KS Security Token Service - FindBugs Bug Detector Report

Last Published: 2011-10-27 | Version: 1.2

Project Documentation

Project Information
Project Reports
- Cobertura Test Coverage
- FindBugs Report

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 1.3.9

Threshold is medium

Effort is min

Summary

Classes	Bugs	Errors	Missing Classes
99	32	0	0

Files

Class	Bugs
org.kuali.student.security.filter.ProxyTicketRetrieverFilterSTS	3
org.kuali.student.security.policy.dto.PolicyReference	2
org.kuali.student.security.trust.dto.AuthenticatorType	2
org.kuali.student.security.trust.dto.BinarySecretType	2
org.kuali.student.security.trust.service.SecurityTokenServiceImpl	1
org.kuali.student.security.xmldsig.dto.DSAKeyValueType	14
org.kuali.student.security.xmldsig.dto.RSAKeyValueType	4
org.kuali.student.security.xmldsig.dto.ReferenceType	2
org.kuali.student.security.xmldsig.dto.SignatureValueType	2

org.kuali.student.security.filter.ProxyTicketRetrieverFilterSTS

Bug	Category	Details	Line	Priority
Dead store to principal in org.kuali.student.security.filter.ProxyTicketRetrieverFilterSTS.doFilterHttp(HttpServletRequest, HttpServletResponse, FilterChain)	STYLE	DLS_DEAD_LOCAL_STORE	78	Medium
Possible null pointer dereference of rstr in org.kuali.student.security.filter.ProxyTicketRetrieverFilterSTS.doFilterHttp(HttpServletRequest, HttpServletResponse, FilterChain)	CORRECTNESS	NP_NULL_ON_SOME_PATH	97	Medium
Exception is caught when Exception is not thrown in org.kuali.student.security.filter.ProxyTicketRetrieverFilterSTS.doFilterHttp(HttpServletRequest, HttpServletResponse, FilterChain)	STYLE	REC_CATCH_EXCEPTION	155	Medium

org.kuali.student.security.policy.dto.PolicyReference

Bug	Category	Details	Line	Priority
org.kuali.student.security.policy.dto.PolicyReference.getDigest() may expose internal representation by returning PolicyReference.digest	MALICIOUS_CODE	EI_EXPOSE_REP	84	Medium
org.kuali.student.security.policy.dto.PolicyReference.setDigest(byte[]) may expose internal representation by storing an externally mutable object into PolicyReference.digest	MALICIOUS_CODE	EI_EXPOSE_REP2	95	Medium

org.kuali.student.security.trust.dto.AuthenticatorType

Bug	Category	Details	Line	Priority
org.kuali.student.security.trust.dto.AuthenticatorType.getCombinedHash() may expose internal representation by returning AuthenticatorType.combinedHash	MALICIOUS_CODE	EI_EXPOSE_REP	54	Medium
org.kuali.student.security.trust.dto.AuthenticatorType.setCombinedHash(byte[]) may expose internal representation by storing an externally mutable object into AuthenticatorType.combinedHash	MALICIOUS_CODE	EI_EXPOSE_REP2	65	Medium

org.kuali.student.security.trust.dto.BinarySecretType

Bug	Category	Details	Line	Priority
org.kuali.student.security.trust.dto.BinarySecretType.getValue() may expose internal representation by returning BinarySecretType.value	MALICIOUS_CODE	EI_EXPOSE_REP	54	Medium
org.kuali.student.security.trust.dto.BinarySecretType.setValue(byte[]) may expose internal representation by storing an externally mutable object into BinarySecretType.value	MALICIOUS_CODE	EI_EXPOSE_REP2	65	Medium

org.kuali.student.security.trust.service.SecurityTokenServiceImpl

Bug	Category	Details	Line	Priority
org.kuali.student.security.trust.service.SecurityTokenServiceImpl.validateCasProxyTicket(String, String) may fail to close stream	BAD_PRACTICE	OS_OPEN_STREAM	178	Medium

org.kuali.student.security.xmldsig.dto.DSAKeyValueType

Bug	Category	Details	Line	Priority
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getG() may expose internal representation by returning DSAKeyValueType.g	MALICIOUS_CODE	EI_EXPOSE_REP	118	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getJ() may expose internal representation by returning DSAKeyValueType.j	MALICIOUS_CODE	EI_EXPOSE_REP	162	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getP() may expose internal representation by returning DSAKeyValueType.p	MALICIOUS_CODE	EI_EXPOSE_REP	74	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getPgenCounter() may expose internal representation by returning DSAKeyValueType.pgenCounter	MALICIOUS_CODE	EI_EXPOSE_REP	206	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getQ() may expose internal representation by returning DSAKeyValueType.q	MALICIOUS_CODE	EI_EXPOSE_REP	96	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getSeed() may expose internal representation by returning DSAKeyValueType.seed	MALICIOUS_CODE	EI_EXPOSE_REP	184	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.getY() may expose internal representation by returning DSAKeyValueType.y	MALICIOUS_CODE	EI_EXPOSE_REP	140	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setG(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.g	MALICIOUS_CODE	EI_EXPOSE_REP2	129	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setJ(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.j	MALICIOUS_CODE	EI_EXPOSE_REP2	173	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setP(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.p	MALICIOUS_CODE	EI_EXPOSE_REP2	85	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setPgenCounter(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.pgenCounter	MALICIOUS_CODE	EI_EXPOSE_REP2	217	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setQ(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.q	MALICIOUS_CODE	EI_EXPOSE_REP2	107	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setSeed(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.seed	MALICIOUS_CODE	EI_EXPOSE_REP2	195	Medium
org.kuali.student.security.xmldsig.dto.DSAKeyValueType.setY(byte[]) may expose internal representation by storing an externally mutable object into DSAKeyValueType.y	MALICIOUS_CODE	EI_EXPOSE_REP2	151	Medium

org.kuali.student.security.xmldsig.dto.RSAKeyValueType

Bug	Category	Details	Line	Priority
org.kuali.student.security.xmldsig.dto.RSAKeyValueType.getExponent() may expose internal representation by returning RSAKeyValueType.exponent	MALICIOUS_CODE	EI_EXPOSE_REP	72	Medium
org.kuali.student.security.xmldsig.dto.RSAKeyValueType.getModulus() may expose internal representation by returning RSAKeyValueType.modulus	MALICIOUS_CODE	EI_EXPOSE_REP	50	Medium
org.kuali.student.security.xmldsig.dto.RSAKeyValueType.setExponent(byte[]) may expose internal representation by storing an externally mutable object into RSAKeyValueType.exponent	MALICIOUS_CODE	EI_EXPOSE_REP2	83	Medium
org.kuali.student.security.xmldsig.dto.RSAKeyValueType.setModulus(byte[]) may expose internal representation by storing an externally mutable object into RSAKeyValueType.modulus	MALICIOUS_CODE	EI_EXPOSE_REP2	61	Medium

org.kuali.student.security.xmldsig.dto.ReferenceType

Bug	Category	Details	Line	Priority
org.kuali.student.security.xmldsig.dto.ReferenceType.getDigestValue() may expose internal representation by returning ReferenceType.digestValue	MALICIOUS_CODE	EI_EXPOSE_REP	121	Medium
org.kuali.student.security.xmldsig.dto.ReferenceType.setDigestValue(byte[]) may expose internal representation by storing an externally mutable object into ReferenceType.digestValue	MALICIOUS_CODE	EI_EXPOSE_REP2	132	Medium

org.kuali.student.security.xmldsig.dto.SignatureValueType

Bug	Category	Details	Line	Priority
org.kuali.student.security.xmldsig.dto.SignatureValueType.getValue() may expose internal representation by returning SignatureValueType.value	MALICIOUS_CODE	EI_EXPOSE_REP	54	Medium
org.kuali.student.security.xmldsig.dto.SignatureValueType.setValue(byte[]) may expose internal representation by storing an externally mutable object into SignatureValueType.value	MALICIOUS_CODE	EI_EXPOSE_REP2	65	Medium