Description |
Category |
AM: Creates an empty jar file entry |
Bad practice |
AM: Creates an empty zip file entry |
Bad practice |
BC: Equals method should not assume anything about the type of its argument |
Bad practice |
BC: Random object created and used only once |
Bad practice |
BIT: Check for sign of bitwise operation |
Bad practice |
CN: Class implements Cloneable but does not define or use clone method |
Bad practice |
CN: clone method does not call super.clone() |
Bad practice |
CN: Class defines clone() but doesn't implement Cloneable |
Bad practice |
Co: Abstract class defines covariant compareTo() method |
Bad practice |
Co: Covariant compareTo() method defined |
Bad practice |
DE: Method might drop exception |
Bad practice |
DE: Method might ignore exception |
Bad practice |
DMI: Don't use removeAll to clear a collection |
Bad practice |
DP: Classloaders should only be created inside doPrivileged block |
Bad practice |
DP: Method invoked that should be only be invoked inside a doPrivileged block |
Bad practice |
Dm: Method invokes System.exit(...) |
Bad practice |
Dm: Method invokes dangerous method runFinalizersOnExit |
Bad practice |
ES: Comparison of String parameter using == or != |
Bad practice |
ES: Comparison of String objects using == or != |
Bad practice |
Eq: Abstract class defines covariant equals() method |
Bad practice |
Eq: Equals checks for noncompatible operand |
Bad practice |
Eq: Class defines compareTo(...) and uses Object.equals() |
Bad practice |
Eq: equals method fails for subtypes |
Bad practice |
Eq: Covariant equals() method defined |
Bad practice |
FI: Empty finalizer should be deleted |
Bad practice |
FI: Explicit invocation of finalizer |
Bad practice |
FI: Finalizer nulls fields |
Bad practice |
FI: Finalizer only nulls fields |
Bad practice |
FI: Finalizer does not call superclass finalizer |
Bad practice |
FI: Finalizer nullifies superclass finalizer |
Bad practice |
FI: Finalizer does nothing but call superclass finalizer |
Bad practice |
GC: Unchecked type in generic call |
Bad practice |
HE: Class defines equals() but not hashCode() |
Bad practice |
HE: Class defines equals() and uses Object.hashCode() |
Bad practice |
HE: Class defines hashCode() but not equals() |
Bad practice |
HE: Class defines hashCode() and uses Object.equals() |
Bad practice |
HE: Class inherits equals() and uses Object.hashCode() |
Bad practice |
IC: Superclass uses subclass during initialization |
Bad practice |
IMSE: Dubious catching of IllegalMonitorStateException |
Bad practice |
ISC: Needless instantiation of class that only supplies static methods |
Bad practice |
It: Iterator next() method can't throw NoSuchElementException |
Bad practice |
J2EE: Store of non serializable object into HttpSession |
Bad practice |
JCIP: Fields of immutable classes should be final |
Bad practice |
NP: Method with Boolean return type returns explicit null |
Bad practice |
NP: Clone method may return null |
Bad practice |
NP: equals() method does not check for null argument |
Bad practice |
NP: toString method may return null |
Bad practice |
Nm: Class names should start with an upper case letter |
Bad practice |
Nm: Class is not derived from an Exception, even though it is named as such |
Bad practice |
Nm: Confusing method names |
Bad practice |
Nm: Field names should start with a lower case letter |
Bad practice |
Nm: Use of identifier that is a keyword in later versions of Java |
Bad practice |
Nm: Use of identifier that is a keyword in later versions of Java |
Bad practice |
Nm: Method names should start with a lower case letter |
Bad practice |
Nm: Class names shouldn't shadow simple name of implemented interface |
Bad practice |
Nm: Class names shouldn't shadow simple name of superclass |
Bad practice |
Nm: Very confusing method names (but perhaps intentional) |
Bad practice |
Nm: Method doesn't override method in superclass due to wrong package for parameter |
Bad practice |
ODR: Method may fail to close database resource |
Bad practice |
ODR: Method may fail to close database resource on exception |
Bad practice |
OS: Method may fail to close stream |
Bad practice |
OS: Method may fail to close stream on exception |
Bad practice |
RC: Suspicious reference comparison to constant |
Bad practice |
RC: Suspicious reference comparison of Boolean values |
Bad practice |
RR: Method ignores results of InputStream.read() |
