SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.0.4
Threshold is
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 1127 |
13 |
8 |
11 |
org.apache.logging.log4j.core.LoggerContext
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.logging.log4j.core.LoggerContext(String, Object, String) invokes Thread.start() |
MT_CORRECTNESS |
SC_START_IN_CTOR |
171 |
High |
| new org.apache.logging.log4j.core.LoggerContext(String, Object, URI) invokes Thread.start() |
MT_CORRECTNESS |
SC_START_IN_CTOR |
140 |
High |
org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.logging.log4j.core.appender.rolling.action.FileRenameAction.execute(File, File, boolean): new java.io.PrintWriter(String) |
I18N |
DM_DEFAULT_ENCODING |
141 |
High |
org.apache.logging.log4j.core.config.AbstractConfiguration
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.logging.log4j.core.config.AbstractConfiguration.createAdvertiser(String, ConfigurationSource, byte[], String): new String(byte[]) |
I18N |
DM_DEFAULT_ENCODING |
476 |
High |
org.apache.logging.log4j.core.config.LockingReliabilityStrategy
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.logging.log4j.core.config.LockingReliabilityStrategy.beforeLogEvent() does not release lock on all paths |
MT_CORRECTNESS |
UL_UNRELEASED_LOCK |
114 |
High |
org.apache.logging.log4j.core.config.status.StatusConfiguration
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.logging.log4j.core.config.status.StatusConfiguration.parseStreamName(String): new java.io.PrintStream(OutputStream, boolean) |
I18N |
DM_DEFAULT_ENCODING |
123 |
High |
org.apache.logging.log4j.core.impl.ThreadContextDataInjector
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.logging.log4j.core.impl.ThreadContextDataInjector.contextDataProviders isn't final but should be |
MALICIOUS_CODE |
MS_SHOULD_BE_FINAL |
62 |
High |
org.apache.logging.log4j.core.net.TcpSocketManager
| Bug |
Category |
Details |
Line |
Priority |
| new org.apache.logging.log4j.core.net.TcpSocketManager(String, OutputStream, Socket, InetAddress, String, int, int, int, boolean, Layout, int, SocketOptions) invokes org.apache.logging.log4j.core.net.TcpSocketManager$Reconnector.start() |
MT_CORRECTNESS |
SC_START_IN_CTOR |
146 |
High |
org.apache.logging.log4j.core.script.ScriptManager
| Bug |
Category |
Details |
Line |
Priority |
| Class org.apache.logging.log4j.core.script.ScriptManager defines non-transient non-serializable instance field manager |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
High |
| Class org.apache.logging.log4j.core.script.ScriptManager defines non-transient non-serializable instance field watchManager |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
High |
org.apache.logging.log4j.core.tools.picocli.CommandLine$Interpreter
| Bug |
Category |
Details |
Line |
Priority |
| Useless condition: it's known that cluster.length() > 0 at this point |
STYLE |
UC_USELESS_CONDITION |
2160 |
High |
org.apache.logging.log4j.core.util.NameUtil
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in org.apache.logging.log4j.core.util.NameUtil.md5(String): String.getBytes() |
I18N |
DM_DEFAULT_ENCODING |
56 |
High |
| This API MD5 (MDX) is not a recommended cryptographic hash function |
SECURITY |
WEAK_MESSAGE_DIGEST_MD5 |
57 |
High |
