 | joelevin | logout |
| ||||
| Hudson » weps2.gui » #133 » FindBugs Warnings | ||||
FindBugs ResultWarnings Trend
Summary
Details
Dm: usda.weru.weps.reports.RepBarPanel.makeData() invokes inefficient new String(String) constructor
Using the
Dm: usda.weru.weps.reports.RepBarPanel.propertyChange(PropertyChangeEvent) invokes inefficient new String(String) constructor
Using the
NP: Possible null pointer dereference in usda.weru.weps.reports.ProjectSummary.loadFile(String, String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
REC: Exception is caught when Exception is not thrown in usda.weru.weps.reports.ProjectSummary.loadFile(String, String)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
Dm: usda.weru.weps.reports.ProjectSummary.makeSummaryVector(Vector, String) invokes inefficient new String(String) constructor
Using the
NP: Possible null pointer dereference in usda.weru.weps.reports.ProjectSummary.loadFile(String, String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
UrF: Unread field: usda.weru.weps.reports.PrintListingPainter.runDir
This field is never read. Consider removing it from the class.
DLS: Dead store to rotationYrs in usda.weru.weps.reports.ProjectSummary.loadFile(String, String)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
SC: new usda.weru.wmrm.DataModel() invokes usda.weru.wmrm.DataModel$RunsWatcher.start()
The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_currentProject
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
Dm: new usda.weru.weps.reports.RepSumPanel(File, String, String) invokes inefficient new String(String) constructor
Using the
IS: Inconsistent synchronization of usda.weru.weps.reports.query.WepsDataSource.c_fields; locked 42% of time
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe. You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization. Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct. This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.
NP: Possible null pointer dereference in usda.weru.weps.reports.RepSimPanel.setSoilLossTolerance() due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
REC: Exception is caught when Exception is not thrown in usda.weru.weps.reports.RepSimPanel.setSoilLossTolerance()
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
SBSC: Method usda.weru.weps.reports.RepOutPanel.readData(String) concatenates strings using + in a loop
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration. Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly. For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
}
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
buf.append(field[i]);
}
String s = buf.toString();
Dm: usda.weru.weps.reports.RepSimPanel.propertyChange(PropertyChangeEvent) invokes inefficient new String(String) constructor
Using the
NP: Possible null pointer dereference in usda.weru.weps.reports.ManagementSummary.loadFile(String, String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
Dm: Method usda.weru.weps.reports.ManagementSummary.printPageHeader(JCPrintEvent) invokes toString() method on a String
Calling
Dm: usda.weru.weps.reports.ManagementSummary.propertyChange(PropertyChangeEvent) invokes inefficient new String(String) constructor
Using the
Dm: new usda.weru.weps.reports.ManagementSummary(String, String, String, boolean, ConfigData) invokes inefficient new String(String) constructor
Using the
SIC: Should usda.weru.weps.reports.DetailReport$TableCSHManager be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
NP: Null pointer dereference of progress in usda.weru.weps.reports.DetailReport$DetailData.load(Component, File) on exception path
A pointer which is null on an exception path is dereferenced here.
This will lead to a Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.
Dm: Method usda.weru.weps.reports.DetailReport$DetailData.parseLine(String) invokes toString() method on a String
Calling
DLS: Dead store to end in usda.weru.weps.reports.DetailReport$2.run()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
REC: Exception is caught when Exception is not thrown in usda.weru.weps.reports.PrintListingPainter.print(Graphics, PageFormat, int)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
Ru: usda.weru.weps.reports.OutputViewer.JCBFileNames_itemStateChanged(ItemEvent) explicitly invokes run on a thread (did you mean to start it instead?)
This method explicitly invokes
RCN: Nullcheck of hs at line 114 of value previously dereferenced in new usda.weru.weps.reports.OutputViewer(String, String)
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
Dm: new usda.weru.weps.reports.OutputViewer(String, String) invokes inefficient new String(String) constructor
Using the
UwF: Unwritten field: usda.weru.weps.reports.ManagementSummary.pt
This field is never written. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.
REC: Exception is caught when Exception is not thrown in usda.weru.weps.reports.ManagementSummary.loadFile(String, String)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
NP: Read of unwritten field pt in usda.weru.weps.reports.ManagementSummary.printPageFooter(JCPrintEvent)
The program is dereferencing a field that does not seem to ever have a non-null value written to it. Dereferencing this value will generate a null pointer exception.
