-
Home
- Project Documentation Project Reports 10
SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.4
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 282 | 213 | 0 | 0 |
Files
org.sentrysoftware.ipmi.client.IpmiClientConfiguration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.client.IpmiClientConfiguration.getBmcKey() may expose internal representation by returning IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP | 145 | Medium |
| org.sentrysoftware.ipmi.client.IpmiClientConfiguration.getPassword() may expose internal representation by returning IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP | 124 | Medium |
| new org.sentrysoftware.ipmi.client.IpmiClientConfiguration(String, String, char[], byte[], boolean, long) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2 | 55 | Medium |
| new org.sentrysoftware.ipmi.client.IpmiClientConfiguration(String, String, char[], byte[], boolean, long) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP2 | 54 | Medium |
| org.sentrysoftware.ipmi.client.IpmiClientConfiguration.setBmcKey(byte[]) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2 | 156 | Medium |
| org.sentrysoftware.ipmi.client.IpmiClientConfiguration.setPassword(char[]) may expose internal representation by storing an externally mutable object into IpmiClientConfiguration.password | MALICIOUS_CODE | EI_EXPOSE_REP2 | 134 | Medium |
org.sentrysoftware.ipmi.client.model.Fru
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.client.model.Fru.getFruLocator() may expose internal representation by returning Fru.fruLocator | MALICIOUS_CODE | EI_EXPOSE_REP | 55 | Medium |
| org.sentrysoftware.ipmi.client.model.Fru.getFruRecords() may expose internal representation by returning Fru.fruRecords | MALICIOUS_CODE | EI_EXPOSE_REP | 63 | Medium |
| new org.sentrysoftware.ipmi.client.model.Fru(FruDeviceLocatorRecord, List) may expose internal representation by storing an externally mutable object into Fru.fruLocator | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 | Medium |
| new org.sentrysoftware.ipmi.client.model.Fru(FruDeviceLocatorRecord, List) may expose internal representation by storing an externally mutable object into Fru.fruRecords | MALICIOUS_CODE | EI_EXPOSE_REP2 | 47 | Medium |
org.sentrysoftware.ipmi.client.model.Sensor
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.client.model.Sensor.getData() may expose internal representation by returning Sensor.data | MALICIOUS_CODE | EI_EXPOSE_REP | 58 | Medium |
| org.sentrysoftware.ipmi.client.model.Sensor.getRecord() may expose internal representation by returning Sensor.sensorRecord | MALICIOUS_CODE | EI_EXPOSE_REP | 54 | Medium |
| new org.sentrysoftware.ipmi.client.model.Sensor(SensorRecord, GetSensorReadingResponseData, String) may expose internal representation by storing an externally mutable object into Sensor.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 49 | Medium |
| new org.sentrysoftware.ipmi.client.model.Sensor(SensorRecord, GetSensorReadingResponseData, String) may expose internal representation by storing an externally mutable object into Sensor.sensorRecord | MALICIOUS_CODE | EI_EXPOSE_REP2 | 48 | Medium |
org.sentrysoftware.ipmi.client.runner.GetFrusRunner
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.client.runner.GetFrusRunner.getFruRecords(int) might ignore java.lang.Exception | BAD_PRACTICE | DE_MIGHT_IGNORE | 225 | Medium |
org.sentrysoftware.ipmi.core.api.async.ConnectionHandle
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.api.async.ConnectionHandle.getRemoteAddress() may expose internal representation by returning ConnectionHandle.remoteAddress | MALICIOUS_CODE | EI_EXPOSE_REP | 70 | Medium |
| new org.sentrysoftware.ipmi.core.api.async.ConnectionHandle(int, InetAddress, int) may expose internal representation by storing an externally mutable object into ConnectionHandle.remoteAddress | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
org.sentrysoftware.ipmi.core.api.async.InboundSolMessageListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP2 | 59 | Medium |
| new org.sentrysoftware.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.connector | MALICIOUS_CODE | EI_EXPOSE_REP2 | 58 | Medium |
| new org.sentrysoftware.ipmi.core.api.async.InboundSolMessageListener(IpmiConnector, ConnectionHandle, List) may expose internal representation by storing an externally mutable object into InboundSolMessageListener.eventListeners | MALICIOUS_CODE | EI_EXPOSE_REP2 | 60 | Medium |
org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector at new org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 109 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector at new org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 150 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector at new org.sentrysoftware.ipmi.core.api.async.IpmiAsyncConnector(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 131 | Medium |
org.sentrysoftware.ipmi.core.api.async.messages.IpmiError
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.api.async.messages.IpmiError.getException() may expose internal representation by returning IpmiError.exception | MALICIOUS_CODE | EI_EXPOSE_REP | 37 | Medium |
| new org.sentrysoftware.ipmi.core.api.async.messages.IpmiError(Exception, int, ConnectionHandle) may expose internal representation by storing an externally mutable object into IpmiError.exception | MALICIOUS_CODE | EI_EXPOSE_REP2 | 42 | Medium |
org.sentrysoftware.ipmi.core.api.async.messages.IpmiResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.api.async.messages.IpmiResponse.getHandle() may expose internal representation by returning IpmiResponse.handle | MALICIOUS_CODE | EI_EXPOSE_REP | 43 | Medium |
| new org.sentrysoftware.ipmi.core.api.async.messages.IpmiResponse(int, ConnectionHandle) may expose internal representation by storing an externally mutable object into IpmiResponse.handle | MALICIOUS_CODE | EI_EXPOSE_REP2 | 55 | Medium |
