Description | Category |
---|
AM: Creates an empty jar file entry | Bad practice |
AM: Creates an empty zip file entry | Bad practice |
BC: Equals method should not assume anything about the type of its argument | Bad practice |
BC: Random object created and used only once | Bad practice |
BIT: Check for sign of bitwise operation | Bad practice |
CN: Class implements Cloneable but does not define or use clone method | Bad practice |
CN: clone method does not call super.clone() | Bad practice |
CN: Class defines clone() but doesn't implement Cloneable | Bad practice |
Co: Abstract class defines covariant compareTo() method | Bad practice |
Co: Covariant compareTo() method defined | Bad practice |
DE: Method might drop exception | Bad practice |
DE: Method might ignore exception | Bad practice |
DMI: Don't use removeAll to clear a collection | Bad practice |
DP: Classloaders should only be created inside doPrivileged block | Bad practice |
DP: Method invoked that should be only be invoked inside a doPrivileged block | Bad practice |
Dm: Method invokes System.exit(...) | Bad practice |
Dm: Method invokes dangerous method runFinalizersOnExit | Bad practice |
ES: Comparison of String parameter using == or != | Bad practice |
ES: Comparison of String objects using == or != | Bad practice |
Eq: Abstract class defines covariant equals() method | Bad practice |
Eq: Equals checks for noncompatible operand | Bad practice |
Eq: Class defines compareTo(...) and uses Object.equals() | Bad practice |
Eq: equals method fails for subtypes | Bad practice |
Eq: Covariant equals() method defined | Bad practice |
FI: Empty finalizer should be deleted | Bad practice |
FI: Explicit invocation of finalizer | Bad practice |
FI: Finalizer nulls fields | Bad practice |
FI: Finalizer only nulls fields | Bad practice |
FI: Finalizer does not call superclass finalizer | Bad practice |
FI: Finalizer nullifies superclass finalizer | Bad practice |
FI: Finalizer does nothing but call superclass finalizer | Bad practice |
GC: Unchecked type in generic call | Bad practice |
HE: Class defines equals() but not hashCode() | Bad practice |
HE: Class defines equals() and uses Object.hashCode() | Bad practice |
HE: Class defines hashCode() but not equals() | Bad practice |
HE: Class defines hashCode() and uses Object.equals() | Bad practice |
HE: Class inherits equals() and uses Object.hashCode() | Bad practice |
IC: Superclass uses subclass during initialization | Bad practice |
IMSE: Dubious catching of IllegalMonitorStateException | Bad practice |
ISC: Needless instantiation of class that only supplies static methods | Bad practice |
It: Iterator next() method can't throw NoSuchElementException | Bad practice |
J2EE: Store of non serializable object into HttpSession | Bad practice |
JCIP: Fields of immutable classes should be final | Bad practice |
NP: Method with Boolean return type returns explicit null | Bad practice |
NP: Clone method may return null | Bad practice |
NP: equals() method does not check for null argument | Bad practice |
NP: toString method may return null | Bad practice |
Nm: Class names should start with an upper case letter | Bad practice |
Nm: Class is not derived from an Exception, even though it is named as such | Bad practice |
Nm: Confusing method names | Bad practice |
Nm: Field names should start with a lower case letter | Bad practice |
Nm: Use of identifier that is a keyword in later versions of Java | Bad practice |
Nm: Use of identifier that is a keyword in later versions of Java | Bad practice |
Nm: Method names should start with a lower case letter | Bad practice |
Nm: Class names shouldn't shadow simple name of implemented interface | Bad practice |
Nm: Class names shouldn't shadow simple name of superclass | Bad practice |
Nm: Very confusing method names (but perhaps intentional) | Bad practice |
Nm: Method doesn't override method in superclass due to wrong package for parameter | Bad practice |
ODR: Method may fail to close database resource | Bad practice |
ODR: Method may fail to close database resource on exception | Bad practice |
OS: Method may fail to close stream | Bad practice |
OS: Method may fail to close stream on exception | Bad practice |