NP: Possible null pointer dereference in usda.weru.weps.reports.ManagementSummary.loadFile(String, String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
SIC: Should usda.weru.wmrm.TableMeta$DataThreshold be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
EI2: usda.weru.wmrm.TableMeta.setColumnMap(int[]) may expose internal representation by storing an externally mutable object into TableMeta.c_columnMap
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
EI2: usda.weru.wmrm.TableMeta.setRowMap(int[]) may expose internal representation by storing an externally mutable object into TableMeta.row_map
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
DLS: Dead store to styleNode in usda.weru.wmrm.TableMeta$ColumnMeta.fromXml(Element)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
SIC: Should usda.weru.wmrm.TableMeta$DataAdjustment be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
Eq: usda.weru.wmrm.DataModel$RunGroup defines compareTo(Object) and uses Object.equals()
This class defines a From the JavaDoc for the compareTo method in the Comparable interface:
It is strongly recommended, but not strictly required that
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_watcher
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
REC: Exception is caught when Exception is not thrown in usda.weru.wmrm.RunWrapper.loadOutputData(File)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
SIC: Should usda.weru.wmrm.DataModel$RunGroup be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_projects
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_otherRuns
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_selectedGroup
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
Se: Class usda.weru.wmrm.DataModel defines non-transient non-serializable instance field c_rootGroup
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
ST: Write to static field usda.weru.wmrm.SortIconCellRenderer.c_desc_image from instance method usda.weru.wmrm.SortIconCellRenderer.draw(Graphics, JCCellInfo, Object, boolean)
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
ST: Write to static field usda.weru.wmrm.SortIconCellRenderer.c_asc_image from instance method usda.weru.wmrm.SortIconCellRenderer.draw(Graphics, JCCellInfo, Object, boolean)
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
EI: usda.weru.wmrm.TableMeta.getRowMap() may expose internal representation by returning TableMeta.row_map
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
EI: usda.weru.wmrm.TableMeta.getColumnMap() may expose internal representation by returning TableMeta.c_columnMap
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
EI2: usda.weru.wmrm.SortIconCellRenderer.setColumns(int[]) may expose internal representation by storing an externally mutable object into SortIconCellRenderer.c_columns
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
DLS: Dead store to y in usda.weru.wmrm.SortIconCellRenderer.draw(Graphics, JCCellInfo, Object, boolean)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
LI: Incorrect lazy initialization and update of static field usda.weru.wmrm.SortIconCellRenderer.c_creator in usda.weru.wmrm.SortIconCellRenderer.draw(Graphics, JCCellInfo, Object, boolean)
This method contains an unsynchronized lazy initialization of a static field. After the field is set, the object stored into that location is further accessed. The setting of the field is visible to other threads as soon as it is set. If the futher accesses in the method that set the field serve to initialize the object, then you have a very serious multithreading bug, unless something else prevents any other thread from accessing the stored object until it is fully initialized.
EI2: usda.weru.wmrm.SortIconCellRenderer.setDirection(int[]) may expose internal representation by storing an externally mutable object into SortIconCellRenderer.c_directions
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
EI: ex1.NameDlg.getSelected() may expose internal representation by returning NameDlg.rows
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
VA: Format-string method java.io.PrintStream.printf(String, Object[]) called with format string "Started %s %s %3$tH:%3$tM:%3$tS %s " wants 3 arguments but is given 4 in usda.weru.cligen2.RunAllStations.run()
A format-string method with a variable number of arguments is called, but the number of arguments passed does not match with the number of % placeholders in the format string. This is probably not what the author intended.
VA: Format-string method java.io.PrintStream.printf(String, Object[]) called with format string "Skipped %s %s %3$tH:%3$tM:%3$tS %s " wants 3 arguments but is given 4 in usda.weru.cligen2.RunAllStations.run()
A format-string method with a variable number of arguments is called, but the number of arguments passed does not match with the number of % placeholders in the format string. This is probably not what the author intended.
UG: usda.weru.erosion.PictureChooser$PictureButton.getImageFile() is unsynchronized, usda.weru.erosion.PictureChooser$PictureButton.setImageFile(File) is synchronized
This class contains similarly-named get and set methods where the set method is synchronized and the get method is not. This may result in incorrect behavior at runtime, as callers of the get method will not necessarily see a consistent state for the object. The get method should be made synchronized.
NP: Load of known null value in usda.weru.erosion.Erosion.configureDefaultLoggers(File, Exception)
The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.
MS: usda.weru.mcrew.ConfigData.hasManTempSaveAsDir should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
EI: usda.weru.erosion.WindDisp.getWindTimes() may expose internal representation by returning WindDisp.windTimes
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
MS: usda.weru.cligen2.interp.Interpolate.testSD should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
MS: usda.weru.cligen2.interp.Interpolate.TMAX_AV should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
DP: usda.weru.erosion.ConfigPanel.getHelpSet(String) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
MS: usda.weru.cligen2.interp.Interpolate.testSeries should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
UwF: Unwritten field: usda.weru.mcrew.ConfigData.calibColLabelIdx
This field is never written. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.
WMI: Method usda.weru.mcrew.ConfigData.initialize(Hashtable) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
DB: Method new usda.weru.mcrew.ConfigData$CellStyle(Node) uses the same code for two branches
This method uses the same code to implement two branches of a conditional branch. Check to ensure that this isn't a coding mistake.
UR: Uninitialized read of c_localStyle in new usda.weru.mcrew.ConfigData$CellStyle(Node)
This constructor reads a field which has not yet been assigned a value. This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.
