it from the class.
This method allocates a specific implementation of an xml interface. It is preferable to use the supplied factory classes to create these objects so that the implementation can be changed at runtime. See
for details.