/opt/hudson/home/jobs/1-1-site-deploy-perf/workspace/ks-1.1-perf/ks-security/ks-standard-sec/target/classes/home/tomcat/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/2.0/maven-reporting-impl-2.0.jar/home/tomcat/.m2/repository/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar/home/tomcat/.m2/repository/commons-validator/commons-validator/1.1.4/commons-validator-1.1.4.jar/home/tomcat/.m2/repository/oro/oro/2.0.7/oro-2.0.7.jar/home/tomcat/.m2/repository/doxia/doxia-core/1.0-alpha-4/doxia-core-1.0-alpha-4.jar/home/tomcat/.m2/repository/org/apache/maven/shared/maven-doxia-tools/1.0/maven-doxia-tools-1.0.jar/home/tomcat/.m2/repository/commons-io/commons-io/1.4/commons-io-1.4.jar/home/tomcat/.m2/repository/org/apache/maven/doxia/doxia-decoration-model/1.0-alpha-11/doxia-decoration-model-1.0-alpha-11.jar/home/tomcat/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-7/plexus-i18n-1.0-beta-7.jar/home/tomcat/.m2/repository/com/google/code/findbugs/findbugs-ant/1.3.9/findbugs-ant-1.3.9.jar/home/tomcat/.m2/repository/com/google/code/findbugs/findbugs/1.3.9/findbugs-1.3.9.jar/home/tomcat/.m2/repository/com/google/code/findbugs/bcel/1.3.9/bcel-1.3.9.jar/home/tomcat/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar/home/tomcat/.m2/repository/com/google/code/findbugs/jFormatString/1.3.9/jFormatString-1.3.9.jar/home/tomcat/.m2/repository/com/google/code/findbugs/annotations/1.3.9/annotations-1.3.9.jar/home/tomcat/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar/home/tomcat/.m2/repository/xml-apis/xml-apis/1.0.b2/xml-apis-1.0.b2.jar/home/tomcat/.m2/repository/jaxen/jaxen/1.1.1/jaxen-1.1.1.jar/home/tomcat/.m2/repository/jdom/jdom/1.0/jdom-1.0.jar/home/tomcat/.m2/repository/xerces/xercesImpl/2.6.2/xercesImpl-2.6.2.jar/home/tomcat/.m2/repository/xom/xom/1.0/xom-1.0.jar/home/tomcat/.m2/repository/xerces/xmlParserAPIs/2.6.2/xmlParserAPIs-2.6.2.jar/home/tomcat/.m2/repository/xalan/xalan/2.6.0/xalan-2.6.0.jar/home/tomcat/.m2/repository/com/ibm/icu/icu4j/2.6.1/icu4j-2.6.1.jar/home/tomcat/.m2/repository/asm/asm/3.1/asm-3.1.jar/home/tomcat/.m2/repository/asm/asm-analysis/3.1/asm-analysis-3.1.jar/home/tomcat/.m2/repository/asm/asm-tree/3.1/asm-tree-3.1.jar/home/tomcat/.m2/repository/asm/asm-commons/3.1/asm-commons-3.1.jar/home/tomcat/.m2/repository/asm/asm-util/3.1/asm-util-3.1.jar/home/tomcat/.m2/repository/asm/asm-xml/3.1/asm-xml-3.1.jar/home/tomcat/.m2/repository/commons-lang/commons-lang/2.4/commons-lang-2.4.jar/home/tomcat/.m2/repository/jgoodies/plastic/1.2.0/plastic-1.2.0.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/gmaven-mojo/1.0-rc-3/gmaven-mojo-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/runtime/gmaven-runtime-api/1.0-rc-3/gmaven-runtime-api-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/feature/gmaven-feature-api/1.0-rc-3/gmaven-feature-api-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/runtime/gmaven-runtime-default/1.0-rc-3/gmaven-runtime-default-1.0-rc-3.jar/home/tomcat/.m2/repository/org/slf4j/slf4j-api/1.5.0/slf4j-api-1.5.0.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/runtime/gmaven-runtime-1.5/1.0-rc-3/gmaven-runtime-1.5-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/feature/gmaven-feature-support/1.0-rc-3/gmaven-feature-support-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/runtime/gmaven-runtime-support/1.0-rc-3/gmaven-runtime-support-1.0-rc-3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/maven/gmaven-common/1.0-rc-3/gmaven-common-1.0-rc-3.jar/home/tomcat/.m2/repository/com/thoughtworks/qdox/qdox/1.6.3/qdox-1.6.3.jar/home/tomcat/.m2/repository/org/codehaus/groovy/groovy-all-minimal/1.5.6/groovy-all-minimal-1.5.6.jar/home/tomcat/.m2/repository/org/apache/ant/ant/1.7.1/ant-1.7.1.jar/home/tomcat/.m2/repository/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar/home/tomcat/.m2/repository/jline/jline/0.9.94/jline-0.9.94.jar/home/tomcat/.m2/repository/org/codehaus/plexus/plexus-resources/1.0-alpha-4/plexus-resources-1.0-alpha-4.jar/opt/java/apache-maven-2.2.1/lib/maven-2.2.1-uber.jar/home/tomcat/.m2/repository/javax/servlet/servlet-api/2.5/servlet-api-2.5.jar/home/tomcat/.m2/repository/org/springframework/spring-core/2.5.6/spring-core-2.5.6.jar/home/tomcat/.m2/repository/commons-logging/commons-logging/1.1.1/commons-logging-1.1.1.jar/home/tomcat/.m2/repository/org/springframework/spring-orm/2.5.6/spring-orm-2.5.6.jar/home/tomcat/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar/home/tomcat/.m2/repository/org/springframework/spring-beans/2.5.6/spring-beans-2.5.6.jar/home/tomcat/.m2/repository/org/springframework/spring-context/2.5.6/spring-context-2.5.6.jar/home/tomcat/.m2/repository/org/springframework/spring-tx/2.5.6/spring-tx-2.5.6.jar/home/tomcat/.m2/repository/org/springframework/security/spring-security-core/2.0.4/spring-security-core-2.0.4.jar/home/tomcat/.m2/repository/org/springframework/spring-aop/2.5.6/spring-aop-2.5.6.jar/home/tomcat/.m2/repository/commons-codec/commons-codec/1.3/commons-codec-1.3.jar/home/tomcat/.m2/repository/commons-collections/commons-collections/3.2/commons-collections-3.2.jar/home/tomcat/.m2/repository/org/springframework/security/spring-security-cas-client/2.0.4/spring-security-cas-client-2.0.4.jar/home/tomcat/.m2/repository/org/jasig/cas/cas-client-core/3.1.3/cas-client-core-3.1.3.jar/home/tomcat/.m2/repository/org/opensaml/opensaml/1.1/opensaml-1.1.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-ws-security/2.2.9/cxf-rt-ws-security-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-api/2.2.9/cxf-api-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-common-utilities/2.2.9/cxf-common-utilities-2.2.9.jar/home/tomcat/.m2/repository/wsdl4j/wsdl4j/1.6.2/wsdl4j-1.6.2.jar/home/tomcat/.m2/repository/org/apache/ws/commons/schema/XmlSchema/1.4.5/XmlSchema-1.4.5.jar/home/tomcat/.m2/repository/commons-lang/commons-lang/2.3/commons-lang-2.3.jar/home/tomcat/.m2/repository/org/codehaus/woodstox/wstx-asl/3.2.9/wstx-asl-3.2.9.jar/home/tomcat/.m2/repository/org/apache/neethi/neethi/2.0.4/neethi-2.0.4.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-common-schemas/2.2.9/cxf-common-schemas-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-core/2.2.9/cxf-rt-core-2.2.9.jar/home/tomcat/.m2/repository/com/sun/xml/bind/jaxb-impl/2.1.13/jaxb-impl-2.1.13.jar/home/tomcat/.m2/repository/javax/xml/bind/jaxb-api/2.1/jaxb-api-2.1.jar/home/tomcat/.m2/repository/javax/xml/stream/stax-api/1.0-2/stax-api-1.0-2.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-bindings-soap/2.2.9/cxf-rt-bindings-soap-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-tools-common/2.2.9/cxf-tools-common-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-databinding-jaxb/2.2.9/cxf-rt-databinding-jaxb-2.2.9.jar/home/tomcat/.m2/repository/org/apache/ws/security/wss4j/1.5.8/wss4j-1.5.8.jar/home/tomcat/.m2/repository/org/apache/santuario/xmlsec/1.4.2/xmlsec-1.4.2.jar/home/tomcat/.m2/repository/xalan/xalan/2.7.1/xalan-2.7.1.jar/home/tomcat/.m2/repository/xalan/serializer/2.7.1/serializer-2.7.1.jar/home/tomcat/.m2/repository/org/bouncycastle/bcprov-jdk15/1.43/bcprov-jdk15-1.43.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-frontend-jaxws/2.2.9/cxf-rt-frontend-jaxws-2.2.9.jar/home/tomcat/.m2/repository/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar/home/tomcat/.m2/repository/asm/asm/2.2.3/asm-2.2.3.