MS: usda.weru.mcrew.ConfigData.kDisplayUnit should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
MS: usda.weru.mcrew.ConfigData.kFixedColumns should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
MS: usda.weru.mcrew.ConfigData.returnFlg should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
NP: Possible null pointer dereference of paramName in usda.weru.mcrew.ConfigData.getColumnLabels()
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
UuF: Unused field: usda.weru.mcrew.ConfigData$ColumnDefn.mColumnLabel
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$ColumnDefn.mColumnNum
This field is never used. Consider removing it from the class.
DLS: Dead store to a1 in usda.weru.mcrew.ConfigData$DataObjectDefn.initialize(Node)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to s1 in usda.weru.mcrew.ConfigData$DataObjectDefn.initialize(Node)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
UrF: Unread field: usda.weru.mcrew.ConfigData$ChoiceList.c_prompt
This field is never read. Consider removing it from the class.
UrF: Unread field: usda.weru.mcrew.ConfigData$ColumnDefn.mDisplay
This field is never read. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$ColumnDefn.mCellStyle
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$ColumnDefn.mColumnDataObject
This field is never used. Consider removing it from the class.
Nm: The field name usda.weru.mcrew.CropDlg.BackGroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
DLS: Dead store to paramVec in usda.weru.mcrew.CropDlg.populateTabs()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mTagName
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mObjectName
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mLangFile
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mDisplayFile
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mDefnFile
This field is never used. Consider removing it from the class.
UuF: Unused field: usda.weru.mcrew.ConfigData$DataObjectDefn.mDBdir
This field is never used. Consider removing it from the class.
SIC: Should usda.weru.mcrew.CropDlg$ParamChanger be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
SIC: Should usda.weru.mcrew.CropDlg$NotesCrop be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
EI: usda.weru.mcrew.CropDlg$ButtonEditor.getReservedKeys() may expose internal representation by returning CropDlg$ButtonEditor.keys
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
Nm: The field name usda.weru.mcrew.CropDlg.SelectedForegroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.CropDlg.SelectedBackgroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.CropDlg.SecondaryForegroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.CropDlg.SecondaryBackgroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.CropDlg.ForegroundColor doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
DLS: Dead store to row in usda.weru.mcrew.CropDlg$ParamJCTable$1.dataChanged(JCTableDataEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
SIC: Should usda.weru.mcrew.CropDlg$ParamTableCSHManager be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
RCN: Nullcheck of valueAttribute at line 1410 of value previously dereferenced in usda.weru.mcrew.CropDlg$ParamJCTable.saveDataSource(CropObject)
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
DLS: Dead store to col in usda.weru.mcrew.CropDlg$ParamJCTable$1.dataChanged(JCTableDataEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to numCols in usda.weru.mcrew.CropDlg$ParamJCTable.setData(CropObject)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to numCols in usda.weru.mcrew.CropDlg$ParamJCTable.setDataTab(CropObject, Vector)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to numCols in usda.weru.mcrew.CropDlg$ParamJCTable.saveDataSource(CropObject)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to numCols in usda.weru.mcrew.CropDlg$ParamJCTable.saveTabDataSource(CropObject, Vector)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to size in usda.weru.mcrew.DisplayCalendar.setVisible(boolean)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
ICAST: int division result cast to double or float in usda.weru.mcrew.DisplayCalendar.setColumnWidths()
This code casts the result of an integer division operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example: int x = 2; int y = 5; // Wrong: yields result 0.0 double value1 = x / y; // Right: yields result 0.4 double value2 = x / (double) y;
DLS: Dead store to dax in new usda.weru.mcrew.DisplayCalendar(JFrame, GregorianCalendar)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to bounds in usda.weru.mcrew.DisplayCalendar.setVisible(boolean)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
EI: usda.weru.mcrew.CropMeta.getParameters() may expose internal representation by returning CropMeta.mParameters
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
DE: usda.weru.mcrew.DisplayCalendar.main(String[]) might ignore java.lang.Exception
This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the method.
EI: usda.weru.mcrew.CropMeta.getCropCatAndParams() may expose internal representation by returning CropMeta.cropCatAndParams
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
EI: usda.weru.mcrew.CropMeta.getCropDisCatAndVal() may expose internal representation by returning CropMeta.cropDisCatAndVal
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
EI: usda.weru.mcrew.FileDropDown.getReservedKeys() may expose internal representation by returning FileDropDown.KEY_MODIFIERS
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
ICAST: int division result cast to double or float in usda.weru.mcrew.DisplayCalendar.setRowHeights()
This code casts the result of an integer division operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example: int x = 2; int y = 5; // Wrong: yields result 0.0 double value1 = x / y; // Right: yields result 0.4 double value2 = x / (double) y;
Se: usda.weru.mcrew.FindReplacePanel$2 stored into non-transient field FindReplacePanel.cancelbut
A non-serializable value is stored into a non-transient field of a serializable class.
MS: usda.weru.mcrew.FileDropDown.KEY_MODIFIERS should be both final and package protected
A mutable static field could be changed by malicious code or by accident from another package. The field could be made package protected and/or made final to avoid this vulnerability.