org.sentrysoftware.ipmi.core.api.sol.SerialOverLan
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sol.SerialOverLan at new org.sentrysoftware.ipmi.core.api.sol.SerialOverLan(IpmiConnector, String, int, String, String, CipherSuiteSelectionHandler) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 104 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sol.SerialOverLan at new org.sentrysoftware.ipmi.core.api.sol.SerialOverLan(IpmiConnector, String, String, String, CipherSuiteSelectionHandler) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 129 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sol.SerialOverLan at new org.sentrysoftware.ipmi.core.api.sol.SerialOverLan(IpmiConnector, Session) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 145 | Medium |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.api.sol.SerialOverLan.readString(int): new String(byte[]) | I18N | DM_DEFAULT_ENCODING | 499 | High |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.api.sol.SerialOverLan.writeString(String): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 376 | High |
| new org.sentrysoftware.ipmi.core.api.sol.SerialOverLan(IpmiConnector, Session) may expose internal representation by storing an externally mutable object into SerialOverLan.connector | MALICIOUS_CODE | EI_EXPOSE_REP2 | 143 | Medium |
org.sentrysoftware.ipmi.core.api.sync.IpmiConnector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sync.IpmiConnector at new org.sentrysoftware.ipmi.core.api.sync.IpmiConnector(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 93 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sync.IpmiConnector at new org.sentrysoftware.ipmi.core.api.sync.IpmiConnector(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 125 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.api.sync.IpmiConnector at new org.sentrysoftware.ipmi.core.api.sync.IpmiConnector(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 109 | Medium |
org.sentrysoftware.ipmi.core.api.sync.MessageListener
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.api.sync.MessageListener(ConnectionHandle) may expose internal representation by storing an externally mutable object into MessageListener.handle | MALICIOUS_CODE | EI_EXPOSE_REP2 | 70 | Medium |
| Inconsistent synchronization of org.sentrysoftware.ipmi.core.api.sync.MessageListener.tag; locked 50% of time | MT_CORRECTNESS | IS2_INCONSISTENT_SYNC | 89 | Medium |
org.sentrysoftware.ipmi.core.coding.DecoderRunner
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference of data in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 521 | Medium |
| Possible null pointer dereference of data10 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 899 | Medium |
| Possible null pointer dereference of data11 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 928 | Medium |
| Possible null pointer dereference of data12 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 958 | Medium |
| Possible null pointer dereference of data13 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 995 | Medium |
| Possible null pointer dereference of data14 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 1026 | Medium |
| Possible null pointer dereference of data2 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 556 | Medium |
| Possible null pointer dereference of data3 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 591 | Medium |
| Possible null pointer dereference of data4 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 619 | Medium |
| Possible null pointer dereference of data5 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 645 | Medium |
| Possible null pointer dereference of data6 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 713 | Medium |
| Possible null pointer dereference of data7 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 741 | Medium |
| Possible null pointer dereference of data8 in org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() on exception path | CORRECTNESS | NP_NULL_ON_SOME_PATH_EXCEPTION | 772 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.cssrec from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 453 | High |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.cssrcv from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 479 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.lock from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 495 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.managedSeqNum from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 565 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.nextRecId from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 776 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.r1rd from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 589 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.coding.DecoderRunner.reservation from instance method org.sentrysoftware.ipmi.core.coding.DecoderRunner.run() | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 743 | Medium |
org.sentrysoftware.ipmi.core.coding.PayloadCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.PayloadCoder at new org.sentrysoftware.ipmi.core.coding.PayloadCoder() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 80 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.PayloadCoder at new org.sentrysoftware.ipmi.core.coding.PayloadCoder(IpmiVersion, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 86 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.IpmiCommandCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| instanceof will always return true for all non-null values in org.sentrysoftware.ipmi.core.coding.commands.IpmiCommandCoder.isCommandResponse(IpmiMessage), since all org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload are instances of org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload | STYLE | BC_VACUOUS_INSTANCEOF | 69 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.chassis.GetChassisStatus
