IPMI Java Client 1.2.01
-
Home
- Project Documentation Project Reports 10
SpotBugs Bug Detector Report
The following document contains the results of SpotBugs[1]
SpotBugs Version is 4.9.2
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 286 | 228 | 0 | 0 |
Files
org.metricshub.ipmi.client.IpmiClientConfiguration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.client.IpmiClientConfiguration.getBmcKey() may expose internal representation by returning IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 145[3] | Medium |
| org.metricshub.ipmi.client.IpmiClientConfiguration.getPassword() may expose internal representation by returning IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 124[4] | Medium |
| new org.metricshub.ipmi.client.IpmiClientConfiguration(String, String, char[], byte[], boolean, long) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 55[6] | Medium |
| new org.metricshub.ipmi.client.IpmiClientConfiguration(String, String, char[], byte[], boolean, long) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 54[7] | Medium |
| org.metricshub.ipmi.client.IpmiClientConfiguration.setBmcKey(byte[]) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 156[8] | Medium |
| org.metricshub.ipmi.client.IpmiClientConfiguration.setPassword(char[]) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 134[9] | Medium |
org.metricshub.ipmi.client.model.Fru
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.client.model.Fru.getFruLocator() may expose internal representation by returning Fru.fruLocator | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 55[10] | Medium |
| org.metricshub.ipmi.client.model.Fru.getFruRecords() may expose internal representation by returning Fru.fruRecords | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 63[11] | Medium |
| new org.metricshub.ipmi.client.model.Fru(FruDeviceLocatorRecord, List) may expose internal representation by storing an externally mutable object into Fru.fruLocator | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 46[12] | Medium |
| new org.metricshub.ipmi.client.model.Fru(FruDeviceLocatorRecord, List) may expose internal representation by storing an externally mutable object into Fru.fruRecords | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 47[13] | Medium |
org.metricshub.ipmi.client.model.Sensor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.client.model.Sensor.getData() may expose internal representation by returning Sensor.data | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 58[14] | Medium |
| org.metricshub.ipmi.client.model.Sensor.getRecord() may expose internal representation by returning Sensor.sensorRecord | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 54[15] | Medium |
| new org.metricshub.ipmi.client.model.Sensor(SensorRecord, GetSensorReadingResponseData, String) may expose internal representation by storing an externally mutable object into Sensor.data | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 49[16] | Medium |
| new org.metricshub.ipmi.client.model.Sensor(SensorRecord, GetSensorReadingResponseData, String) may expose internal representation by storing an externally mutable object into Sensor.sensorRecord | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 48[17] | Medium |
org.metricshub.ipmi.client.runner.GetFrusRunner
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.client.runner.GetFrusRunner.getFruRecords(int) might ignore java.lang.Exception | BAD_PRACTICE | DE_MIGHT_IGNORE[18] | 225[19] | Medium |
org.metricshub.ipmi.core.api.async.ConnectionHandle
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.api.async.ConnectionHandle.getRemoteAddress() may expose internal representation by returning ConnectionHandle.remoteAddress | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 70[20] | Medium |
| new org.metricshub.ipmi.core.api.async.ConnectionHandle(int, InetAddress, int) may expose internal representation by storing an externally mutable object into ConnectionHandle.remoteAddress | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 45[21] | Medium |
org.metricshub.ipmi.core.api.async.InboundSolMessageListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 59[22] | Medium |
| new org.metricshub.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.connector | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 58[23] | Medium |
| new org.metricshub.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.eventListeners | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 60[24] | Medium |
org.metricshub.ipmi.core.api.async.IpmiAsyncConnector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "retries" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 157[26] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.async.IpmiAsyncConnector at new org.metricshub.ipmi.core.api.async.IpmiAsyncConnector(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 109[28] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.async.IpmiAsyncConnector at new org.metricshub.ipmi.core.api.async.IpmiAsyncConnector(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 150[29] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.async.IpmiAsyncConnector at new org.metricshub.ipmi.core.api.async.IpmiAsyncConnector(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 131[30] | Medium |
org.metricshub.ipmi.core.api.async.messages.IpmiError
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.api.async.messages.IpmiError.getException() may expose internal representation by returning IpmiError.exception | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 37[31] | Medium |
| new org.metricshub.ipmi.core.api.async.messages.IpmiError(Exception, int, ConnectionHandle) may expose internal representation by storing an externally mutable object into IpmiError.exception | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 42[32] | Medium |
org.metricshub.ipmi.core.api.async.messages.IpmiResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.api.async.messages.IpmiResponse.getHandle() may expose internal representation by returning IpmiResponse.handle | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 43[33] | Medium |
| new org.metricshub.ipmi.core.api.async.messages.IpmiResponse(int, ConnectionHandle) may expose internal representation by storing an externally mutable object into IpmiResponse.handle | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 55[34] | Medium |
org.metricshub.ipmi.core.api.sol.SerialOverLan