BC: Equals method for usda.weru.mcrew.Identity assumes the argument is of type Identity
The
Se: usda.weru.mcrew.FindReplacePanel$1 stored into non-transient field FindReplacePanel.okbut
A non-serializable value is stored into a non-transient field of a serializable class.
Bx: Method usda.weru.mcrew.Identity.toString() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.Identity.getNode(Document) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.ImTableModel.getValueAt(int, int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
NP: usda.weru.mcrew.Identity.equals(Object) does not check for null argument
This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.
DLS: Dead store to yr in usda.weru.mcrew.JulianDay.set(int, double)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Bx: Method usda.weru.mcrew.JulianCalendar.toString() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
DLS: Dead store to maxYear in usda.weru.mcrew.ManageData.cycleBackward(int)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to minYear in usda.weru.mcrew.ManageData.checkRotationYears()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to maxYear in usda.weru.mcrew.ManageData.cycleForward(int)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to minYear in usda.weru.mcrew.ManageData.cycleBackward(int)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to minYear in usda.weru.mcrew.ManageData.cycleForward(int)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Bx: Method usda.weru.mcrew.ManageData.checkEmptyRows() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.ManageData.checkIfAllDatesPresent() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.ManageData.writeManFile(String, ManageData$WriteFileMode) invokes inefficient new Character(char) constructor; use Character.valueOf(char) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.ManageData.writeManFile(String, ManageData$WriteFileMode) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.ManageData.writeXMLFile(String, ManageData$WriteFileMode) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
MS: usda.weru.mcrew.ManageData.mwepsmanfilenoteslines should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
RV: usda.weru.mcrew.ManageData.writeDataFile(String, ManageData$WriteFileMode) ignores exceptional return value of java.io.File.mkdirs()
This method returns a value that is not checked. The return value should be checked
since it can indication an unusual or unexpected function execution. For
example, the
SBSC: Method usda.weru.mcrew.ManageData.prettyConcat(String, String) concatenates strings using + in a loop
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration. Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly. For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
}
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
buf.append(field[i]);
}
String s = buf.toString();
SBSC: Method usda.weru.mcrew.ManageData.readManFile(String) concatenates strings using + in a loop
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration. Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly. For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
}
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
buf.append(field[i]);
}
String s = buf.toString();
SBSC: Method usda.weru.mcrew.ManageData.writeManFile(String, ManageData$WriteFileMode) concatenates strings using + in a loop
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration. Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly. For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
}
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i) {
buf.append(field[i]);
}
String s = buf.toString();
UPM: Private method usda.weru.mcrew.ManageData.writeManFile(String) is never called
This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.
UPM: Private method usda.weru.mcrew.ManageData.writeXMLFile(String) is never called
This private method is never called. Although it is possible that the method will be invoked through reflection, it is more likely that the method is never used, and should be removed.
NP: Method call in usda.weru.mcrew.Mcrew.ManToSkelRec_actionPerformed(ActionEvent) passes null for unconditionally dereferenced parameter of convertToManOrSkelRec(String, String, Vector, int, ManageData$WriteFileMode)
This method call passes a null value to a method which might dereference it unconditionally.
NP: Method call in usda.weru.mcrew.Mcrew.SkelToManRec_actionPerformed(ActionEvent) passes null for unconditionally dereferenced parameter of convertToManOrSkelRec(String, String, Vector, int, ManageData$WriteFileMode)
This method call passes a null value to a method which might dereference it unconditionally.
EI: usda.weru.mcrew.MyArrayEditor.getCellEditorValue() may expose internal representation by returning MyArrayEditor.c_newValues
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
DLS: Dead store to numCols in usda.weru.mcrew.OperationDlg$ActionJCTable.setData(Action)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to numCols in usda.weru.mcrew.OperationDlg$ActionJCTable.saveDataSource()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
EI: usda.weru.mcrew.MyDateCellEditor.getReservedKeys() may expose internal representation by returning MyDateCellEditor.reservedKeys
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
NP: Load of known null value in usda.weru.mcrew.MyCheckBoxCellEditor.initialize(AWTEvent, JCCellInfo, Object)
The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.
SIC: Should usda.weru.mcrew.OperationDlg$NotesOperation be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
SIC: Should usda.weru.mcrew.OperationDlg$ActionTableCSHManager be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
DLS: Dead store to row in usda.weru.mcrew.OperationDlg$ActionJCTable$1.dataChanged(JCTableDataEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to col in usda.weru.mcrew.OperationDlg$ActionJCTable$1.dataChanged(JCTableDataEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
MS: usda.weru.mcrew.ParameterMeta.kMaximumFractionDigits isn't final but should be
A mutable static field could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
NP: Possible null pointer dereference of Parameter.mParameter in usda.weru.mcrew.Parameter.setValue(Object)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
RCN: Nullcheck of pAction at line 163 of value previously dereferenced in usda.weru.mcrew.OperationMeta.addAction(ActionMeta)
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
EI2: new usda.weru.mcrew.OperationMeta(Hashtable, String) may expose internal representation by storing an externally mutable object into OperationMeta.mActions
This code stores a reference to an externally mutable object into the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Storing a copy of the object is better approach in many situations.
