bugdescriptions.html

JSP页面代码排错

<tr bgcolor="#ffffff"><td><a href="#XSS_REQUEST_PARAMETER_TO_SEND_ERROR">XSS: Servlet reflected cross site scripting vulnerability</a></td><td>Security</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER">XSS: Servlet reflected cross site scripting vulnerability</a></td><td>Security</td></tr>
<tr bgcolor="#ffffff"><td><a href="#BC_BAD_CAST_TO_ABSTRACT_COLLECTION">BC: Questionable cast to abstract collection </a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#BC_BAD_CAST_TO_CONCRETE_COLLECTION">BC: Questionable cast to concrete collection</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#BC_UNCONFIRMED_CAST">BC: Unchecked/unconfirmed cast</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#BC_VACUOUS_INSTANCEOF">BC: instanceof will always return true</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT">BSHIFT: Unsigned right shift cast to short/byte</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#CI_CONFUSED_INHERITANCE">CI: Class is final but declares protected field</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DB_DUPLICATE_BRANCHES">DB: Method uses the same code for two branches</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DB_DUPLICATE_SWITCH_CLAUSES">DB: Method uses the same code for two switch clauses</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DLS_DEAD_LOCAL_STORE">DLS: Dead store to local variable</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DLS_DEAD_LOCAL_STORE_OF_NULL">DLS: Dead store of null to local variable</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DMI_HARDCODED_ABSOLUTE_FILENAME">DMI: Code contains a hard coded reference to an absolute pathname</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DMI_NONSERIALIZABLE_OBJECT_WRITTEN">DMI: Non serializable object written to ObjectOutput</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DMI_USELESS_SUBSTRING">DMI: Invocation of substring(0), which returns the original value</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#DMI_THREAD_PASSED_WHERE_RUNNABLE_EXPECTED">Dm: Thread passed where Runnable expected</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#DMI_UNSUPPORTED_METHOD">Dm: Call to unsupported method</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#EQ_DOESNT_OVERRIDE_EQUALS">Eq: Class doesn't override equals in superclass</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#EQ_UNUSUAL">Eq: Unusual equals method </a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#FE_FLOATING_POINT_EQUALITY">FE: Test for floating point equality</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#VA_FORMAT_STRING_BAD_CONVERSION_TO_BOOLEAN">FS: Non-Boolean argument formatted using %b format specifier</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#IA_AMBIGUOUS_INVOCATION_OF_INHERITED_OR_OUTER_METHOD">IA: Ambiguous invocation of either an inherited or outer method</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#IC_INIT_CIRCULARITY">IC: Initialization circularity</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#ICAST_IDIV_CAST_TO_DOUBLE">ICAST: int division result cast to double or float</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#ICAST_INTEGER_MULTIPLY_CAST_TO_LONG">ICAST: Result of integer multiplication cast to long</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#IM_AVERAGE_COMPUTATION_COULD_OVERFLOW">IM: Computation of average could overflow</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#IM_BAD_CHECK_FOR_ODD">IM: Check for oddness that won't work for negative numbers </a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#INT_VACUOUS_COMPARISON">INT: Vacuous comparison of integer value</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#MTIA_SUSPECT_SERVLET_INSTANCE_FIELD">MTIA: Class extends Servlet class and uses instance variables</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#MTIA_SUSPECT_STRUTS_INSTANCE_FIELD">MTIA: Class extends Struts Action class and uses instance variables</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_DEREFERENCE_OF_READLINE_VALUE">NP: Dereference of the result of readLine() without nullcheck</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_IMMEDIATE_DEREFERENCE_OF_READLINE">NP: Immediate dereference of the result of readLine()</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_LOAD_OF_KNOWN_NULL_VALUE">NP: Load of known null value</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP: Possible null pointer dereference due to return value of called method</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE">NP: Possible null pointer dereference on path that might be infeasible</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE">NP: Parameter must be nonnull but is marked as nullable</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#NS_DANGEROUS_NON_SHORT_CIRCUIT">NS: Potentially dangerous use of non-short-circuit logic</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#NS_NON_SHORT_CIRCUIT">NS: Questionable use of non-short-circuit logic</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#PZLA_PREFER_ZERO_LENGTH_ARRAYS">PZLA: Consider returning a zero length array rather than null</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#QF_QUESTIONABLE_FOR_LOOP">QF: Complicated, subtle or wrong increment in for-loop </a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_COMPARISON_OF_NULL_AND_NONNULL_VALUE">RCN: Redundant comparison of non-null value to null</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_COMPARISON_TWO_NULL_VALUES">RCN: Redundant comparison of two null values</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE">RCN: Redundant nullcheck of value known to be non-null</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE">RCN: Redundant nullcheck of value known to be null</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#REC_CATCH_EXCEPTION">REC: Exception is caught when Exception is not thrown</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RI_REDUNDANT_INTERFACES">RI: Class implements same interface as superclass</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RV_CHECK_FOR_POSITIVE_INDEXOF">RV: Method checks to see if result of String.indexOf is positive</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RV_DONT_JUST_NULL_CHECK_READLINE">RV: Method discards result of readLine after checking if it is nonnull</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#RV_REM_OF_HASHCODE">RV: Remainder of hashCode could be negative</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#RV_REM_OF_RANDOM_INT">RV: Remainder of 32-bit signed random integer</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#SA_LOCAL_DOUBLE_ASSIGNMENT">SA: Double assignment of local variable </a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#SA_LOCAL_SELF_ASSIGNMENT">SA: Self assignment of local variable</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#SF_SWITCH_FALLTHROUGH">SF: Switch statement found where one case falls through to the next case</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#SF_SWITCH_NO_DEFAULT">SF: Switch statement found where default case is missing</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD">ST: Write to static field from instance method</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#SE_PRIVATE_READ_RESOLVE_NOT_INHERITED">Se: private readResolve method not inherited by subclasses</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#SE_TRANSIENT_FIELD_OF_NONSERIALIZABLE_CLASS">Se: Transient field of class that isn't Serializable. </a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#UCF_USELESS_CONTROL_FLOW">UCF: Useless control flow</a></td><td>Dodgy</td></tr>
<tr bgcolor="#ffffff"><td><a href="#UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR">UwF: Field not initialized in constructor</a></td><td>Dodgy</td></tr>
<tr bgcolor="#eeeeee"><td><a href="#XFB_XML_FACTORY_BYPASS">XFB: Method directly allocates a specific implementation of xml interfaces</a></td><td>Dodgy</td></tr>
</table>
<h2>Descriptions</h2>
<h3><a name="AM_CREATES_EMPTY_JAR_FILE_ENTRY">AM: Creates an empty jar file entry (AM_CREATES_EMPTY_JAR_FILE_ENTRY)</a></h3>