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "maxPayloadSize" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 221[35] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.sol.SerialOverLan at new org.metricshub.ipmi.core.api.sol.SerialOverLan(IpmiConnector, String, int, String, String, CipherSuiteSelectionHandler) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 104[36] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.sol.SerialOverLan at new org.metricshub.ipmi.core.api.sol.SerialOverLan(IpmiConnector, String, String, String, CipherSuiteSelectionHandler) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 129[37] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.sol.SerialOverLan at new org.metricshub.ipmi.core.api.sol.SerialOverLan(IpmiConnector, Session) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 145[38] | Medium |
| Found reliance on default encoding in org.metricshub.ipmi.core.api.sol.SerialOverLan.readString(int): new String(byte[]) | I18N | DM_DEFAULT_ENCODING[39] | 499[40] | High |
| Found reliance on default encoding in org.metricshub.ipmi.core.api.sol.SerialOverLan.writeString(String): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 376[41] | High |
| new org.metricshub.ipmi.core.api.sol.SerialOverLan(IpmiConnector, Session) may expose internal representation by storing an externally mutable object into SerialOverLan.connector | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 143[42] | Medium |
org.metricshub.ipmi.core.api.sync.IpmiConnector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.api.sync.IpmiConnector at new org.metricshub.ipmi.core.api.sync.IpmiConnector(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 93[43] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.sync.IpmiConnector at new org.metricshub.ipmi.core.api.sync.IpmiConnector(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 125[44] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.api.sync.IpmiConnector at new org.metricshub.ipmi.core.api.sync.IpmiConnector(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 109[45] | Medium |
org.metricshub.ipmi.core.api.sync.MessageListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.api.sync.MessageListener(ConnectionHandle) may expose internal representation by storing an externally mutable object into MessageListener.handle | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 70[46] | Medium |
| Inconsistent synchronization of org.metricshub.ipmi.core.api.sync.MessageListener.tag; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC[47] | 89[48] | Medium |
org.metricshub.ipmi.core.coding.DecoderRunner
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "nextRecId" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 328[49] | Medium |
| Shared primitive variable "cssrcv" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 479[50] | Medium |
| Shared primitive variable "lock" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 495[51] | Medium |
| Shared primitive variable "managedSeqNum" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 565[52] | Medium |
| Shared primitive variable "nextRecId" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 776[53] | Medium |
| Shared primitive variable "reservation" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 743[54] | Medium |
| Possible null pointer dereference of data in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 521[56] | Medium |
| Possible null pointer dereference of data10 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 899[57] | Medium |
| Possible null pointer dereference of data11 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 928[58] | Medium |
| Possible null pointer dereference of data12 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 958[59] | Medium |
| Possible null pointer dereference of data13 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 995[60] | Medium |
| Possible null pointer dereference of data14 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 1026[61] | Medium |
| Possible null pointer dereference of data2 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 556[62] | Medium |
| Possible null pointer dereference of data3 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 591[63] | Medium |
| Possible null pointer dereference of data4 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 619[64] | Medium |
| Possible null pointer dereference of data5 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 645[65] | Medium |
| Possible null pointer dereference of data6 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 713[66] | Medium |
| Possible null pointer dereference of data7 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 741[67] | Medium |
| Possible null pointer dereference of data8 in org.metricshub.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION[55] | 772[68] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.cssrec from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 453[70] | High |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.cssrcv from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 479[50] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.lock from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 495[51] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.managedSeqNum from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 565[52] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.nextRecId from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 776[53] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.r1rd from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 589[71] | Medium |
| Write to static field org.metricshub.ipmi.core.coding.DecoderRunner.reservation from instance method org.metricshub.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 743[54] | Medium |
org.metricshub.ipmi.core.coding.PayloadCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.PayloadCoder at new org.metricshub.ipmi.core.coding.PayloadCoder() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 80[72] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.PayloadCoder at new org.metricshub.ipmi.core.coding.PayloadCoder(IpmiVersion, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 86[73] | Medium |
org.metricshub.ipmi.core.coding.commands.IpmiCommandCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| instanceof will always return true for all non-null values in org.metricshub.ipmi.core.coding.commands.IpmiCommandCoder.isCommandResponse(IpmiMessage), since all org.metricshub.ipmi.core.coding.payload.IpmiPayload are instances of org.metricshub.ipmi.core.coding.payload.IpmiPayload | STYLE | BC_VACUOUS_INSTANCEOF[74] | 69[75] | Medium |