EI: usda.weru.mcrew.RowInfo.getAllDataObjects() may expose internal representation by returning RowInfo.mDataObjectTable
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
DLS: Dead store to oldCropName in usda.weru.mcrew.RowInfo.addDataObject(String, DataObject)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
BC: Unchecked/unconfirmed cast from usda.weru.mcrew.DataObject to usda.weru.mcrew.OperationObject in usda.weru.mcrew.RowInfo.addDataObject(String, DataObject)
This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.
BC: Unchecked/unconfirmed cast from usda.weru.mcrew.DataObject to usda.weru.mcrew.CropObject in usda.weru.mcrew.RowInfo.addDataObject(String, DataObject)
This cast is unchecked, and not all instances of the type casted from can be cast to the type it is being cast to. Ensure that your program logic ensures that this cast will not fail.
DLS: Dead store to result in usda.weru.mcrew.SkelImportPanel.loadRUSLE2TranslationTable()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Se: usda.weru.mcrew.SkelImportPanel$1 stored into non-transient field SkelImportPanel.cancelAll
A non-serializable value is stored into a non-transient field of a serializable class.
Eq: usda.weru.mcrew.RowInfo defines compareTo(RowInfo) and uses Object.equals()
This class defines a From the JavaDoc for the compareTo method in the Comparable interface:
It is strongly recommended, but not strictly required that
UR: Uninitialized read of mDataObjectTable in new usda.weru.mcrew.RowInfo(JulianCalendar, DataObject)
This constructor reads a field which has not yet been assigned a value. This is often caused when the programmer mistakenly uses the field instead of one of the constructor's parameters.
Se: usda.weru.mcrew.SkelImportPanel$5 stored into non-transient field SkelImportPanel.replaceLoc
A non-serializable value is stored into a non-transient field of a serializable class.
Se: usda.weru.mcrew.SkelImportPanel$2 stored into non-transient field SkelImportPanel.skipped
A non-serializable value is stored into a non-transient field of a serializable class.
Se: usda.weru.mcrew.SkelImportPanel$3 stored into non-transient field SkelImportPanel.ok
A non-serializable value is stored into a non-transient field of a serializable class.
Se: usda.weru.mcrew.SkelImportPanel$4 stored into non-transient field SkelImportPanel.replace
A non-serializable value is stored into a non-transient field of a serializable class.
SIC: Should usda.weru.mcrew.SkelImportPanel$OprnCropFilter be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
Bx: Method usda.weru.mcrew.SkeletonUpdater.readWEPSManBrief(String) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
DLS: Dead store to lastRow in usda.weru.mcrew.SkelImportPanel$4.actionPerformed(ActionEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to lastRow in usda.weru.mcrew.SkelImportPanel$5.actionPerformed(ActionEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
RV: usda.weru.mcrew.SkeletonUpdater.writeSkeletonXMLFile(String) ignores exceptional return value of java.io.File.mkdirs()
This method returns a value that is not checked. The return value should be checked
since it can indication an unusual or unexpected function execution. For
example, the
Bx: Primitive value is boxed then unboxed to perform primative coercion in usda.weru.mcrew.Table.adjustDirection()
A primitive boxed value constructed and then immediately converted into a different primitive type
(e.g.,
NP: Possible null pointer dereference in usda.weru.mcrew.SkeletonUpdater.readWEPSManBrief(String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
NP: Possible null pointer dereference in usda.weru.mcrew.SkeletonUpdater.readWEPSManBrief(String) due to return value of called method
A reference value which is null on some exception control path is
dereferenced here. This may lead to a
NP: usda.weru.mcrew.Table$CompareRange.equals(Object) does not check for null argument
This implementation of equals(Object) violates the contract defined by java.lang.Object.equals() because it does not check for null being passed as the argument. All equals() methods should return false if passed a null value.
SIC: Should usda.weru.mcrew.Table$CompareRange be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
UrF: Unread field: usda.weru.mcrew.Table$MyMouseAdapter.cnt
This field is never read. Consider removing it from the class.