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-bindings-xml/2.2.9/cxf-rt-bindings-xml-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-frontend-simple/2.2.9/cxf-rt-frontend-simple-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-ws-addr/2.2.9/cxf-rt-ws-addr-2.2.9.jar/home/tomcat/.m2/repository/org/apache/cxf/cxf-rt-databinding-aegis/2.2.9/cxf-rt-databinding-aegis-2.2.9.jar/home/tomcat/.m2/repository/org/kuali/student/common/ks-common-util/1.1.0-M10-SNAPSHOT/ks-common-util-1.1.0-M10-SNAPSHOT.jar/home/tomcat/.m2/repository/javax/persistence/persistence-api/1.0/persistence-api-1.0.jar/home/tomcat/.m2/repository/javax/transaction/jta/1.0.1B/jta-1.0.1B.jar/home/tomcat/.m2/repository/net/sf/ehcache/ehcache/1.4.1/ehcache-1.4.1.jar/home/tomcat/.m2/repository/net/sf/jsr107cache/jsr107cache/1.0/jsr107cache-1.0.jar/home/tomcat/.m2/repository/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.jar/home/tomcat/.m2/repository/org/slf4j/slf4j-api/1.6.0/slf4j-api-1.6.0.jar/home/tomcat/.m2/repository/org/slf4j/slf4j-log4j12/1.6.0/slf4j-log4j12-1.6.0.jar/home/tomcat/.m2/repository/log4j/log4j/1.2.14/log4j-1.2.14.jar/home/tomcat/.m2/repository/org/springframework/spring-webmvc/2.5.6/spring-webmvc-2.5.6.jar/home/tomcat/.m2/repository/org/springframework/spring-context-support/2.5.6/spring-context-support-2.5.6.jar/home/tomcat/.m2/repository/org/springframework/spring-web/2.5.6/spring-web-2.5.6.jar/home/tomcat/.m2/repository/org/aspectj/aspectjrt/1.5.4/aspectjrt-1.5.4.jar/home/tomcat/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar/home/tomcat/.m2/repository/commons-beanutils/commons-beanutils/1.7.0/commons-beanutils-1.7.0.jar/home/tomcat/.m2/repository/commons-digester/commons-digester/1.8/commons-digester-1.8.jar/home/tomcat/.m2/repository/commons-chain/commons-chain/1.1/commons-chain-1.1.jar/home/tomcat/.m2/repository/commons-validator/commons-validator/1.3.1/commons-validator-1.3.1.jar/home/tomcat/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar/home/tomcat/.m2/repository/sslext/sslext/1.2-0/sslext-1.2-0.jar/home/tomcat/.m2/repository/org/apache/struts/struts-core/1.3.8/struts-core-1.3.8.jar/home/tomcat/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar/home/tomcat/.m2/repository/org/apache/struts/struts-taglib/1.3.8/struts-taglib-1.3.8.jar/home/tomcat/.m2/repository/org/apache/struts/struts-tiles/1.3.8/struts-tiles-1.3.8.jar/home/tomcat/.m2/repository/org/apache/velocity/velocity/1.6.4/velocity-1.6.4.jar/home/tomcat/.m2/repository/logkit/logkit/2.0/logkit-2.0.jar/home/tomcat/.m2/repository/org/antlr/antlr-runtime/3.1.1/antlr-runtime-3.1.1.jar/home/tomcat/.m2/repository/org/kuali/rice/rice-api/1.0.3/rice-api-1.0.3.jar/home/tomcat/.m2/repository/org/apache/geronimo/specs/geronimo-ws-metadata_2.0_spec/1.1.2/geronimo-ws-metadata_2.0_spec-1.1.2.jar/home/tomcat/.m2/repository/org/apache/geronimo/specs/geronimo-annotation_1.0_spec/1.1.1/geronimo-annotation_1.0_spec-1.1.1.jar/opt/hudson/home/jobs/1-1-site-deploy-perf/workspace/ks-1.1-perf/ks-security/ks-standard-sec/src/main/java/opt/hudson/home/jobs/1-1-site-deploy-perf/workspace/ks-1.1-perf/ks-security/ks-standard-sec/targetNullcheck of value previously dereferencedNullcheck of mc at line 242 of value previously dereferenced in org.kuali.student.security.cxf.interceptors.SamlTokenCxfOutInterceptor$SamlTokenCxfOutInterceptorInternal.handleMessage(SoapMessage)At SamlTokenCxfOutInterceptor.java:[lines 131-415]In class org.kuali.student.security.cxf.interceptors.SamlTokenCxfOutInterceptor$SamlTokenCxfOutInterceptorInternalIn method org.kuali.student.security.cxf.interceptors.SamlTokenCxfOutInterceptor$SamlTokenCxfOutInterceptorInternal.handleMessage(SoapMessage)Value loaded from mcAt SamlTokenCxfOutInterceptor.java:[line 143]Redundant null check at SamlTokenCxfOutInterceptor.java:[line 242]May expose internal representation by incorporating reference to mutable objectnew org.kuali.student.security.filter.KSLogoutFilter(String, LogoutHandler[]) may expose internal representation by storing an externally mutable