RC: Suspicious reference comparison to constant | Bad practice |
RC: Suspicious reference comparison of Boolean values | Bad practice |
RR: Method ignores results of InputStream.read() | Bad practice |
RR: Method ignores results of InputStream.skip() | Bad practice |
RV: Method ignores exceptional return value | Bad practice |
SI: Static initializer creates instance before all static final fields assigned | Bad practice |
SW: Certain swing methods needs to be invoked in Swing thread | Bad practice |
Se: Non-transient non-serializable instance field in serializable class | Bad practice |
Se: Non-serializable class has a serializable inner class | Bad practice |
Se: Non-serializable value stored into instance field of a serializable class | Bad practice |
Se: Comparator doesn't implement Serializable | Bad practice |
Se: Serializable inner class | Bad practice |
Se: serialVersionUID isn't final | Bad practice |
Se: serialVersionUID isn't long | Bad practice |
Se: serialVersionUID isn't static | Bad practice |
Se: Class is Serializable but its superclass doesn't define a void constructor | Bad practice |
Se: Class is Externalizable but doesn't define a void constructor | Bad practice |
Se: The readResolve method must be declared with a return type of Object. | Bad practice |
Se: Transient field that isn't set by deserialization. | Bad practice |
SnVI: Class is Serializable, but doesn't define serialVersionUID | Bad practice |
UI: Usage of GetResource may be unsafe if class is extended | Bad practice |
BC: Impossible cast | Correctness |
BC: Impossible downcast | Correctness |
BC: Impossible downcast of toArray() result | Correctness |
BC: instanceof will always return false | Correctness |
BIT: Bitwise add of signed byte value | Correctness |
BIT: Incompatible bit masks | Correctness |
BIT: Check to see if ((...) & 0) == 0 | Correctness |
BIT: Incompatible bit masks | Correctness |
BIT: Bitwise OR of signed byte value | Correctness |
BIT: Check for sign of bitwise operation | Correctness |
BOA: Class overrides a method implemented in super class Adapter wrongly | Correctness |
BSHIFT: 32 bit int shifted by an amount not in the range 0..31 | Correctness |
Bx: Primitive value is unboxed and coerced for ternary operator | Correctness |
DLS: Dead store of class literal | Correctness |
DLS: Overwritten increment | Correctness |
DMI: Bad constant value for month | Correctness |
DMI: hasNext method invokes next | Correctness |
DMI: Collections should not contain themselves | Correctness |
DMI: Invocation of hashCode on an array | Correctness |
DMI: Double.longBitsToDouble invoked on an int | Correctness |
DMI: Vacuous call to collections | Correctness |
Dm: Can't use reflection to check for presence of annotation without runtime retention | Correctness |
Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor | Correctness |
Dm: Creation of ScheduledThreadPoolExecutor with zero core threads | Correctness |
Dm: Useless/vacuous call to EasyMock method | Correctness |
EC: equals() used to compare array and nonarray | Correctness |
EC: Invocation of equals() on an array, which is equivalent to == | Correctness |
EC: equals(...) used to compare incompatible arrays | Correctness |
EC: Call to equals() with null argument | Correctness |
EC: Call to equals() comparing unrelated class and interface | Correctness |
EC: Call to equals() comparing different interface types | Correctness |
EC: Call to equals() comparing different types | Correctness |
EC: Using pointer equality to compare different types | Correctness |
Eq: equals method always returns false | Correctness |
Eq: equals method always returns true | Correctness |
Eq: equals method compares class names rather than class objects | Correctness |
Eq: Covariant equals() method defined for enum | Correctness |
Eq: equals() method defined that doesn't override equals(Object) | Correctness |
Eq: equals() method defined that doesn't override Object.equals(Object) | Correctness |
Eq: equals method overrides equals in superclass and may not be symmetric | Correctness |
Eq: Covariant equals() method defined, Object.equals(Object) inherited | Correctness |
FE: Doomed test for equality to NaN | Correctness |