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.chassis.GetChassisStatus at new org.sentrysoftware.ipmi.core.coding.commands.chassis.GetChassisStatus(IpmiVersion, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 65 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo at new org.sentrysoftware.ipmi.core.coding.commands.fru.GetFruInventoryAreaInfo(IpmiVersion, CipherSuite, AuthenticationType, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 69 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruData at new org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruData(int, BaseUnit, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 86 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruData at new org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruData(IpmiVersion, CipherSuite, AuthenticationType, int, BaseUnit, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 131 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruDataResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruDataResponseData.getFruData() may expose internal representation by returning ReadFruDataResponseData.fruData | MALICIOUS_CODE | EI_EXPOSE_REP | 41 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.ReadFruDataResponseData.setFruData(byte[]) may expose internal representation by storing an externally mutable object into ReadFruDataResponseData.fruData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo.getCodeRangeMasks() may expose internal representation by returning BaseCompatibilityInfo.codeRangeMasks | MALICIOUS_CODE | EI_EXPOSE_REP | 104 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BaseCompatibilityInfo.setCodeRangeMasks(byte[]) may expose internal representation by storing an externally mutable object into BaseCompatibilityInfo.codeRangeMasks | MALICIOUS_CODE | EI_EXPOSE_REP2 | 108 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo at new org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 68 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.getCustomBoardInfo() may expose internal representation by returning BoardInfo.customBoardInfo | MALICIOUS_CODE | EI_EXPOSE_REP | 224 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.getFruFileId() may expose internal representation by returning BoardInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP | 216 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.getMfgDate() may expose internal representation by returning BoardInfo.mfgDate | MALICIOUS_CODE | EI_EXPOSE_REP | 176 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.setCustomBoardInfo(String[]) may expose internal representation by storing an externally mutable object into BoardInfo.customBoardInfo | MALICIOUS_CODE | EI_EXPOSE_REP2 | 228 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.setFruFileId(byte[]) may expose internal representation by storing an externally mutable object into BoardInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP2 | 220 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.BoardInfo.setMfgDate(Date) may expose internal representation by storing an externally mutable object into BoardInfo.mfgDate | MALICIOUS_CODE | EI_EXPOSE_REP2 | 180 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.ChassisInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.record.ChassisInfo at new org.sentrysoftware.ipmi.core.coding.commands.fru.record.ChassisInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 56 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.ChassisInfo.getCustomChassisInfo() may expose internal representation by returning ChassisInfo.customChassisInfo | MALICIOUS_CODE | EI_EXPOSE_REP | 140 | Medium |
| Useless condition: it's known that partDataLength != 0 at this point | STYLE | UC_USELESS_CONDITION | 96 | High |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.ManagementAccessInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in new org.sentrysoftware.ipmi.core.coding.commands.fru.record.ManagementAccessInfo(byte[], int, int): new String(byte[]) | I18N | DM_DEFAULT_ENCODING | 57 | High |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.OemInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.OemInfo.getOemData() may expose internal representation by returning OemInfo.oemData | MALICIOUS_CODE | EI_EXPOSE_REP | 72 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.OemInfo.setOemData(byte[]) may expose internal representation by storing an externally mutable object into OemInfo.oemData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo at new org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo(byte[], int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 66 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo.getCustomProductInfo() may expose internal representation by returning ProductInfo.customProductInfo | MALICIOUS_CODE | EI_EXPOSE_REP | 216 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo.getFruFileId() may expose internal representation by returning ProductInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP | 208 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo.setCustomProductInfo(String[]) may expose internal representation by storing an externally mutable object into ProductInfo.customProductInfo | MALICIOUS_CODE | EI_EXPOSE_REP2 | 220 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.fru.record.ProductInfo.setFruFileId(byte[]) may expose internal representation by storing an externally mutable object into ProductInfo.fruFileId | MALICIOUS_CODE | EI_EXPOSE_REP2 | 212 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupport
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupport at new org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupport(byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 68 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupport at new org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupport(byte, CipherSuite, AuthenticationType) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 86 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupportResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.payload.GetChannelPayloadSupportResponseData.getSupportedPayloads() may expose internal representation by returning GetChannelPayloadSupportResponseData.supportedPayloads | MALICIOUS_CODE | EI_EXPOSE_REP | 74 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSdrResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSdrResponseData.getSensorRecordData() may expose internal representation by returning GetSdrResponseData.sensorRecordData | MALICIOUS_CODE | EI_EXPOSE_REP | 61 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSdrResponseData.setSensorRecordData(byte[]) may expose internal representation by storing an externally mutable object into GetSdrResponseData.sensorRecordData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.getRaw() may expose internal representation by returning GetSensorReadingResponseData.raw | MALICIOUS_CODE | EI_EXPOSE_REP | 100 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.setRaw(byte[]) may expose internal representation by storing an externally mutable object into GetSensorReadingResponseData.raw | MALICIOUS_CODE | EI_EXPOSE_REP2 | 104 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sdr.GetSensorReadingResponseData.setStatesAsserted(boolean[]) may expose internal representation by storing an externally mutable object into GetSensorReadingResponseData.statesAsserted | MALICIOUS_CODE | EI_EXPOSE_REP2 | 129 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord.getDeviceGuid() may expose internal representation by returning ManagementControllerConfirmationRecord.deviceGuid | MALICIOUS_CODE | EI_EXPOSE_REP | 168 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sdr.record.ManagementControllerConfirmationRecord.setDeviceGuid(byte[]) may expose internal representation by storing an externally mutable object into ManagementControllerConfirmationRecord.deviceGuid | MALICIOUS_CODE | EI_EXPOSE_REP2 | 172 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sdr.record.OemRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sdr.record.OemRecord.getOemData() may expose internal representation by returning OemRecord.oemData | MALICIOUS_CODE | EI_EXPOSE_REP | 64 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sdr.record.OemRecord.setOemData(byte[]) may expose internal representation by storing an externally mutable object into OemRecord.oemData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 68 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelEntryResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelEntryResponseData.getSelRecord() may expose internal representation by returning GetSelEntryResponseData.selRecord | MALICIOUS_CODE | EI_EXPOSE_REP | 55 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelEntryResponseData.setSelRecord(SelRecord) may expose internal representation by storing an externally mutable object into GetSelEntryResponseData.selRecord | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelInfoResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelInfoResponseData.getAdditionTimestamp() may expose internal representation by returning GetSelInfoResponseData.additionTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP | 64 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelInfoResponseData.getEraseTimestamp() may expose internal representation by returning GetSelInfoResponseData.eraseTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP | 72 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelInfoResponseData.setAdditionTimestamp(Date) may expose internal representation by storing an externally mutable object into GetSelInfoResponseData.additionTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP2 | 68 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sel.GetSelInfoResponseData.setEraseTimestamp(Date) may expose internal representation by storing an externally mutable object into GetSelInfoResponseData.eraseTimestamp | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.sel.SelRecord
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.sel.SelRecord.getTimestamp() may expose internal representation by returning SelRecord.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP | 112 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.sel.SelRecord.setTimestamp(Date) may expose internal representation by storing an externally mutable object into SelRecord.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP2 | 116 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.CloseSession
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.CloseSession at new org.sentrysoftware.ipmi.core.coding.commands.session.CloseSession(IpmiVersion, CipherSuite, AuthenticationType, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 65 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 108 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities(IpmiVersion, IpmiVersion, CipherSuite) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 132 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities at new org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilities(IpmiVersion, IpmiVersion, CipherSuite, PrivilegeLevel, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 164 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData.getAuthenticationTypes() may expose internal representation by returning GetChannelAuthenticationCapabilitiesResponseData.authenticationTypes | MALICIOUS_CODE | EI_EXPOSE_REP | 114 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelAuthenticationCapabilitiesResponseData.setAuthenticationTypes(Collection) may expose internal representation by storing an externally mutable object into GetChannelAuthenticationCapabilitiesResponseData.authenticationTypes | MALICIOUS_CODE | EI_EXPOSE_REP2 | 110 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuites
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuites at new org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuites(byte, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 108 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData.getCipherSuiteData() may expose internal representation by returning GetChannelCipherSuitesResponseData.cipherSuiteData | MALICIOUS_CODE | EI_EXPOSE_REP | 49 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.GetChannelCipherSuitesResponseData.setCipherSuiteData(byte[]) may expose internal representation by storing an externally mutable object into GetChannelCipherSuitesResponseData.cipherSuiteData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1 at new org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1(int, PrivilegeLevel, String, String, byte[], CipherSuite) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 179 | Medium |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.calculateSik(Rakp1ResponseData): new String(byte[]) | I18N | DM_DEFAULT_ENCODING | 408 | High |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.calculateSik(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 402 | High |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.prepareKeyExchangeAuthenticationCodeBase(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 376 | High |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.preparePayload(int): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 252 | High |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.prepareSikBase(Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 435 | High |
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.getBmcKey() may expose internal representation by returning Rakp1.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP | 143 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1.getConsoleRandomNumber() may expose internal representation by returning Rakp1.consoleRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP | 135 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1ResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1ResponseData.getManagedSystemGuid() may expose internal representation by returning Rakp1ResponseData.managedSystemGuid | MALICIOUS_CODE | EI_EXPOSE_REP | 72 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1ResponseData.getManagedSystemRandomNumber() may expose internal representation by returning Rakp1ResponseData.managedSystemRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP | 80 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1ResponseData.setManagedSystemGuid(byte[]) may expose internal representation by storing an externally mutable object into Rakp1ResponseData.managedSystemGuid | MALICIOUS_CODE | EI_EXPOSE_REP2 | 68 | Medium |
| org.sentrysoftware.ipmi.core.coding.commands.session.Rakp1ResponseData.setManagedSystemRandomNumber(byte[]) may expose internal representation by storing an externally mutable object into Rakp1ResponseData.managedSystemRandomNumber | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3.prepareKeyExchangeAuthenticationCodeBase(Rakp1, Rakp1ResponseData): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 233 | High |
| new org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3(byte, int, CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 136 | Medium |
| new org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3(byte, int, CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 137 | Medium |
| new org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3(CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 102 | Medium |
| new org.sentrysoftware.ipmi.core.coding.commands.session.Rakp3(CipherSuite, Rakp1, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp3.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 103 | Medium |
org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload.getData() may expose internal representation by returning IpmiPayload.data | MALICIOUS_CODE | EI_EXPOSE_REP | 43 | Medium |
| org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload.getEncryptedPayload() may expose internal representation by returning IpmiPayload.encryptedPayload | MALICIOUS_CODE | EI_EXPOSE_REP | 54 | Medium |
| org.sentrysoftware.ipmi.core.coding.payload.IpmiPayload.setData(byte[]) may expose internal representation by storing an externally mutable object into IpmiPayload.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 39 | Medium |
org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanRequest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanRequest at new org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanRequest(NetworkFunction, byte, byte[], byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 46 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanRequest at new org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanRequest(NetworkFunction, byte, byte[], byte, byte) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 67 | Medium |
org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanResponse
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanResponse at new org.sentrysoftware.ipmi.core.coding.payload.lan.IpmiLanResponse(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 58 | Medium |
org.sentrysoftware.ipmi.core.coding.payload.sol.SolInboundStatusField
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.payload.sol.SolInboundStatusField.getStatuses() may expose internal representation by returning SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP | 93 | Medium |
| new org.sentrysoftware.ipmi.core.coding.payload.sol.SolInboundStatusField(Set) may expose internal representation by storing an externally mutable object into SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
| new org.sentrysoftware.ipmi.core.coding.payload.sol.SolInboundStatusField(SolAckState, Set) may expose internal representation by storing an externally mutable object into SolInboundStatusField.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2 | 66 | Medium |
org.sentrysoftware.ipmi.core.coding.payload.sol.SolOutboundOperationField
