This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting
+ This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow an HTTP response splitting
vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting
for more information.
SpotBugs looks only for the most blatant, obvious cases of HTTP response splitting.
@@ -2053,7 +2053,7 @@ consider using a commercial static analysis or pen-testing tool.
HTTP parameter directly written to HTTP header output in {1}
This code directly writes an HTTP parameter to an HTTP header, which allows for a HTTP response splitting
+ This code directly writes an HTTP parameter to an HTTP header, which allows for an HTTP response splitting
vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting
for more information.
SpotBugs looks only for the most blatant, obvious cases of HTTP response splitting.
@@ -3779,7 +3779,7 @@ Thus, having a mutable instance field generally creates race conditions.
This code seems to be using non-short-circuit logic (e.g., &
or |)
rather than short-circuit logic (&& or ||). In addition,
-it seem possible that, depending on the value of the left hand side, you might not
+it seems possible that, depending on the value of the left hand side, you might not
want to evaluate the right hand side (because it would have side effects, could cause an exception
or could be expensive.
@@ -3840,7 +3840,7 @@ Language Specification for details.
will only give up one lock and the notify will be unable to get both locks,
and thus the notify will not succeed.
If there is also a warning about a two lock wait, the
- probably of a bug is quite high.
+ probability of a bug is quite high.
]]>
@@ -4318,7 +4318,7 @@ could be changed by malicious code or
-An inner class is invoking a method that could be resolved to either a inherited method or a method defined in an outer class.
+An inner class is invoking a method that could be resolved to either an inherited method or a method defined in an outer class.
For example, you invoke foo(17), which is defined in both a superclass and in an outer method.
By the Java semantics,
it will be resolved to invoke the inherited method, but this may not be what
@@ -5099,7 +5099,7 @@ dereferencing this value will generate a null pointer exception.
This field is never initialized within any constructor, and is therefore could be null after
the object is constructed. Elsewhere, it is loaded and dereferenced without a null check.
-This could be a either an error or a questionable design, since
+This could be either an error or a questionable design, since
it means a null pointer exception will be generated if that field is dereferenced
before being initialized.
@@ -5324,9 +5324,9 @@ is important or acceptable.
Return value of {2.givenClass} ignored, but method has no side effect
This code calls a method and ignores the return value. However our analysis shows that
+This code calls a method and ignores the return value. However, our analysis shows that
the method (including its implementations in subclasses if any) does not produce any effect
-other than return value. Thus this call can be removed.
+other than return value. Thus, this call can be removed.
We are trying to reduce the false positives as much as possible, but in some cases this warning might be wrong.
Common false-positive cases include:
@@ -5927,7 +5927,7 @@ different types. The result of this comparison will always be false at runtime.
This method calls equals(Object) on two references of different
class types and analysis suggests they will be to objects of different classes
at runtime. Further, examination of the equals methods that would be invoked suggest that either
-this call will always return false, or else the equals method is not be symmetric (which is
+this call will always return false, or else the equals method is not symmetric (which is
a property required by the contract
for equals in class Object).
@@ -6890,7 +6890,7 @@ less confusing to explicitly check pointer equality using ==.
-This method invokes the .equals(Object o) to compare two arrays, but the arrays of
+This method invokes the .equals(Object o) to compare two arrays, but the arrays
of incompatible types (e.g., String[] and StringBuffer[], or String[] and int[]).
They will never be equal. In addition, when equals(...) is used to compare arrays it
only checks to see if they are the same array, and ignores the contents of the arrays.
@@ -7326,7 +7326,7 @@ just use the constant. Methods detected are:
reference). Client classes that use this class, may, in addition, use an instance of this class
as a synchronizing object. Because two classes are using the same object for synchronization,
Multithread correctness is suspect. You should not synchronize nor call semaphore methods on
- a public reference. Consider using a internal private member variable to control synchronization.
+ a public reference. Consider using an internal private member variable to control synchronization.
]]>
@@ -7654,7 +7654,7 @@ better to do a null test rather than an instanceof test.