FS: Format string placeholder incompatible with passed argument | Correctness |
FS: The type of a supplied argument doesn't match format specifier | Correctness |
FS: MessageFormat supplied where printf style format expected | Correctness |
FS: More arguments are passed than are actually used in the format string | Correctness |
FS: Illegal format string | Correctness |
FS: Format string references missing argument | Correctness |
FS: No previous argument for format string | Correctness |
GC: No relationship between generic parameter and method argument | Correctness |
HE: Signature declares use of unhashable class in hashed construct | Correctness |
HE: Use of class without a hashCode() method in a hashed data structure | Correctness |
ICAST: integral value cast to double and then passed to Math.ceil | Correctness |
ICAST: int value cast to float and then passed to Math.round | Correctness |
IJU: JUnit assertion in run method will not be noticed by JUnit | Correctness |
IJU: TestCase declares a bad suite method | Correctness |
IJU: TestCase has no tests | Correctness |
IJU: TestCase defines setUp that doesn't call super.setUp() | Correctness |
IJU: TestCase implements a non-static suite method | Correctness |
IJU: TestCase defines tearDown that doesn't call super.tearDown() | Correctness |
IL: A collection is added to itself | Correctness |
IL: An apparent infinite loop | Correctness |
IL: An apparent infinite recursive loop | Correctness |
IM: Integer multiply of result of integer remainder | Correctness |
INT: Bad comparison of nonnegative value with negative constant | Correctness |
INT: Bad comparison of signed byte | Correctness |
IO: Doomed attempt to append to an object output stream | Correctness |
IP: A parameter is dead upon entry to a method but overwritten | Correctness |
MF: Class defines field that masks a superclass field | Correctness |
MF: Method defines a variable that obscures a field | Correctness |
NP: Null pointer dereference | Correctness |
NP: Null pointer dereference in method on exception path | Correctness |
NP: Method does not check for null argument | Correctness |
NP: close() invoked on a value that is always null | Correctness |
NP: Null value is guaranteed to be dereferenced | Correctness |
NP: Value is null and guaranteed to be dereferenced on exception path | Correctness |
NP: Method call passes null to a nonnull parameter | Correctness |
NP: Method may return null, but is declared @NonNull | Correctness |
NP: A known null value is checked to see if it is an instance of a type | Correctness |
NP: Possible null pointer dereference | Correctness |
NP: Possible null pointer dereference in method on exception path | Correctness |
NP: Method call passes null for nonnull parameter | Correctness |
NP: Method call passes null for nonnull parameter | Correctness |
NP: Non-virtual method call passes null for nonnull parameter | Correctness |
NP: Store of null value into field annotated NonNull | Correctness |
NP: Read of unwritten field | Correctness |
Nm: Class defines equal(Object); should it be equals(Object)? | Correctness |
Nm: Class defines hashcode(); should it be hashCode()? | Correctness |
Nm: Class defines tostring(); should it be toString()? | Correctness |
Nm: Apparent method/constructor confusion | Correctness |
Nm: Very confusing method names | Correctness |
Nm: Method doesn't override method in superclass due to wrong package for parameter | Correctness |
QBA: Method assigns boolean literal in boolean expression | Correctness |
RC: Suspicious reference comparison | Correctness |
RCN: Nullcheck of value previously dereferenced | Correctness |
RE: Invalid syntax for regular expression | Correctness |
RE: File.separator used for regular expression | Correctness |
RE: "." used for regular expression | Correctness |
RV: Random value from 0 to 1 is coerced to the integer 0 | Correctness |
RV: Bad attempt to compute absolute value of signed 32-bit hashcode | Correctness |
RV: Bad attempt to compute absolute value of signed 32-bit random integer | Correctness |
RV: Exception created and dropped rather than thrown | Correctness |
RV: Method ignores return value | Correctness |
RpC: Repeated conditional tests | Correctness |