MS: usda.weru.mcrew.XMLConstants.XMLDescriptionfiles should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
Bx: Method usda.weru.mcrew.Table.adjustDirection() invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.Table.incrDecrDir(int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
Bx: Method usda.weru.mcrew.Table.setAbsoluteDirection(int) invokes inefficient new Integer(int) constructor; use Integer.valueOf(int) instead
Using
Values between -128 and 127 are guaranteed to have corresponding cached instances
and using
Unless the class must be compatible with JVMs predating Java 1.5,
use either autoboxing or the
BC: Equals method for usda.weru.mcrew.Table$CompareRange assumes the argument is of type Table$CompareRange
The
DLS: Dead store to startRow in usda.weru.mcrew.Table.afterSelect(JCSelectEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to jccr in usda.weru.mcrew.Table.cutRows()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to jccr in usda.weru.mcrew.Table.isOneRowSelected(String)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to rowCnt in usda.weru.mcrew.Table.pasteRows()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Bx: Primitive value is boxed then unboxed to perform primative coercion in usda.weru.mcrew.Table.incrDecrDir(int)
A primitive boxed value constructed and then immediately converted into a different primitive type
(e.g.,
DLS: Dead store to dirPath in usda.weru.mcrew.Table.addColumnData(File)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to fileExtension in usda.weru.mcrew.Table.addColumnData(File)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
DLS: Dead store to endRow in usda.weru.mcrew.Table.afterSelect(JCSelectEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.AboutJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
MS: usda.weru.mcrew.gui.Mcrew_n.UndoDeleteJMI should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ConfigurationJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ColumnOptionsJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.CropDlg_n.ParamPanel doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.CropDlg_n.CancelButton doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
DLS: Dead store to menuBarHeight in usda.weru.mcrew.gui.Mcrew_n.addNotify()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Nm: The field name usda.weru.mcrew.gui.CropDlg_n.SaveAsJButton doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
UrF: Unread field: usda.weru.mcrew.XMLManagementUpdater.substNamesLong
This field is never read. Consider removing it from the class.
UrF: Unread field: usda.weru.mcrew.XMLManagementUpdater.missingNames
This field is never read. Consider removing it from the class.
SIC: Should usda.weru.mcrew.XMLManagementUpdater$XMLFileFilter be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
UrF: Unread field: usda.weru.mcrew.XMLManagementUpdater.substNamesShort
This field is never read. Consider removing it from the class.
DLS: Dead store to basedir in usda.weru.mcrew.XMLManagementUpdater.doRecursion(String, boolean, String)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
MS: usda.weru.mcrew.XMLDoc.defaultDTDfiles should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
UrF: Unread field: usda.weru.mcrew.XMLManagementUpdater.fileshort
This field is never read. Consider removing it from the class.
UrF: Unread field: usda.weru.mcrew.XMLManagementUpdater.filelong
This field is never read. Consider removing it from the class.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.NotesJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.OpenCTJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.InsertJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.NewJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.HelpJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.HelpJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ExitJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.FileJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.EditJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.EmailJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.CycleFwdJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.DeleteJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.CutJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.CycleBwdJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ConfigureJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.CopyJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
EI: usda.weru.soil.IFC.getToolTipText(int) may expose internal representation by returning IFC.layerList
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
EI: usda.weru.soil.IFC.getToolTipText(int) may expose internal representation by returning IFC.idList
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
Nm: The field name usda.weru.mcrew.gui.OperationDlg_n.DateField doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ViewJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.UpdateWepsJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.UpdateRecJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.UpdateFilesJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.UndoDeleteJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.ToolsJM doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.SortJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.SaveJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.SaveAsTJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.SaveAsJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.PrintJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.PasteJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
Nm: The field name usda.weru.mcrew.gui.Mcrew_n.OpenJMI doesn't start with a lower case letter
Names of fields that are not final should be in mixed case with a lowercase first letter and the first letters of subsequent words capitalized.
RCN: Nullcheck of rootFile at line 251 of value previously dereferenced in usda.weru.soil.SoilTreeModel.getFriendlyName(File, File)
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
SIC: Should usda.weru.soil.SoilTreeModel$IFCFileFilter be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
IS: Inconsistent synchronization of usda.weru.util.ConfigData.c_mainConfig; locked 75% of time
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe. You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization. Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct. This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.
IS: Inconsistent synchronization of usda.weru.util.ConfigData$ConfigStorage.c_data; locked 60% of time
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe. You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization. Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct. This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.
Se: usda.weru.util.FileTreeNode$DefaultComparator implements Comparator but not Serializable
This class implements the
DP: usda.weru.util.Help.loadJar(String, String) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
REC: Exception is caught when Exception is not thrown in usda.weru.util.Help.loadDirectory(String)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
Se: usda.weru.util.LazyTree$LoadingNode$1 stored into non-transient field LazyTree$LoadingNode.c_nodeTask
A non-serializable value is stored into a non-transient field of a serializable class.
EI: usda.weru.soil.IFC.getToolTipText(int) may expose internal representation by returning IFC.surfaceList
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
SIC: Should usda.weru.soil.IfcSoilDatabase$IfcNode be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
SIC: Should usda.weru.soil.IfcSoilDatabase$NodeComparator be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
UwF: Unwritten field: usda.weru.soil.JdbcSoilDatabase.c_indexer
This field is never written. All reads of it will return the default value. Check for errors (should it have been initialized?), or remove it if it is useless.
ODR: usda.weru.soil.JdbcSoilDatabase$DatabaseNode.addNotify() may fail to close java.sql.Statement
The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.
ODR: usda.weru.soil.JdbcSoilDatabase$LegendNode.addNotify() may fail to close java.sql.Statement
The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.