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.payload.sol.SolOutboundOperationField.getOperations() may expose internal representation by returning SolOutboundOperationField.operations | MALICIOUS_CODE | EI_EXPOSE_REP | 82 | Medium |
| new org.sentrysoftware.ipmi.core.coding.payload.sol.SolOutboundOperationField(SolAckState, Set) may expose internal representation by storing an externally mutable object into SolOutboundOperationField.operations | MALICIOUS_CODE | EI_EXPOSE_REP2 | 55 | Medium |
org.sentrysoftware.ipmi.core.coding.protocol.IpmiMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.protocol.IpmiMessage.getAuthCode() may expose internal representation by returning IpmiMessage.authCode | MALICIOUS_CODE | EI_EXPOSE_REP | 78 | Medium |
| org.sentrysoftware.ipmi.core.coding.protocol.IpmiMessage.getPayload() may expose internal representation by returning IpmiMessage.payload | MALICIOUS_CODE | EI_EXPOSE_REP | 91 | Medium |
| org.sentrysoftware.ipmi.core.coding.protocol.IpmiMessage.setAuthCode(byte[]) may expose internal representation by storing an externally mutable object into IpmiMessage.authCode | MALICIOUS_CODE | EI_EXPOSE_REP2 | 74 | Medium |
| org.sentrysoftware.ipmi.core.coding.protocol.IpmiMessage.setPayload(IpmiPayload) may expose internal representation by storing an externally mutable object into IpmiMessage.payload | MALICIOUS_CODE | EI_EXPOSE_REP2 | 87 | Medium |
org.sentrysoftware.ipmi.core.coding.protocol.decoder.ProtocolDecoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| payload could be null and is guaranteed to be dereferenced in org.sentrysoftware.ipmi.core.coding.protocol.decoder.ProtocolDecoder.decodePayload(byte[], int, int, ConfidentialityAlgorithm, PayloadType) | CORRECTNESS | NP_GUARANTEED_DEREF | 197 | Medium |
org.sentrysoftware.ipmi.core.coding.rmcp.RmcpMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.rmcp.RmcpMessage.getData() may expose internal representation by returning RmcpMessage.data | MALICIOUS_CODE | EI_EXPOSE_REP | 77 | Medium |
| org.sentrysoftware.ipmi.core.coding.rmcp.RmcpMessage.setData(byte[]) may expose internal representation by storing an externally mutable object into RmcpMessage.data | MALICIOUS_CODE | EI_EXPOSE_REP2 | 73 | Medium |
org.sentrysoftware.ipmi.core.coding.rmcp.RmcpPingMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.rmcp.RmcpPingMessage at new org.sentrysoftware.ipmi.core.coding.rmcp.RmcpPingMessage(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 42 | Medium |
org.sentrysoftware.ipmi.core.coding.security.AuthenticationRakpHmacSha1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.security.AuthenticationRakpHmacSha1 at new org.sentrysoftware.ipmi.core.coding.security.AuthenticationRakpHmacSha1() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 47 | Medium |
| Found reliance on default encoding in org.sentrysoftware.ipmi.core.coding.security.AuthenticationRakpHmacSha1.getKeyExchangeAuthenticationCode(byte[], String): String.getBytes() | I18N | DM_DEFAULT_ENCODING | 68 | High |
org.sentrysoftware.ipmi.core.coding.security.ConfidentialityAlgorithm
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.security.ConfidentialityAlgorithm.initialize(byte[]) may expose internal representation by storing an externally mutable object into ConfidentialityAlgorithm.sik | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
| Unread public/protected field: org.sentrysoftware.ipmi.core.coding.security.ConfidentialityAlgorithm.sik | STYLE | URF_UNREAD_PUBLIC_OR_PROTECTED_FIELD | 51 | Medium |
org.sentrysoftware.ipmi.core.coding.security.IntegrityAlgorithm
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.security.IntegrityAlgorithm.initialize(byte[]) may expose internal representation by storing an externally mutable object into IntegrityAlgorithm.sik | MALICIOUS_CODE | EI_EXPOSE_REP2 | 50 | Medium |
org.sentrysoftware.ipmi.core.coding.security.IntegrityHmacSha1_96
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.coding.security.IntegrityHmacSha1_96 at new org.sentrysoftware.ipmi.core.coding.security.IntegrityHmacSha1_96() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 48 | Medium |
org.sentrysoftware.ipmi.core.coding.sol.SolCoder
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.coding.sol.SolCoder(byte[], byte, byte, SolAckState, Set, CipherSuite) may expose internal representation by storing an externally mutable object into SolCoder.message | MALICIOUS_CODE | EI_EXPOSE_REP2 | 81 | Medium |
| new org.sentrysoftware.ipmi.core.coding.sol.SolCoder(byte[], byte, byte, SolAckState, Set, CipherSuite) may expose internal representation by storing an externally mutable object into SolCoder.operations | MALICIOUS_CODE | EI_EXPOSE_REP2 | 85 | Medium |
org.sentrysoftware.ipmi.core.coding.sol.SolResponseData
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.coding.sol.SolResponseData.getStatuses() may expose internal representation by returning SolResponseData.statuses | MALICIOUS_CODE | EI_EXPOSE_REP | 80 | Medium |
| new org.sentrysoftware.ipmi.core.coding.sol.SolResponseData(byte, SolAckState, Set, byte) may expose internal representation by storing an externally mutable object into SolResponseData.statuses | MALICIOUS_CODE | EI_EXPOSE_REP2 | 67 | Medium |
org.sentrysoftware.ipmi.core.common.ByteBuffer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.common.ByteBuffer at new org.sentrysoftware.ipmi.core.common.ByteBuffer(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 54 | Medium |
org.sentrysoftware.ipmi.core.common.MessageComposer
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.common.MessageComposer at new org.sentrysoftware.ipmi.core.common.MessageComposer(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 39 | Medium |
| org.sentrysoftware.ipmi.core.common.MessageComposer.getMessage() may expose internal representation by returning MessageComposer.message | MALICIOUS_CODE | EI_EXPOSE_REP | 77 | Medium |