SA: Double assignment of field | Correctness |
SA: Self assignment of field | Correctness |
SA: Self comparison of field with itself | Correctness |
SA: Nonsensical self computation involving a field (e.g., x & x) | Correctness |
SA: Self comparison of value with itself | Correctness |
SA: Nonsensical self computation involving a variable (e.g., x & x) | Correctness |
SF: Dead store due to switch statement fall through | Correctness |
SF: Dead store due to switch statement fall through to throw | Correctness |
SIC: Deadly embrace of non-static inner class and thread local | Correctness |
SIO: Unnecessary type check done using instanceof operator | Correctness |
SQL: Method attempts to access a prepared statement parameter with index 0 | Correctness |
SQL: Method attempts to access a result set field with index 0 | Correctness |
STI: Unneeded use of currentThread() call, to call interrupted() | Correctness |
STI: Static Thread.interrupted() method invoked on thread instance | Correctness |
Se: Method must be private in order for serialization to work | Correctness |
Se: The readResolve method must not be declared as a static method. | Correctness |
TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required | Correctness |
TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifier | Correctness |
TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier | Correctness |
TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is required | Correctness |
UMAC: Uncallable method defined in anonymous class | Correctness |
UR: Uninitialized read of field in constructor | Correctness |
UR: Uninitialized read of field method called from constructor of superclass | Correctness |
USELESS_STRING: Invocation of toString on an array | Correctness |
USELESS_STRING: Invocation of toString on an array | Correctness |
USELESS_STRING: Array formatted in useless way using format string | Correctness |
UwF: Field only ever set to null | Correctness |
UwF: Unwritten field | Correctness |
VA: Primitive array passed to function expecting a variable number of object arguments | Correctness |
LG: Potential lost logger changes due to weak reference in OpenJDK | Experimental |
OBL: Method may fail to clean up stream or resource | Experimental |
Dm: Consider using Locale parameterized version of invoked method | Internationalization |
EI: May expose internal representation by returning reference to mutable object | Malicious code vulnerability |
EI2: May expose internal representation by incorporating reference to mutable object | Malicious code vulnerability |
FI: Finalizer should be protected, not public | Malicious code vulnerability |
MS: May expose internal static state by storing a mutable object into a static field | Malicious code vulnerability |
MS: Field isn't final and can't be protected from malicious code | Malicious code vulnerability |
MS: Public static method may expose internal representation by returning array | Malicious code vulnerability |
MS: Field should be both final and package protected | Malicious code vulnerability |
MS: Field is a mutable array | Malicious code vulnerability |
MS: Field is a mutable Hashtable | Malicious code vulnerability |
MS: Field should be moved out of an interface and made package protected | Malicious code vulnerability |
MS: Field should be package protected | Malicious code vulnerability |
MS: Field isn't final but should be | Malicious code vulnerability |
DC: Possible double check of field | Multithreaded correctness |
DL: Synchronization on Boolean could lead to deadlock | Multithreaded correctness |
DL: Synchronization on boxed primitive could lead to deadlock | Multithreaded correctness |
DL: Synchronization on interned String could lead to deadlock | Multithreaded correctness |
DL: Synchronization on boxed primitive values | Multithreaded correctness |
Dm: Monitor wait() called on Condition | Multithreaded correctness |
Dm: A thread was created using the default empty run method | Multithreaded correctness |
ESync: Empty synchronized block | Multithreaded correctness |
IS: Inconsistent synchronization | Multithreaded correctness |
IS: Field not guarded against concurrent access | Multithreaded correctness |