ODR: usda.weru.soil.JdbcSoilDatabase$MapUnitNode.addNotify() may fail to close java.sql.Statement
The method creates a database resource (such as a database connection or row set), does not assign it to any fields, pass it to other methods, or return it, and does not appear to close the object on all paths out of the method. Failure to close database resources on all paths out of a method may result in poor performance, and could cause the application to have problems communicating with the database.
SIC: Should usda.weru.soil.JdbcSoilDatabase$NodeComparator be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
DLS: Dead store to jcpage in usda.weru.util.WEPSPrintPreviewer.actionPerformed(ActionEvent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
RV: usda.weru.util.Util.copyFile(File, File) ignores exceptional return value of java.io.File.mkdirs()
This method returns a value that is not checked. The return value should be checked
since it can indication an unusual or unexpected function execution. For
example, the
EI: usda.weru.util.WepsMessage.getTimestamp() may expose internal representation by returning WepsMessage.c_timestamp
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
ST: Write to static field usda.weru.util.WepsFileChooser.newFlg from instance method new usda.weru.util.WepsFileChooser(int, String, int)
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
SC: new usda.weru.util.WindGenStationDisplay(String, String) invokes Thread.start()
The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.
LI: Incorrect lazy initialization and update of static field usda.weru.util.WindGenDisp.staList in usda.weru.util.WindGenDisp.loadData(String)
This method contains an unsynchronized lazy initialization of a static field. After the field is set, the object stored into that location is further accessed. The setting of the field is visible to other threads as soon as it is set. If the futher accesses in the method that set the field serve to initialize the object, then you have a very serious multithreading bug, unless something else prevents any other thread from accessing the stored object until it is fully initialized.
NP: Possible null pointer dereference of dirB in usda.weru.util.diff.listbuilders.FileListBuilder.buildDirectoryList(File, File)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
NP: Possible null pointer dereference of dirA in usda.weru.util.diff.listbuilders.FileListBuilder.buildDirectoryList(File, File)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
WMI: Method usda.weru.util.Table.colorRows(Hashtable, int, int, int) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
ICAST: int division result cast to double or float in usda.weru.util.PrinterHelper.createParamMap(RepSumPanel, RepSimPanel)
This code casts the result of an integer division operation to double or float. Doing division on integers truncates the result to the integer value closest to zero. The fact that the result was cast to double suggests that this precision should have been retained. What was probably meant was to cast one or both of the operands to double before performing the division. Here is an example: int x = 2; int y = 5; // Wrong: yields result 0.0 double value1 = x / y; // Right: yields result 0.4 double value2 = x / (double) y;
WMI: Method usda.weru.util.Table.parseHeaders(Hashtable, String) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
WMI: Method usda.weru.util.Table.getColumnWidths(int, Hashtable) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
DLS: Dead store to fm in usda.weru.util.Util.adjustLabelWidth(JComponent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
WMI: Method usda.weru.util.Table.setColumnStyles(Hashtable, JCTable, int, int, int) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
MS: usda.weru.util.Util.debugFlg isn't final but should be
A mutable static field could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
DLS: Dead store to text in usda.weru.util.Util.adjustLabelWidth(JComponent)
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
Se: Class usda.weru.util.table.test.Data defines non-transient non-serializable instance field c_meta
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
DP: usda.weru.weps.BarDialog.getHelpSet(String) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
Nm: The method name usda.weru.util.table.WepsTable.YtoRow(int) doesn't start with a lower case letter
Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.
EI: usda.weru.util.table.WepsTableMeta.getLabelMatrix() may expose internal representation by returning WepsTableMeta.c_labelMatrix
Returning a reference to a mutable object value stored in one of the object's fields exposes the internal representation of the object. If instances are accessed by untrusted code, and unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. Returning a new copy of the object is better approach in many situations.
NP: Method call in usda.weru.weps.BarPanel.selectBarrierType(ItemEvent) passes null for unconditionally dereferenced parameter of java.util.Hashtable.containsKey(Object)
This method call passes a null value to a method which might dereference it unconditionally.
RCN: Nullcheck of Barrier.name at line 87 of value previously dereferenced in usda.weru.weps.Barrier.equals(Object)
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
REC: Exception is caught when Exception is not thrown in usda.weru.weps.BarDialog.getHelpSet(String)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
NP: Method call in usda.weru.weps.BarPanel.JB_detail_actionPerformed(ActionEvent) passes null for unconditionally dereferenced parameter of new BarDialog(Frame, String, String, Barrier, PropertyChangeSupport, String, String)
This method call passes a null value to a method which might dereference it unconditionally.
NP: Possible null pointer dereference of dirB in usda.weru.util.diff.listbuilders.RunDirectoryListBuilder.buildList(DiffEngine, WepsFileListBuilder$RunDirectory, WepsFileListBuilder$RunDirectory)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
Se: Class usda.weru.util.table.CellStyle defines non-transient non-serializable instance field c_meta
This Serializable class defines a non-primitive instance field which is neither transient,
Serializable, or
NP: a could be null and is guaranteed to be dereferenced in usda.weru.util.diff.listbuilders.ObjectListBuilder.test(Class, Object, Object)
There is a statement or branch that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions).