object into KSLogoutFilter.handlersAt KSLogoutFilter.java:[lines 44-188]In class org.kuali.student.security.filter.KSLogoutFilterIn method new org.kuali.student.security.filter.KSLogoutFilter(String, LogoutHandler[])In KSLogoutFilter.javaField org.kuali.student.security.filter.KSLogoutFilter.handlersLocal variable named handlersAt KSLogoutFilter.java:[line 65]Method may fail to close streamorg.kuali.student.security.saml.service.SamlIssuerServiceImpl.validateCasProxyTicket(String, String) may fail to close streamAt SamlIssuerServiceImpl.java:[lines 42-182]In class org.kuali.student.security.saml.service.SamlIssuerServiceImplIn method org.kuali.student.security.saml.service.SamlIssuerServiceImpl.validateCasProxyTicket(String, String)At Reader.java:[lines 49-232]Need to close java.io.Reader At SamlIssuerServiceImpl.java:[line 57]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.certificateAlias from instance method org.kuali.student.security.util.SamlUtils.setCertificateAlias(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setCertificateAlias(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.certificateAliasAt SamlUtils.java:[line 335]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.keystoreFile from instance method org.kuali.student.security.util.SamlUtils.setKeystoreFile(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setKeystoreFile(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.keystoreFileAt SamlUtils.java:[line 279]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.keystorePass from instance method org.kuali.student.security.util.SamlUtils.setKeystorePass(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setKeystorePass(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.keystorePassAt SamlUtils.java:[line 293]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.keystoreType from instance method org.kuali.student.security.util.SamlUtils.setKeystoreType(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setKeystoreType(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.keystoreTypeAt SamlUtils.java:[line 265]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.privateKeyAlias from instance method org.kuali.student.security.util.SamlUtils.setPrivateKeyAlias(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setPrivateKeyAlias(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.privateKeyAliasAt SamlUtils.java:[line 307]Write to static field from instance methodWrite to static field org.kuali.student.security.util.SamlUtils.privateKeyPass from instance method org.kuali.student.security.util.SamlUtils.setPrivateKeyPass(String)At SamlUtils.java:[lines 63-336]In class org.kuali.student.security.util.SamlUtilsIn method org.kuali.student.security.util.SamlUtils.setPrivateKeyPass(String)In SamlUtils.javaField org.kuali.student.security.util.SamlUtils.privateKeyPassAt SamlUtils.java:[line 321]DodgyMalicious code vulnerabilityBad practiceCorrectnessMay expose internal representation by incorporating reference to mutable object

<p> This code stores a reference to an externally mutable object into the internal representation of the object.&nbsp; If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.</p>

Method may fail to close stream

<p> The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.&nbsp; This may result in a file descriptor leak.&nbsp; It is generally a good idea to use a <code>finally</code> block to ensure that streams are closed.</p>

Write to static field from instance method

<p> This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice. </p>

Nullcheck of value previously dereferenced

<p> A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.</p>

Misuse of static fieldsRedundant comparison to nullStoring reference to mutable objectStream not closed on all paths