JLM: Synchronization performed on Lock | Multithreaded correctness |
LI: Incorrect lazy initialization of static field | Multithreaded correctness |
LI: Incorrect lazy initialization and update of static field | Multithreaded correctness |
ML: Synchronization on field in futile attempt to guard that field | Multithreaded correctness |
ML: Method synchronizes on an updated field | Multithreaded correctness |
MSF: Mutable servlet field | Multithreaded correctness |
MWN: Mismatched notify() | Multithreaded correctness |
MWN: Mismatched wait() | Multithreaded correctness |
NN: Naked notify | Multithreaded correctness |
NP: Synchronize and null check on the same field. | Multithreaded correctness |
No: Using notify() rather than notifyAll() | Multithreaded correctness |
RS: Class's readObject() method is synchronized | Multithreaded correctness |
RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reused | Multithreaded correctness |
Ru: Invokes run on a thread (did you mean to start it instead?) | Multithreaded correctness |
SC: Constructor invokes Thread.start() | Multithreaded correctness |
SP: Method spins on field | Multithreaded correctness |
STCAL: Call to static Calendar | Multithreaded correctness |
STCAL: Call to static DateFormat | Multithreaded correctness |
STCAL: Static Calendar | Multithreaded correctness |
STCAL: Static DateFormat | Multithreaded correctness |
SWL: Method calls Thread.sleep() with a lock held | Multithreaded correctness |
TLW: Wait with two locks held | Multithreaded correctness |
UG: Unsynchronized get method, synchronized set method | Multithreaded correctness |
UL: Method does not release lock on all paths | Multithreaded correctness |
UL: Method does not release lock on all exception paths | Multithreaded correctness |
UW: Unconditional wait | Multithreaded correctness |
VO: A volatile reference to an array doesn't treat the array elements as volatile | Multithreaded correctness |
WL: Sychronization on getClass rather than class literal | Multithreaded correctness |
WS: Class's writeObject() method is synchronized but nothing else is | Multithreaded correctness |
Wa: Condition.await() not in loop | Multithreaded correctness |
Wa: Wait not in loop | Multithreaded correctness |
Bx: Primitive value is boxed and then immediately unboxed | Performance |
Bx: Primitive value is boxed then unboxed to perform primitive coercion | Performance |
Bx: Method allocates a boxed primitive just to call toString | Performance |
Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead | Performance |
Bx: Method invokes inefficient Number constructor; use static valueOf instead | Performance |
Dm: The equals and hashCode methods of URL are blocking | Performance |
Dm: Maps and sets of URLs can be performance hogs | Performance |
Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead | Performance |
Dm: Explicit garbage collection; extremely dubious except in benchmarking code | Performance |
Dm: Method allocates an object, only to get the class object | Performance |
Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer | Performance |
Dm: Method invokes inefficient new String(String) constructor | Performance |
Dm: Method invokes toString() method on a String | Performance |
Dm: Method invokes inefficient new String() constructor | Performance |
HSC: Huge string constants is duplicated across multiple class files | Performance |
ITA: Method uses toArray() with zero-length array argument | Performance |
SBSC: Method concatenates strings using + in a loop | Performance |
SIC: Should be a static inner class | Performance |
SIC: Could be refactored into a named static inner class | Performance |
SIC: Could be refactored into a static inner class | Performance |
SS: Unread field: should this field be static? | Performance |
UM: Method calls static Math class method on a constant value | Performance |
UPM: Private method is never called | Performance |
UrF: Unread field | Performance |
UuF: Unused field | Performance |
WMI: Inefficient use of keySet iterator instead of entrySet iterator | Performance |
Dm: Hardcoded constant database password | Security |
Dm: Empty database password | Security |