org.metricshub.ipmi.core.coding.commands.chassis.GetChassisStatus
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.chassis.GetChassisStatus at new org.metricshub.ipmi.core.coding.commands.chassis.GetChassisStatus(IpmiVersion, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 65[76] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo at new org.metricshub.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo(IpmiVersion, CipherSuite, AuthenticationType, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 69[77] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.ReadFruData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.ReadFruData at new org.metricshub.ipmi.core.coding.commands.fru.ReadFruData(int, BaseUnit, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 86[78] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.ReadFruData at new org.metricshub.ipmi.core.coding.commands.fru.ReadFruData(IpmiVersion, CipherSuite, AuthenticationType, int, BaseUnit, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 131[79] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.ReadFruDataResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.fru.ReadFruDataResponseData.getFruData() may expose internal representation by returning ReadFruDataResponseData.fruData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 41[80] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.ReadFruDataResponseData.setFruData(byte[]) may expose internal representation by storing an externally mutable object into ReadFruDataResponseData.fruData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 37[81] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo.getCodeRangeMasks() may expose internal representation by returning BaseCompatibilityInfo.codeRangeMasks | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 104[82] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo.setCodeRangeMasks(byte[]) may expose internal representation by storing an externally mutable object into BaseCompatibilityInfo.codeRangeMasks | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 108[83] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo at new org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 68[84] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.getCustomBoardInfo() may expose internal representation by returning BoardInfo.customBoardInfo | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 224[85] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.getFruFileId() may expose internal representation by returning BoardInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 216[86] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.getMfgDate() may expose internal representation by returning BoardInfo.mfgDate | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 176[87] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.setCustomBoardInfo(String[]) may expose internal representation by storing an externally mutable object into BoardInfo.customBoardInfo | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 228[88] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.setFruFileId(byte[]) may expose internal representation by storing an externally mutable object into BoardInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 220[89] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.BoardInfo.setMfgDate(Date) may expose internal representation by storing an externally mutable object into BoardInfo.mfgDate | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 180[90] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.record.ChassisInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.record.ChassisInfo at new org.metricshub.ipmi.core.coding.commands.fru.record.ChassisInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 56[91] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.ChassisInfo.getCustomChassisInfo() may expose internal representation by returning ChassisInfo.customChassisInfo | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 140[92] | Medium |
| Useless condition: it's known that partDataLength != 0 at this point | STYLE | UC_USELESS_CONDITION[93] | 96[94] | High |
org.metricshub.ipmi.core.coding.commands.fru.record.ManagementAccessInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in new org.metricshub.ipmi.core.coding.commands.fru.record.ManagementAccessInfo(byte[], int, int): new String(byte[]) | I18N | DM_DEFAULT_ENCODING[39] | 57[95] | High |
org.metricshub.ipmi.core.coding.commands.fru.record.OemInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.fru.record.OemInfo.getOemData() may expose internal representation by returning OemInfo.oemData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 72[96] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.OemInfo.setOemData(byte[]) may expose internal representation by storing an externally mutable object into OemInfo.oemData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 76[97] | Medium |
org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo at new org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 66[98] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo.getCustomProductInfo() may expose internal representation by returning ProductInfo.customProductInfo | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 216[99] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo.getFruFileId() may expose internal representation by returning ProductInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 208[100] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo.setCustomProductInfo(String[]) may expose internal representation by storing an externally mutable object into ProductInfo.customProductInfo | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 220[101] | Medium |
| org.metricshub.ipmi.core.coding.commands.fru.record.ProductInfo.setFruFileId(byte[]) may expose internal representation by storing an externally mutable object into ProductInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 212[102] | Medium |
org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupport
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupport at new org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupport(byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 68[103] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupport at new org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupport(byte, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 86[104] | Medium |