-This cast is unchecked, and not all instances of the type casted from can be cast to
+This cast is unchecked, and not all instances of the type cast from can be cast to
the type it is being cast to. Check that your program logic ensures that this
cast will not fail.
@@ -9004,7 +9004,7 @@ Using floating-point variables should not be used as loop counters, as they are
Assertion validates method argument at {1}. If assertions are disabled, there won't be any argument validation.
Asssertions must not be used to validate arguments of public methods because the validations are
+ Assertions must not be used to validate arguments of public methods because the validations are
not performed if assertions are disabled.
diff --git a/spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java b/spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
index 9229111950b..69bb9fd4ac2 100644
--- a/spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
+++ b/spotbugs/src/main/java/edu/umd/cs/findbugs/detect/FindOverridableMethodCall.java
@@ -59,16 +59,16 @@ private static class CallerInfo {
}
// For methods called using the standard way
- private static final Map callerConstructors = new HashMap<>();
- private static final Map callerClones = new HashMap<>();
- private static final Map callsToOverridable = new HashMap<>();
- private static final MultiMap callerToCalleeMap = new MultiMap<>(ArrayList.class);
- private static final MultiMap calleeToCallerMap = new MultiMap<>(ArrayList.class);
+ private final Map callerConstructors = new HashMap<>();
+ private final Map callerClones = new HashMap<>();
+ private final Map callsToOverridable = new HashMap<>();
+ private final MultiMap callerToCalleeMap = new MultiMap<>(ArrayList.class);
+ private final MultiMap calleeToCallerMap = new MultiMap<>(ArrayList.class);
// For methods called using method references
- private static final Map refCallerConstructors = new HashMap<>();
- private static final Map refCallerClones = new HashMap<>();
- private static final MultiMap refCalleeToCallerMap = new MultiMap<>(ArrayList.class);
+ private final Map refCallerConstructors = new HashMap<>();
+ private final Map refCallerClones = new HashMap<>();
+ private final MultiMap refCalleeToCallerMap = new MultiMap<>(ArrayList.class);
private final BugAccumulator bugAccumulator;
@@ -303,7 +303,7 @@ private boolean checkAndRecordCallBetweenNonOverridableMethods(XMethod caller, X
}
private XMethod getIndirectlyCalledOverridable(XMethod caller) {
- return getIndirectlyCalledOverridable(caller, new HashSet());
+ return getIndirectlyCalledOverridable(caller, new HashSet<>());
}
private XMethod getIndirectlyCalledOverridable(XMethod caller, Set visited) {
@@ -334,7 +334,7 @@ private CallerInfo getIndirectCallerClone(XMethod callee) {
}
private CallerInfo getIndirectCallerSpecial(XMethod callee, Map map) {
- return getIndirectCallerSpecial(callee, map, new HashSet());
+ return getIndirectCallerSpecial(callee, map, new HashSet<>());
}
private CallerInfo getIndirectCallerSpecial(XMethod callee, Map map, Set visited) {
diff --git a/spotbugs/src/main/java/edu/umd/cs/findbugs/filter/Filter.java b/spotbugs/src/main/java/edu/umd/cs/findbugs/filter/Filter.java
index e90ef88b5bc..8c969831a21 100644
--- a/spotbugs/src/main/java/edu/umd/cs/findbugs/filter/Filter.java
+++ b/spotbugs/src/main/java/edu/umd/cs/findbugs/filter/Filter.java
@@ -20,11 +20,13 @@
package edu.umd.cs.findbugs.filter;
import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Reader;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.util.IdentityHashMap;
import java.util.Iterator;
@@ -204,7 +206,8 @@ public boolean match(BugInstance bugInstance) {
* @throws ParserConfigurationException
*/
private void parse(String fileName) throws IOException, SAXException, ParserConfigurationException {
- FileInputStream fileInputStream = new FileInputStream(new File(fileName));
+ Path path = FileSystems.getDefault().getPath(fileName);
+ InputStream fileInputStream = Files.newInputStream(path);
parse(fileName, fileInputStream);
}