HRS: HTTP cookie formed from untrusted input | Security |
HRS: HTTP Response splitting vulnerability | Security |
SQL: Nonconstant string passed to execute method on an SQL statement | Security |
SQL: A prepared statement is generated from a nonconstant String | Security |
XSS: JSP reflected cross site scripting vulnerability | Security |
XSS: Servlet reflected cross site scripting vulnerability | Security |
XSS: Servlet reflected cross site scripting vulnerability | Security |
BC: Questionable cast to abstract collection | Dodgy |
BC: Questionable cast to concrete collection | Dodgy |
BC: Unchecked/unconfirmed cast | Dodgy |
BC: instanceof will always return true | Dodgy |
BSHIFT: Unsigned right shift cast to short/byte | Dodgy |
CI: Class is final but declares protected field | Dodgy |
DB: Method uses the same code for two branches | Dodgy |
DB: Method uses the same code for two switch clauses | Dodgy |
DLS: Dead store to local variable | Dodgy |
DLS: Useless assignment in return statement | Dodgy |
DLS: Dead store of null to local variable | Dodgy |
DMI: Code contains a hard coded reference to an absolute pathname | Dodgy |
DMI: Non serializable object written to ObjectOutput | Dodgy |
DMI: Invocation of substring(0), which returns the original value | Dodgy |
Dm: Thread passed where Runnable expected | Dodgy |
Eq: Class doesn't override equals in superclass | Dodgy |
Eq: Unusual equals method | Dodgy |
FE: Test for floating point equality | Dodgy |
FS: Non-Boolean argument formatted using %b format specifier | Dodgy |
IA: Ambiguous invocation of either an inherited or outer method | Dodgy |
IC: Initialization circularity | Dodgy |
ICAST: integral division result cast to double or float | Dodgy |
ICAST: Result of integer multiplication cast to long | Dodgy |
IM: Computation of average could overflow | Dodgy |
IM: Check for oddness that won't work for negative numbers | Dodgy |
INT: Integer remainder modulo 1 | Dodgy |
INT: Vacuous comparison of integer value | Dodgy |
MTIA: Class extends Servlet class and uses instance variables | Dodgy |
MTIA: Class extends Struts Action class and uses instance variables | Dodgy |
NP: Dereference of the result of readLine() without nullcheck | Dodgy |
NP: Immediate dereference of the result of readLine() | Dodgy |
NP: Load of known null value | Dodgy |
NP: Possible null pointer dereference due to return value of called method | Dodgy |
NP: Possible null pointer dereference on path that might be infeasible | Dodgy |
NP: Parameter must be nonnull but is marked as nullable | Dodgy |
NS: Potentially dangerous use of non-short-circuit logic | Dodgy |
NS: Questionable use of non-short-circuit logic | Dodgy |
PZLA: Consider returning a zero length array rather than null | Dodgy |
QF: Complicated, subtle or wrong increment in for-loop | Dodgy |
RCN: Redundant comparison of non-null value to null | Dodgy |
RCN: Redundant comparison of two null values | Dodgy |
RCN: Redundant nullcheck of value known to be non-null | Dodgy |
RCN: Redundant nullcheck of value known to be null | Dodgy |
REC: Exception is caught when Exception is not thrown | Dodgy |
RI: Class implements same interface as superclass | Dodgy |
RV: Method checks to see if result of String.indexOf is positive | Dodgy |
RV: Method discards result of readLine after checking if it is nonnull | Dodgy |
RV: Remainder of hashCode could be negative | Dodgy |
RV: Remainder of 32-bit signed random integer | Dodgy |
SA: Double assignment of local variable | Dodgy |
SA: Self assignment of local variable | Dodgy |
SF: Switch statement found where one case falls through to the next case | Dodgy |
SF: Switch statement found where default case is missing | Dodgy |
ST: Write to static field from instance method | Dodgy |
Se: private readResolve method not inherited by subclasses | Dodgy |
Se: Transient field of class that isn't Serializable. | Dodgy |
TQ: Explicit annotation inconsistent with use | Dodgy |
TQ: Explicit annotation inconsistent with use | Dodgy |
UCF: Useless control flow | Dodgy |
UCF: Useless control flow to next line | Dodgy |
UwF: Field not initialized in constructor | Dodgy |
XFB: Method directly allocates a specific implementation of xml interfaces | Dodgy |