org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupportResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.payload.GetChannelPayloadSupportResponseData.getSupportedPayloads() may expose internal representation by returning GetChannelPayloadSupportResponseData.supportedPayloads | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 74[105] | Medium |
org.metricshub.ipmi.core.coding.commands.sdr.GetSdrResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sdr.GetSdrResponseData.getSensorRecordData() may expose internal representation by returning GetSdrResponseData.sensorRecordData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 61[106] | Medium |
| org.metricshub.ipmi.core.coding.commands.sdr.GetSdrResponseData.setSensorRecordData(byte[]) may expose internal representation by storing an externally mutable object into GetSdrResponseData.sensorRecordData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 52[107] | Medium |
org.metricshub.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.getRaw() may expose internal representation by returning GetSensorReadingResponseData.raw | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 100[108] | Medium |
| org.metricshub.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.setRaw(byte[]) may expose internal representation by storing an externally mutable object into GetSensorReadingResponseData.raw | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 104[109] | Medium |
| org.metricshub.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.setStatesAsserted(boolean[]) may expose internal representation by storing an externally mutable object into GetSensorReadingResponseData.statesAsserted | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 129[110] | Medium |
org.metricshub.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord.getDeviceGuid() may expose internal representation by returning ManagementControllerConfirmationRecord.deviceGuid | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 168[111] | Medium |
| org.metricshub.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord.setDeviceGuid(byte[]) may expose internal representation by storing an externally mutable object into ManagementControllerConfirmationRecord.deviceGuid | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 172[112] | Medium |
org.metricshub.ipmi.core.coding.commands.sdr.record.OemRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sdr.record.OemRecord.getOemData() may expose internal representation by returning OemRecord.oemData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 64[113] | Medium |
| org.metricshub.ipmi.core.coding.commands.sdr.record.OemRecord.setOemData(byte[]) may expose internal representation by storing an externally mutable object into OemRecord.oemData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 68[114] | Medium |
org.metricshub.ipmi.core.coding.commands.sel.GetSelEntryResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sel.GetSelEntryResponseData.getSelRecord() may expose internal representation by returning GetSelEntryResponseData.selRecord | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 55[115] | Medium |
| org.metricshub.ipmi.core.coding.commands.sel.GetSelEntryResponseData.setSelRecord(SelRecord) may expose internal representation by storing an externally mutable object into GetSelEntryResponseData.selRecord | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 51[116] | Medium |
org.metricshub.ipmi.core.coding.commands.sel.GetSelInfoResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sel.GetSelInfoResponseData.getAdditionTimestamp() may expose internal representation by returning GetSelInfoResponseData.additionTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 64[117] | Medium |
| org.metricshub.ipmi.core.coding.commands.sel.GetSelInfoResponseData.getEraseTimestamp() may expose internal representation by returning GetSelInfoResponseData.eraseTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 72[118] | Medium |
| org.metricshub.ipmi.core.coding.commands.sel.GetSelInfoResponseData.setAdditionTimestamp(Date) may expose internal representation by storing an externally mutable object into GetSelInfoResponseData.additionTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 68[119] | Medium |
| org.metricshub.ipmi.core.coding.commands.sel.GetSelInfoResponseData.setEraseTimestamp(Date) may expose internal representation by storing an externally mutable object into GetSelInfoResponseData.eraseTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 76[120] | Medium |
org.metricshub.ipmi.core.coding.commands.sel.SelRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.sel.SelRecord.getTimestamp() may expose internal representation by returning SelRecord.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 112[121] | Medium |
| org.metricshub.ipmi.core.coding.commands.sel.SelRecord.setTimestamp(Date) may expose internal representation by storing an externally mutable object into SelRecord.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 116[122] | Medium |
org.metricshub.ipmi.core.coding.commands.session.CloseSession
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.CloseSession at new org.metricshub.ipmi.core.coding.commands.session.CloseSession(IpmiVersion, CipherSuite, AuthenticationType, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 65[123] | Medium |
org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 108[124] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities(IpmiVersion, IpmiVersion, CipherSuite) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 132[125] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities(IpmiVersion, IpmiVersion, CipherSuite, PrivilegeLevel, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 164[126] | Medium |
org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData.getAuthenticationTypes() may expose internal representation by returning GetChannelAuthenticationCapabilitiesResponseData.authenticationTypes | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 114[127] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData.setAuthenticationTypes(Collection) may expose internal representation by storing an externally mutable object into GetChannelAuthenticationCapabilitiesResponseData.authenticationTypes | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 110[128] | Medium |
org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuites
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuites at new org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuites(byte, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 108[129] | Medium |
org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData.getCipherSuiteData() may expose internal representation by returning GetChannelCipherSuitesResponseData.cipherSuiteData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 49[130] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData.setCipherSuiteData(byte[]) may expose internal representation by storing an externally mutable object into GetChannelCipherSuitesResponseData.cipherSuiteData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 45[131] | Medium |
org.metricshub.ipmi.core.coding.commands.session.Rakp1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.commands.session.Rakp1 at new org.metricshub.ipmi.core.coding.commands.session.Rakp1(int, PrivilegeLevel, String, String, byte[], CipherSuite) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 179[132] | Medium |
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp1.calculateSik(Rakp1ResponseData): new String(byte[]) | I18N | DM_DEFAULT_ENCODING[39] | 408[133] | High |
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp1.calculateSik(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 402[134] | High |
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp1.prepareKeyExchangeAuthenticationCodeBase(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 376[135] | High |
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp1.preparePayload(int): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 252[136] | High |
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp1.prepareSikBase(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 435[137] | High |
| org.metricshub.ipmi.core.coding.commands.session.Rakp1.getBmcKey() may expose internal representation by returning Rakp1.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 143[138] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.Rakp1.getConsoleRandomNumber() may expose internal representation by returning Rakp1.consoleRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 135[139] | Medium |
org.metricshub.ipmi.core.coding.commands.session.Rakp1ResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.commands.session.Rakp1ResponseData.getManagedSystemGuid() may expose internal representation by returning Rakp1ResponseData.managedSystemGuid | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 72[140] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.Rakp1ResponseData.getManagedSystemRandomNumber() may expose internal representation by returning Rakp1ResponseData.managedSystemRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 80[141] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.Rakp1ResponseData.setManagedSystemGuid(byte[]) may expose internal representation by storing an externally mutable object into Rakp1ResponseData.managedSystemGuid | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 68[142] | Medium |
| org.metricshub.ipmi.core.coding.commands.session.Rakp1ResponseData.setManagedSystemRandomNumber(byte[]) may expose internal representation by storing an externally mutable object into Rakp1ResponseData.managedSystemRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 76[143] | Medium |
org.metricshub.ipmi.core.coding.commands.session.Rakp3
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.commands.session.Rakp3.prepareKeyExchangeAuthenticationCodeBase(Rakp1, Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 233[144] | High |
| new org.metricshub.ipmi.core.coding.commands.session.Rakp3(byte, int, CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 136[145] | Medium |
| new org.metricshub.ipmi.core.coding.commands.session.Rakp3(byte, int, CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 137[146] | Medium |
| new org.metricshub.ipmi.core.coding.commands.session.Rakp3(CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 102[147] | Medium |
| new org.metricshub.ipmi.core.coding.commands.session.Rakp3(CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 103[148] | Medium |
org.metricshub.ipmi.core.coding.payload.IpmiPayload
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.payload.IpmiPayload.getData() may expose internal representation by returning IpmiPayload.data | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 43[149] | Medium |
| org.metricshub.ipmi.core.coding.payload.IpmiPayload.getEncryptedPayload() may expose internal representation by returning IpmiPayload.encryptedPayload | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 54[150] | Medium |
| org.metricshub.ipmi.core.coding.payload.IpmiPayload.setData(byte[]) may expose internal representation by storing an externally mutable object into IpmiPayload.data | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 39[151] | Medium |
org.metricshub.ipmi.core.coding.payload.lan.IpmiLanRequest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.payload.lan.IpmiLanRequest at new org.metricshub.ipmi.core.coding.payload.lan.IpmiLanRequest(NetworkFunction, byte, byte[], byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 46[152] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.coding.payload.lan.IpmiLanRequest at new org.metricshub.ipmi.core.coding.payload.lan.IpmiLanRequest(NetworkFunction, byte, byte[], byte, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 67[153] | Medium |
org.metricshub.ipmi.core.coding.payload.lan.IpmiLanResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.payload.lan.IpmiLanResponse at new org.metricshub.ipmi.core.coding.payload.lan.IpmiLanResponse(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 58[154] | Medium |
org.metricshub.ipmi.core.coding.payload.sol.SolInboundStatusField
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.payload.sol.SolInboundStatusField.getStatuses() may expose internal representation by returning SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 93[155] | Medium |
| new org.metricshub.ipmi.core.coding.payload.sol.SolInboundStatusField(Set) may expose internal representation by storing an externally mutable object into SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 53[156] | Medium |
| new org.metricshub.ipmi.core.coding.payload.sol.SolInboundStatusField(SolAckState, Set) may expose internal representation by storing an externally mutable object into SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 66[157] | Medium |
