SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is low
Effort is max
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 66 | 21 | 0 | 0 |
Files
io.github.rose.security.SecurityProperties
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.SecurityProperties.DEFAULT_PATH_TO_SKIP should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 33 | Medium |
io.github.rose.security.rest.mfa.DefaultMfaSettingService
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Switch statement found in io.github.rose.security.rest.mfa.DefaultMfaSettingService.lambda$getAvailableTwoFaProviders$4(MfaConfig) where default case is missing | STYLE | SF_SWITCH_NO_DEFAULT | 125-133 | Medium |
| Private method io.github.rose.security.rest.mfa.DefaultMfaSettingService.setProviders(Collection) is never called | PERFORMANCE | UPM_UNCALLED_PRIVATE_METHOD | 78-81 | Low |
| Unread field: io.github.rose.security.rest.mfa.DefaultMfaSettingService.securityProperties | PERFORMANCE | URF_UNREAD_FIELD | 59 | Low |
io.github.rose.security.rest.mfa.MfaAuthenticationToken
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.MfaAuthenticationToken is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 24-25 | Low |
io.github.rose.security.rest.mfa.config.BackupCodeMfaConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.config.BackupCodeMfaConfig is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 25-63 | Low |
| Private method io.github.rose.security.rest.mfa.config.BackupCodeMfaConfig.getCodesLeft() is never called | PERFORMANCE | UPM_UNCALLED_PRIVATE_METHOD | 46-49 | Low |
| BackupCodeMfaConfig.codes not initialized in constructor and dereferenced in io.github.rose.security.rest.mfa.config.BackupCodeMfaConfig.getCodesForJson() | STYLE | UWF_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR | 38 | Low |
io.github.rose.security.rest.mfa.config.EmailMfaConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.config.EmailMfaConfig is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 22-43 | Low |
io.github.rose.security.rest.mfa.config.SmsMfaConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.config.SmsMfaConfig is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 22-43 | Low |
io.github.rose.security.rest.mfa.config.TotpMfaConfig
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.config.TotpMfaConfig is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 22-43 | Low |
io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.checkVerificationCode(SecurityUser, String, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 60 | Medium |
| Possible null pointer dereference in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.checkVerificationCode(SecurityUser, String, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 61 | Medium |
| Possible null pointer dereference in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.checkVerificationCode(SecurityUser, String, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 68 | Medium |
| Possible null pointer dereference in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.checkVerificationCode(SecurityUser, String, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 74 | Medium |
| Possible null pointer dereference in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.prepareVerificationCode(SecurityUser, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 48 | Medium |
| Redundant nullcheck of correctVerificationCode, which is known to be non-null in io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider.checkVerificationCode(SecurityUser, String, OtpBasedMfaProviderConfig, OtpBasedMfaConfig) | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 63 | Low |
io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider$Otp
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.rest.mfa.provider.impl.OtpBasedMfaProvider$Otp is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 89-104 | Low |
io.github.rose.security.rest.token.AbstractRestAuthenticationToken
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Overridable method eraseCredentials is called from constructor new io.github.rose.security.rest.token.AbstractRestAuthenticationToken(SecurityUser). | MALICIOUS_CODE | MC_OVERRIDABLE_METHOD_CALL_IN_CONSTRUCTOR | 37 | Low |
io.github.rose.security.support.IpAuthenticationDetailSource$RestAuthenticationDetail
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.support.IpAuthenticationDetailSource$RestAuthenticationDetail is Serializable; consider declaring a serialVersionUID | BAD_PRACTICE | SE_NO_SERIALVERSIONID | 40-50 | Low |
io.github.rose.security.util.SecurityUser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| io.github.rose.security.util.SecurityUser doesn't override org.springframework.security.core.userdetails.User.equals(Object) | STYLE | EQ_DOESNT_OVERRIDE_EQUALS | 1 | Medium |