NP: Possible null pointer dereference of dirA in usda.weru.util.diff.listbuilders.RunDirectoryListBuilder.buildList(DiffEngine, WepsFileListBuilder$RunDirectory, WepsFileListBuilder$RunDirectory)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
IS: Inconsistent synchronization of usda.weru.util.table.WepsTable.c_parseListeners; locked 66% of time
The fields of this class appear to be accessed inconsistently with respect to synchronization. This bug report indicates that the bug pattern detector judged that
A typical bug matching this bug pattern is forgetting to synchronize one of the methods in a class that is intended to be thread-safe. You can select the nodes labeled "Unsynchronized access" to show the code locations where the detector believed that a field was accessed without synchronization. Note that there are various sources of inaccuracy in this detector; for example, the detector cannot statically detect all situations in which a lock is held. Also, even when the detector is accurate in distinguishing locked vs. unlocked accesses, the code in question may still be correct. This description refers to the "IS2" version of the pattern detector, which has more accurate ways of detecting locked vs. unlocked accesses than the older "IS" detector.
Nm: The method name usda.weru.util.table.WepsTable.XtoColumn(int) doesn't start with a lower case letter
Methods should be verbs, in mixed case with the first letter lowercase, with the first letter of each internal word capitalized.
MF: Field WepsPrintTable.cellAreaHandler masks field in superclass com.klg.jclass.table.JCTable
This class defines a field with the same name as a visible instance field in a superclass. This is confusing, and may indicate an error if methods update or access one of the fields when they wanted the other.
SIC: Should usda.weru.util.table.WepsPrintTable$WepsPrintCellAreaHandler be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the object which created it. This reference makes the instances of the class larger, and may keep the reference to the creator object alive longer than necessary. If possible, the class should be made static.
Dm: usda.weru.weps.Weps$LoadCP.createProj() invokes System.exit(...), which shuts down the entire virtual machine
Invoking System.exit shuts down the entire Java virtual machine. This should only been done when it is appropriate. Such calls make it hard or impossible for your code to be invoked by other code. Consider throwing a RuntimeException instead.
NP: Method call in usda.weru.weps.Weps$3.accept(File) passes null for unconditionally dereferenced parameter of java.util.Date.after(Date)
This method call passes a null value to a method which might dereference it unconditionally.
Se: usda.weru.weps.Weps$4 stored into non-transient field Weps.fileWatcher
A non-serializable value is stored into a non-transient field of a serializable class.
NP: Possible null pointer dereference of current in usda.weru.weps.Weps.makeProjDir()
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
RCN: Nullcheck of hs at line 155 of value previously dereferenced in usda.weru.weps.reports.DetailReport.initCSH()
A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.
Dm: usda.weru.weps.reports.CropSummary.makeSummaryVector(Vector, String) invokes inefficient new String(String) constructor
Using the
Dm: new usda.weru.weps.reports.CropSummary(String, String, String, boolean, ConfigData) invokes inefficient new String(String) constructor
Using the
Se: usda.weru.weps.WindCliStation implements Comparator but not Serializable
This class implements the
WMI: Method usda.weru.weps.RunFileData.readRunData(String) makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
ST: Write to static field usda.weru.weps.RunFileData.CurProj from instance method usda.weru.weps.RunFileData.propertyChange(PropertyChangeEvent)
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
NP: Possible null pointer dereference of root in usda.weru.weps.RunFileData.readRunData(String)
There is a branch of statement that, if executed, guarantees that
a null value will be dereferenced, which
would generate a
DP: usda.weru.weps.ConfigPanel.getHelpSet(String) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block
This code creates a classloader, which requires a security manager. If this code will be granted security permissions, but might be invoked by code that does not have security permissions, then the classloader creation needs to occur inside a doPrivileged block.
NP: Load of known null value in usda.weru.weps.Weps.configureDefaultLoggers(File, Exception)
The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was nonnull.
Dm: usda.weru.weps.Weps.propertyChange(PropertyChangeEvent) invokes inefficient new String(String) constructor
Using the
NP: Possible null pointer dereference of outout in usda.weru.weps.RunProgram.run() on exception path
A reference value which is null on some exception control path is
dereferenced here. This may lead to a Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.
Dm: Method usda.weru.weps.RunProgram.displayCalibReport(File, String) invokes toString() method on a String
Calling
DLS: Dead store to menuBarHeight in usda.weru.mcrew.gui.Mcrew_n.addNotify()
This instruction assigns a value to a local variable, but the value is not read by any subsequent instruction. Often, this indicates an error, because the value computed is never used. Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
NP: a could be null and is guaranteed to be dereferenced in usda.weru.util.diff.listbuilders.ObjectListBuilder.test(Class, Object, Object)
There is a statement or branch that if executed guarantees that a value is null at this point, and that value that is guaranteed to be dereferenced (except on forward paths involving runtime exceptions).
|
| Hudson ver. 1.229 |