org.metricshub.ipmi.core.coding.payload.sol.SolOutboundOperationField
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.payload.sol.SolOutboundOperationField.getOperations() may expose internal representation by returning SolOutboundOperationField.operations | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 82[158] | Medium |
| new org.metricshub.ipmi.core.coding.payload.sol.SolOutboundOperationField(SolAckState, Set) may expose internal representation by storing an externally mutable object into SolOutboundOperationField.operations | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 55[159] | Medium |
org.metricshub.ipmi.core.coding.protocol.IpmiMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.protocol.IpmiMessage.getAuthCode() may expose internal representation by returning IpmiMessage.authCode | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 78[160] | Medium |
| org.metricshub.ipmi.core.coding.protocol.IpmiMessage.getPayload() may expose internal representation by returning IpmiMessage.payload | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 91[161] | Medium |
| org.metricshub.ipmi.core.coding.protocol.IpmiMessage.setAuthCode(byte[]) may expose internal representation by storing an externally mutable object into IpmiMessage.authCode | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 74[162] | Medium |
| org.metricshub.ipmi.core.coding.protocol.IpmiMessage.setPayload(IpmiPayload) may expose internal representation by storing an externally mutable object into IpmiMessage.payload | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 87[163] | Medium |
org.metricshub.ipmi.core.coding.protocol.decoder.ProtocolDecoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| payload could be null and is guaranteed to be dereferenced in org.metricshub.ipmi.core.coding.protocol.decoder.ProtocolDecoder.decodePayload(byte[], int, int, ConfidentialityAlgorithm, PayloadType) | CORRECTNESS | NP_GUARANTEED_DEREF[164] | 197[165] | Medium |
org.metricshub.ipmi.core.coding.rmcp.RmcpMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.rmcp.RmcpMessage.getData() may expose internal representation by returning RmcpMessage.data | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 77[166] | Medium |
| org.metricshub.ipmi.core.coding.rmcp.RmcpMessage.setData(byte[]) may expose internal representation by storing an externally mutable object into RmcpMessage.data | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 73[167] | Medium |
org.metricshub.ipmi.core.coding.rmcp.RmcpPingMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.coding.rmcp.RmcpPingMessage at new org.metricshub.ipmi.core.coding.rmcp.RmcpPingMessage(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 42[168] | Medium |
org.metricshub.ipmi.core.coding.security.AuthenticationAlgorithm
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.metricshub.ipmi.core.coding.security.AuthenticationAlgorithm.getKeyExchangeAuthenticationCode(byte[], String): String.getBytes() | I18N | DM_DEFAULT_ENCODING[39] | 102[169] | High |
org.metricshub.ipmi.core.coding.security.ConfidentialityAesCbc128
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.security.ConfidentialityAesCbc128.CONST2 should be package protected | MALICIOUS_CODE | MS_PKGPROTECT[170] | 42[171] | Medium |
org.metricshub.ipmi.core.coding.security.ConfidentialityAlgorithm
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.security.ConfidentialityAlgorithm.initialize(byte[], AuthenticationAlgorithm) may expose internal representation by storing an externally mutable object into ConfidentialityAlgorithm.sik | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 53[172] | Medium |
| Unread public/protected field: org.metricshub.ipmi.core.coding.security.ConfidentialityAlgorithm.sik | STYLE | URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD[173] | 53[172] | Medium |
org.metricshub.ipmi.core.coding.security.IntegrityAlgorithm
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.security.IntegrityAlgorithm.initialize(byte[]) may expose internal representation by storing an externally mutable object into IntegrityAlgorithm.sik | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 71[174] | Medium |
| org.metricshub.ipmi.core.coding.security.IntegrityAlgorithm.CONST1 should be package protected | MALICIOUS_CODE | MS_PKGPROTECT[170] | 40[175] | Medium |
org.metricshub.ipmi.core.coding.security.IntegrityNone
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.security.IntegrityNone.initialize(byte[]) may expose internal representation by storing an externally mutable object into IntegrityNone.sik | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 41[176] | Medium |
org.metricshub.ipmi.core.coding.sol.SolCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.coding.sol.SolCoder(byte[], byte, byte, SolAckState, Set, CipherSuite) may expose internal representation by storing an externally mutable object into SolCoder.message | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 81[177] | Medium |
| new org.metricshub.ipmi.core.coding.sol.SolCoder(byte[], byte, byte, SolAckState, Set, CipherSuite) may expose internal representation by storing an externally mutable object into SolCoder.operations | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 85[178] | Medium |
org.metricshub.ipmi.core.coding.sol.SolResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.coding.sol.SolResponseData.getStatuses() may expose internal representation by returning SolResponseData.statuses | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 80[179] | Medium |
| new org.metricshub.ipmi.core.coding.sol.SolResponseData(byte, SolAckState, Set, byte) may expose internal representation by storing an externally mutable object into SolResponseData.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 67[180] | Medium |
org.metricshub.ipmi.core.common.ByteBuffer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.common.ByteBuffer at new org.metricshub.ipmi.core.common.ByteBuffer(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 54[181] | Medium |
org.metricshub.ipmi.core.common.MessageComposer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.common.MessageComposer at new org.metricshub.ipmi.core.common.MessageComposer(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 39[182] | Medium |
| org.metricshub.ipmi.core.common.MessageComposer.getMessage() may expose internal representation by returning MessageComposer.message | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 77[183] | Medium |