org.sentrysoftware.ipmi.core.common.MessageReader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.common.MessageReader at new org.sentrysoftware.ipmi.core.common.MessageReader(byte[]) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 38 | Medium |
| new org.sentrysoftware.ipmi.core.common.MessageReader(byte[]) may expose internal representation by storing an externally mutable object into MessageReader.message | MALICIOUS_CODE | EI_EXPOSE_REP2 | 41 | Medium |
org.sentrysoftware.ipmi.core.common.PropertiesManager
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Public static org.sentrysoftware.ipmi.core.common.PropertiesManager.getInstance() may expose internal representation by returning PropertiesManager.instance | MALICIOUS_CODE | MS_EXPOSE_REP | 52 | Medium |
| org.sentrysoftware.ipmi.core.common.PropertiesManager.loadProperties(String) may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 58 | Medium |
| Instance-getter method of class using singleton design pattern (org.sentrysoftware.ipmi.core.common.PropertiesManager) is not synchronized. | CORRECTNESS | SING_SINGLETON_GETTER_NOT_SYNCHRONIZED | 49-52 | Medium |
org.sentrysoftware.ipmi.core.connection.Connection
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.connection.Connection at new org.sentrysoftware.ipmi.core.connection.Connection(Messenger, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 141 | Medium |
org.sentrysoftware.ipmi.core.connection.ConnectionManager
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.connection.ConnectionManager at new org.sentrysoftware.ipmi.core.connection.ConnectionManager(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 76 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.connection.ConnectionManager at new org.sentrysoftware.ipmi.core.connection.ConnectionManager(int, long) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 63 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.connection.ConnectionManager at new org.sentrysoftware.ipmi.core.connection.ConnectionManager(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 90 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.connection.ConnectionManager at new org.sentrysoftware.ipmi.core.connection.ConnectionManager(Messenger) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 101 | Medium |
| Synchronization performed on java.util.concurrent.atomic.AtomicInteger in org.sentrysoftware.ipmi.core.connection.ConnectionManager.generateSessionlessTag() | MT_CORRECTNESS | JLM_JSR166_UTILCONCURRENT_MONITORENTER | 131 | Medium |
org.sentrysoftware.ipmi.core.connection.MessageHandler
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.connection.MessageHandler(Connection, int, int, int) may expose internal representation by storing an externally mutable object into MessageHandler.connection | MALICIOUS_CODE | EI_EXPOSE_REP2 | 48 | Medium |
org.sentrysoftware.ipmi.core.connection.Session
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.connection.Session.getConnectionHandle() may expose internal representation by returning Session.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP | 45 | Medium |
| new org.sentrysoftware.ipmi.core.connection.Session(int, ConnectionHandle) may expose internal representation by storing an externally mutable object into Session.connectionHandle | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
org.sentrysoftware.ipmi.core.connection.queue.MessageQueue
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.connection.queue.MessageQueue(Connection, int, int, int) may expose internal representation by storing an externally mutable object into MessageQueue.connection | MALICIOUS_CODE | EI_EXPOSE_REP2 | 79 | Medium |
org.sentrysoftware.ipmi.core.connection.queue.QueueElement
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.connection.queue.QueueElement.getRequest() may expose internal representation by returning QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP | 76 | Medium |
| org.sentrysoftware.ipmi.core.connection.queue.QueueElement.getTimestamp() may expose internal representation by returning QueueElement.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP | 92 | Medium |
| new org.sentrysoftware.ipmi.core.connection.queue.QueueElement(int, PayloadCoder) may expose internal representation by storing an externally mutable object into QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
| org.sentrysoftware.ipmi.core.connection.queue.QueueElement.setRequest(PayloadCoder) may expose internal representation by storing an externally mutable object into QueueElement.request | MALICIOUS_CODE | EI_EXPOSE_REP2 | 80 | Medium |
org.sentrysoftware.ipmi.core.sm.StateMachine
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.StateMachine.getRemoteMachineAddress() may expose internal representation by returning StateMachine.remoteMachineAddress | MALICIOUS_CODE | EI_EXPOSE_REP | 96 | Medium |
| org.sentrysoftware.ipmi.core.sm.StateMachine.start(InetAddress, int) may expose internal representation by storing an externally mutable object into StateMachine.remoteMachineAddress | MALICIOUS_CODE | EI_EXPOSE_REP2 | 128 | Medium |
org.sentrysoftware.ipmi.core.sm.actions.ErrorAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.actions.ErrorAction.getException() may expose internal representation by returning ErrorAction.exception | MALICIOUS_CODE | EI_EXPOSE_REP | 37 | Medium |
| new org.sentrysoftware.ipmi.core.sm.actions.ErrorAction(Exception) may expose internal representation by storing an externally mutable object into ErrorAction.exception | MALICIOUS_CODE | EI_EXPOSE_REP2 | 33 | Medium |
org.sentrysoftware.ipmi.core.sm.actions.GetSikAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.actions.GetSikAction.getSik() may expose internal representation by returning GetSikAction.sik | MALICIOUS_CODE | EI_EXPOSE_REP | 36 | Medium |
| new org.sentrysoftware.ipmi.core.sm.actions.GetSikAction(byte[]) may expose internal representation by storing an externally mutable object into GetSikAction.sik | MALICIOUS_CODE | EI_EXPOSE_REP2 | 32 | Medium |