<p>The code calls <code>putNextEntry()</code>, immediately
followed by a call to <code>closeEntry()</code>. This results
in an empty JarFile entry. The contents of the entry
should be written to the JarFile between the calls to
<code>putNextEntry()</code> and
<code>closeEntry()</code>.</p>

    
<h3><a name="AM_CREATES_EMPTY_ZIP_FILE_ENTRY">AM: Creates an empty zip file entry (AM_CREATES_EMPTY_ZIP_FILE_ENTRY)</a></h3>


<p>The code calls <code>putNextEntry()</code>, immediately
followed by a call to <code>closeEntry()</code>. This results
in an empty ZipFile entry. The contents of the entry
should be written to the ZipFile between the calls to
<code>putNextEntry()</code> and
<code>closeEntry()</code>.</p>

    
<h3><a name="BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS">BC: Equals method should not assume anything about the type of its argument (BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS)</a></h3>


<p>
The <code>equals(Object o)</code> method shouldn't make any assumptions
about the type of <code>o</code>. It should simply return
false if <code>o</code> is not the same type as <code>this</code>.
</p>

    
<h3><a name="DMI_RANDOM_USED_ONLY_ONCE">BC: Random object created and used only once (DMI_RANDOM_USED_ONLY_ONCE)</a></h3>


<p> This code creates a java.util.Random object, uses it to generate one random number, and then discards
the Random object. This produces mediocre quality random numbers and is inefficient. 
If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number
is required invoke a method on the existing Random object to obtain it.
</p>

<p>If it is important that the generated Random numbers not be guessable, you <em>must</em> not create a new Random for each random
number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead
(and avoid allocating a new SecureRandom for each random number needed).
</p>

    
<h3><a name="BIT_SIGNED_CHECK">BIT: Check for sign of bitwise operation (BIT_SIGNED_CHECK)</a></h3>


<p> This method compares an expression such as
<pre>((event.detail &amp; SWT.SELECTED) &gt; 0)</pre>.
Using bit arithmetic and then comparing with the greater than operator can
lead to unexpected results (of course depending on the value of
SWT.SELECTED). If SWT.SELECTED is a negative number, this is a candidate
for a bug. Even when SWT.SELECTED is not negative, it seems good practice