org.metricshub.ipmi.core.common.MessageReader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.common.MessageReader at new org.metricshub.ipmi.core.common.MessageReader(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 38[184] | Medium |
| new org.metricshub.ipmi.core.common.MessageReader(byte[]) may expose internal representation by storing an externally mutable object into MessageReader.message | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 41[185] | Medium |
org.metricshub.ipmi.core.common.PropertiesManager
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Public static org.metricshub.ipmi.core.common.PropertiesManager.getInstance() may expose internal representation by returning PropertiesManager.instance | MALICIOUS_CODE | MS_EXPOSE_REP[186] | 52[187] | Medium |
| org.metricshub.ipmi.core.common.PropertiesManager.loadProperties(String) may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION[188] | 58[189] | Medium |
org.metricshub.ipmi.core.connection.Connection
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "sessionId" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 216[190] | Medium |
| Shared primitive variable "sessionId" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 391[191] | Medium |
| Shared primitive variable "timeout" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 120[192] | Medium |
| Shared primitive variable "managedSystemSessionId" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 453[193] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.connection.Connection at new org.metricshub.ipmi.core.connection.Connection(Messenger, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 140[194] | Medium |
org.metricshub.ipmi.core.connection.ConnectionManager
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.metricshub.ipmi.core.connection.ConnectionManager at new org.metricshub.ipmi.core.connection.ConnectionManager(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 76[195] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.connection.ConnectionManager at new org.metricshub.ipmi.core.connection.ConnectionManager(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 63[196] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.connection.ConnectionManager at new org.metricshub.ipmi.core.connection.ConnectionManager(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 90[197] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.connection.ConnectionManager at new org.metricshub.ipmi.core.connection.ConnectionManager(Messenger) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 101[198] | Medium |
| Synchronization performed on java.util.concurrent.atomic.AtomicInteger in org.metricshub.ipmi.core.connection.ConnectionManager.generateSessionlessTag() | MT_CORRECTNESS | JLM_JSR166_UTILCONCURRENT_MONITORENTER[199] | 131[200] | Medium |
org.metricshub.ipmi.core.connection.MessageHandler
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.connection.MessageHandler(Connection, int, int, int) may expose internal representation by storing an externally mutable object into MessageHandler.connection | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 48[201] | Medium |
org.metricshub.ipmi.core.connection.Session
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.connection.Session.getConnectionHandle() may expose internal representation by returning Session.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 45[202] | Medium |
| new org.metricshub.ipmi.core.connection.Session(int, ConnectionHandle) may expose internal representation by storing an externally mutable object into Session.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 37[203] | Medium |
org.metricshub.ipmi.core.connection.queue.MessageQueue
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "timeout" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 71[204] | Medium |
| new org.metricshub.ipmi.core.connection.queue.MessageQueue(Connection, int, int, int) may expose internal representation by storing an externally mutable object into MessageQueue.connection | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 79[205] | Medium |
org.metricshub.ipmi.core.connection.queue.QueueElement
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.connection.queue.QueueElement.getRequest() may expose internal representation by returning QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 76[206] | Medium |
| org.metricshub.ipmi.core.connection.queue.QueueElement.getTimestamp() may expose internal representation by returning QueueElement.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 92[207] | Medium |
| new org.metricshub.ipmi.core.connection.queue.QueueElement(int, PayloadCoder) may expose internal representation by storing an externally mutable object into QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 45[208] | Medium |
| org.metricshub.ipmi.core.connection.queue.QueueElement.setRequest(PayloadCoder) may expose internal representation by storing an externally mutable object into QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 80[209] | Medium |
org.metricshub.ipmi.core.sm.StateMachine
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.StateMachine.getRemoteMachineAddress() may expose internal representation by returning StateMachine.remoteMachineAddress | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 96[210] | Medium |
| org.metricshub.ipmi.core.sm.StateMachine.start(InetAddress, int) may expose internal representation by storing an externally mutable object into StateMachine.remoteMachineAddress | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 128[211] | Medium |
org.metricshub.ipmi.core.sm.actions.ErrorAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.actions.ErrorAction.getException() may expose internal representation by returning ErrorAction.exception | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 37[212] | Medium |
| new org.metricshub.ipmi.core.sm.actions.ErrorAction(Exception) may expose internal representation by storing an externally mutable object into ErrorAction.exception | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 33[213] | Medium |
org.metricshub.ipmi.core.sm.actions.GetSikAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.actions.GetSikAction.getSik() may expose internal representation by returning GetSikAction.sik | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 36[214] | Medium |
