Merge pull request #729 from gtoison/upgrade-build-to-jdk-11 #69
h3xstreamAnnotations
14 warnings
|
TQ_ALWAYS_VALUE_USED_WHERE_NEVER_REQUIRED:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/android/BroadcastDetector.java#L51
Value annotated as carrying type qualifier SlashedClassName used where a value that must not carry that qualifier is required
|
|
EI_EXPOSE_REP:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/injection/InjectionPoint.java#L38
com.h3xstream.findsecbugs.injection.InjectionPoint.getInjectableArguments() may expose internal representation by returning InjectionPoint.injectableArguments
|
|
EI_EXPOSE_REP2:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/injection/InjectionPoint.java#L33
new com.h3xstream.findsecbugs.injection.InjectionPoint(int[], String) may expose internal representation by storing an externally mutable object into InjectionPoint.injectableArguments
|
|
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/scala/PlayUnvalidatedRedirectDetector.java#L48
Possible null pointer dereference in com.h3xstream.findsecbugs.scala.PlayUnvalidatedRedirectDetector.sawOpcode(int) due to return value of called method
|
|
DM_DEFAULT_ENCODING:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/spring/CorsRegistryCORSDetector.java#L90
Found reliance on default encoding in com.h3xstream.findsecbugs.spring.CorsRegistryCORSDetector.getStringFromIdx(int): java.io.ByteArrayOutputStream.toString()
|
|
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/spring/SignatureParserWithGeneric.java#L98
Possible null pointer dereference in com.h3xstream.findsecbugs.spring.SignatureParserWithGeneric.typeToJavaClass(Type) due to return value of called method
|
|
BC_UNCONFIRMED_CAST:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/TaintAnalysis.java#L75
Unchecked/unconfirmed cast from edu.umd.cs.findbugs.classfile.MethodDescriptor to edu.umd.cs.findbugs.classfile.analysis.MethodInfo in new com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis(MethodGen, DepthFirstSearch, MethodDescriptor, TaintConfig, List)
|
|
RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/TaintAnalysis.java#L266
Nullcheck of in at line 266 of value previously dereferenced in com.h3xstream.findsecbugs.taintanalysis.TaintAnalysis.loadFileContent(String)
|
|
RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/TaintDataflowEngine.java#L144
Nullcheck of stream at line 144 of value previously dereferenced in com.h3xstream.findsecbugs.taintanalysis.TaintDataflowEngine.loadTaintConfig(String, boolean)
|
|
SF_SWITCH_NO_DEFAULT:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/TaintFrameModelingVisitor.java#L492
Switch statement found in com.h3xstream.findsecbugs.taintanalysis.TaintFrameModelingVisitor.visitReturnInstruction(ReturnInstruction) where default case is missing
|
|
RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/taintanalysis/extra/JstlExpressionWhiteLister.java#L152
Redundant nullcheck of stream, which is known to be non-null in com.h3xstream.findsecbugs.taintanalysis.extra.JstlExpressionWhiteLister.customPatternsFromFile(String)
|
|
MS_PKGPROTECT:
findsecbugs-plugin/src/main/java/com/h3xstream/findsecbugs/xss/XssJspDetector.java#L35
com.h3xstream.findsecbugs.xss.XssJspDetector.JSP_PARENT_CLASSES should be package protected
|
|
build
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v2, actions/setup-java@v1, actions/cache@v1, jwgmeligmeyling/spotbugs-github-action@master. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
build
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2, actions/setup-java@v1, actions/cache@v1, jwgmeligmeyling/spotbugs-github-action@master. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
|