org.sentrysoftware.ipmi.core.sm.actions.MessageAction
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.actions.MessageAction.getIpmiv20Message() may expose internal representation by returning MessageAction.ipmiResponseData | MALICIOUS_CODE | EI_EXPOSE_REP | 40 | Medium |
| new org.sentrysoftware.ipmi.core.sm.actions.MessageAction(Ipmiv20Message) may expose internal representation by storing an externally mutable object into MessageAction.ipmiResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 34 | Medium |
org.sentrysoftware.ipmi.core.sm.events.OpenSessionAck
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.events.OpenSessionAck.getBmcKey() may expose internal representation by returning OpenSessionAck.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP | 95 | Medium |
| new org.sentrysoftware.ipmi.core.sm.events.OpenSessionAck(CipherSuite, PrivilegeLevel, int, int, String, String, byte[]) may expose internal representation by storing an externally mutable object into OpenSessionAck.bmcKey | MALICIOUS_CODE | EI_EXPOSE_REP2 | 79 | Medium |
org.sentrysoftware.ipmi.core.sm.events.Rakp2Ack
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.events.Rakp2Ack.getRakp1ResponseData() may expose internal representation by returning Rakp2Ack.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP | 90 | Medium |
| new org.sentrysoftware.ipmi.core.sm.events.Rakp2Ack(CipherSuite, int, byte, int, Rakp1ResponseData) may expose internal representation by storing an externally mutable object into Rakp2Ack.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 70 | Medium |
org.sentrysoftware.ipmi.core.sm.events.Sendv20Message
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.sm.events.Sendv20Message.getPayloadCoder() may expose internal representation by returning Sendv20Message.message | MALICIOUS_CODE | EI_EXPOSE_REP | 75 | Medium |
| new org.sentrysoftware.ipmi.core.sm.events.Sendv20Message(PayloadCoder, int, int, int) may expose internal representation by storing an externally mutable object into Sendv20Message.message | MALICIOUS_CODE | EI_EXPOSE_REP2 | 56 | Medium |
org.sentrysoftware.ipmi.core.sm.states.Rakp1Complete
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.sm.states.Rakp1Complete(Rakp1) may expose internal representation by storing an externally mutable object into Rakp1Complete.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
org.sentrysoftware.ipmi.core.sm.states.Rakp1Waiting
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.sm.states.Rakp1Waiting(int, Rakp1) may expose internal representation by storing an externally mutable object into Rakp1Waiting.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 65 | Medium |
org.sentrysoftware.ipmi.core.sm.states.Rakp3Waiting
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.sm.states.Rakp3Waiting(int, Rakp1, Rakp1ResponseData, CipherSuite) may expose internal representation by storing an externally mutable object into Rakp3Waiting.rakp1 | MALICIOUS_CODE | EI_EXPOSE_REP2 | 75 | Medium |
| new org.sentrysoftware.ipmi.core.sm.states.Rakp3Waiting(int, Rakp1, Rakp1ResponseData, CipherSuite) may expose internal representation by storing an externally mutable object into Rakp3Waiting.rakp1ResponseData | MALICIOUS_CODE | EI_EXPOSE_REP2 | 76 | Medium |
org.sentrysoftware.ipmi.core.transport.UdpMessage
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.sentrysoftware.ipmi.core.transport.UdpMessage.getAddress() may expose internal representation by returning UdpMessage.address | MALICIOUS_CODE | EI_EXPOSE_REP | 66 | Medium |
| org.sentrysoftware.ipmi.core.transport.UdpMessage.getMessage() may expose internal representation by returning UdpMessage.message | MALICIOUS_CODE | EI_EXPOSE_REP | 78 | Medium |
| org.sentrysoftware.ipmi.core.transport.UdpMessage.setAddress(InetAddress) may expose internal representation by storing an externally mutable object into UdpMessage.address | MALICIOUS_CODE | EI_EXPOSE_REP2 | 74 | Medium |
| org.sentrysoftware.ipmi.core.transport.UdpMessage.setMessage(byte[]) may expose internal representation by storing an externally mutable object into UdpMessage.message | MALICIOUS_CODE | EI_EXPOSE_REP2 | 82 | Medium |
org.sentrysoftware.ipmi.core.transport.UdpMessenger
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.sentrysoftware.ipmi.core.transport.UdpMessenger at new org.sentrysoftware.ipmi.core.transport.UdpMessenger(int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 78 | Medium |
| Exception thrown in class org.sentrysoftware.ipmi.core.transport.UdpMessenger at new org.sentrysoftware.ipmi.core.transport.UdpMessenger(int, InetAddress) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 99 | Medium |
| Static field "sentPackets" is modified by an instance level synchronized method. | MT_CORRECTNESS | SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA | 225 | Medium |
| Write to static field org.sentrysoftware.ipmi.core.transport.UdpMessenger.sentPackets from instance method new org.sentrysoftware.ipmi.core.transport.UdpMessenger(int, InetAddress) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 94 | High |
| org.sentrysoftware.ipmi.core.transport.UdpMessenger.send(UdpMessage) calls Thread.sleep() with a lock held | MT_CORRECTNESS | SWL_SLEEP_WITH_LOCK_HELD | 221 | Medium |
org.sentrysoftware.ipmi.core.transport.UdpNotifier
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.sentrysoftware.ipmi.core.transport.UdpNotifier(UdpMessage, List) may expose internal representation by storing an externally mutable object into UdpNotifier.listeners | MALICIOUS_CODE | EI_EXPOSE_REP2 | 34 | Medium |
| new org.sentrysoftware.ipmi.core.transport.UdpNotifier(UdpMessage, List) may expose internal representation by storing an externally mutable object into UdpNotifier.message | MALICIOUS_CODE | EI_EXPOSE_REP2 | 33 | Medium |
Search Results for {{siteSearch | truncate:'50'}}
{{resultArray.length}}
No results.