| new org.metricshub.ipmi.core.sm.actions.GetSikAction(byte[]) may expose internal representation by storing an externally mutable object into GetSikAction.sik | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 32[215] | Medium |
org.metricshub.ipmi.core.sm.actions.MessageAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.actions.MessageAction.getIpmiv20Message() may expose internal representation by returning MessageAction.ipmiResponseData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 40[216] | Medium |
| new org.metricshub.ipmi.core.sm.actions.MessageAction(Ipmiv20Message) may expose internal representation by storing an externally mutable object into MessageAction.ipmiResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 34[217] | Medium |
org.metricshub.ipmi.core.sm.events.OpenSessionAck
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.events.OpenSessionAck.getBmcKey() may expose internal representation by returning OpenSessionAck.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 95[218] | Medium |
| new org.metricshub.ipmi.core.sm.events.OpenSessionAck(CipherSuite, PrivilegeLevel, int, int, String, String, byte[]) may expose internal representation by storing an externally mutable object into OpenSessionAck.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 79[219] | Medium |
org.metricshub.ipmi.core.sm.events.Rakp2Ack
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.events.Rakp2Ack.getRakp1ResponseData() may expose internal representation by returning Rakp2Ack.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 90[220] | Medium |
| new org.metricshub.ipmi.core.sm.events.Rakp2Ack(CipherSuite, int, byte, int, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp2Ack.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 70[221] | Medium |
org.metricshub.ipmi.core.sm.events.Sendv20Message
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.sm.events.Sendv20Message.getPayloadCoder() may expose internal representation by returning Sendv20Message.message | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 75[222] | Medium |
| new org.metricshub.ipmi.core.sm.events.Sendv20Message(PayloadCoder, int, int, int) may expose internal representation by storing an externally mutable object into Sendv20Message.message | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 56[223] | Medium |
org.metricshub.ipmi.core.sm.states.Rakp1Complete
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.sm.states.Rakp1Complete(Rakp1) may expose internal representation by storing an externally mutable object into Rakp1Complete.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 52[224] | Medium |
org.metricshub.ipmi.core.sm.states.Rakp1Waiting
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.sm.states.Rakp1Waiting(int, Rakp1) may expose internal representation by storing an externally mutable object into Rakp1Waiting.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 65[225] | Medium |
org.metricshub.ipmi.core.sm.states.Rakp3Waiting
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.sm.states.Rakp3Waiting(int, Rakp1, Rakp1ResponseData, CipherSuite) may expose internal representation by storing an externally mutable object into Rakp3Waiting.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 75[226] | Medium |
| new org.metricshub.ipmi.core.sm.states.Rakp3Waiting(int, Rakp1, Rakp1ResponseData, CipherSuite) may expose internal representation by storing an externally mutable object into Rakp3Waiting.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 76[227] | Medium |
org.metricshub.ipmi.core.transport.UdpMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.metricshub.ipmi.core.transport.UdpMessage.getAddress() may expose internal representation by returning UdpMessage.address | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 66[228] | Medium |
| org.metricshub.ipmi.core.transport.UdpMessage.getMessage() may expose internal representation by returning UdpMessage.message | MALICIOUS_CODE | EI_EXPOSE_REP[2] | 78[229] | Medium |
| org.metricshub.ipmi.core.transport.UdpMessage.setAddress(InetAddress) may expose internal representation by storing an externally mutable object into UdpMessage.address | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 74[230] | Medium |
| org.metricshub.ipmi.core.transport.UdpMessage.setMessage(byte[]) may expose internal representation by storing an externally mutable object into UdpMessage.message | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 82[231] | Medium |
org.metricshub.ipmi.core.transport.UdpMessenger
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Shared primitive variable "closing" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 168[232] | Medium |
| Shared primitive variable "bufferSize" in one thread may not yield the value of the most recent write from another thread | MT_CORRECTNESS | AT_STALE_THREAD_WRITE_OF_PRIMITIVE[25] | 107[233] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.transport.UdpMessenger at new org.metricshub.ipmi.core.transport.UdpMessenger(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 78[234] | Medium |
| Exception thrown in class org.metricshub.ipmi.core.transport.UdpMessenger at new org.metricshub.ipmi.core.transport.UdpMessenger(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW[27] | 99[235] | Medium |
| Static field "sentPackets" is modified by an instance level synchronized method. | MT_CORRECTNESS | SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA[236] | 225[237] | Medium |
| Write to static field org.metricshub.ipmi.core.transport.UdpMessenger.sentPackets from instance method new org.metricshub.ipmi.core.transport.UdpMessenger(int, InetAddress) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD[69] | 94[238] | High |
| org.metricshub.ipmi.core.transport.UdpMessenger.send(UdpMessage) calls Thread.sleep() with a lock held | MT_CORRECTNESS | SWL_SLEEP_WITH_LOCK_HELD[239] | 221[240] | Medium |
org.metricshub.ipmi.core.transport.UdpNotifier
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.metricshub.ipmi.core.transport.UdpNotifier(UdpMessage, List) may expose internal representation by storing an externally mutable object into UdpNotifier.listeners | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 34[241] | Medium |
| new org.metricshub.ipmi.core.transport.UdpNotifier(UdpMessage, List) may expose internal representation by storing an externally mutable object into UdpNotifier.message | MALICIOUS_CODE | EI_EXPOSE_REP2[5] | 33[242] | Medium |
Search Results for {{siteSearch | truncate:'50'}}
{{resultArray.length}}
No results.