Bad practice |
RR: Method ignores results of InputStream.skip() |
Bad practice |
RV: Method ignores exceptional return value |
Bad practice |
SI: Static initializer creates instance before all static final fields assigned |
Bad practice |
SW: Certain swing methods needs to be invoked in Swing thread |
Bad practice |
Se: Non-transient non-serializable instance field in serializable class |
Bad practice |
Se: Non-serializable class has a serializable inner class |
Bad practice |
Se: Non-serializable value stored into instance field of a serializable class |
Bad practice |
Se: Comparator doesn't implement Serializable |
Bad practice |
Se: Serializable inner class |
Bad practice |
Se: serialVersionUID isn't final |
Bad practice |
Se: serialVersionUID isn't long |
Bad practice |
Se: serialVersionUID isn't static |
Bad practice |
Se: Class is Serializable but its superclass doesn't define a void constructor |
Bad practice |
Se: Class is Externalizable but doesn't define a void constructor |
Bad practice |
Se: The readResolve method must be declared with a return type of Object. |
Bad practice |
Se: Transient field that isn't set by deserialization. |
Bad practice |
SnVI: Class is Serializable, but doesn't define serialVersionUID |
Bad practice |
UI: Usage of GetResource may be unsafe if class is extended |
Bad practice |
BC: Impossible cast |
Correctness |
BC: Impossible downcast |
Correctness |
BC: Impossible downcast of toArray() result |
Correctness |
BC: instanceof will always return false |
Correctness |
BIT: Bitwise add of signed byte value |
Correctness |
BIT: Incompatible bit masks |
Correctness |
BIT: Check to see if ((...) & 0) == 0 |
Correctness |
BIT: Incompatible bit masks |
Correctness |
BIT: Bitwise OR of signed byte value |
Correctness |
BIT: Check for sign of bitwise operation |
Correctness |
BOA: Class overrides a method implemented in super class Adapter wrongly |
Correctness |
BSHIFT: 32 bit int shifted by an amount not in the range 0..31 |
Correctness |
Bx: Primitive value is unboxed and coerced for ternary operator |
Correctness |
DLS: Dead store of class literal |
Correctness |
DLS: Overwritten increment |
Correctness |
DMI: Bad constant value for month |
Correctness |
DMI: hasNext method invokes next |
Correctness |
DMI: Collections should not contain themselves |
Correctness |
DMI: Invocation of hashCode on an array |
Correctness |
DMI: Double.longBitsToDouble invoked on an int |
Correctness |
DMI: Vacuous call to collections |
Correctness |
Dm: Can't use reflection to check for presence of annotation without runtime retention |
Correctness |
Dm: Futile attempt to change max pool size of ScheduledThreadPoolExecutor |
Correctness |
Dm: Creation of ScheduledThreadPoolExecutor with zero core threads |
Correctness |
Dm: Useless/vacuous call to EasyMock method |
Correctness |
EC: equals() used to compare array and nonarray |
Correctness |
EC: Invocation of equals() on an array, which is equivalent to == |
Correctness |
EC: equals(...) used to compare incompatible arrays |
Correctness |
EC: Call to equals() with null argument |
Correctness |
EC: Call to equals() comparing unrelated class and interface |
Correctness |
EC: Call to equals() comparing different interface types |
Correctness |
EC: Call to equals() comparing different types |
Correctness |
EC: Using pointer equality to compare different types |
Correctness |
Eq: equals method always returns false |
Correctness |
Eq: equals method always returns true |
Correctness |
Eq: equals method compares class names rather than class objects |
Correctness |
Eq: Covariant equals() method defined for enum |
Correctness |
Eq: equals() method defined that doesn't override equals(Object) |
Correctness |
Eq: equals() method defined that doesn't override Object.equals(Object) |
Correctness |
Eq: equals method overrides equals in superclass and may not be symmetric |
Correctness |
Eq: Covariant equals() method defined, Object.equals(Object) inherited |
Correctness |
FE: Doomed test for equality to NaN |
Correctness |
FS: Format string placeholder incompatible with passed argument |
Correctness |
FS: The type of a supplied argument doesn't match format specifier |
Correctness |
FS: MessageFormat supplied where printf style format expected |
Correctness |
FS: More arguments are passed than are actually used in the format string |
Correctness |
FS: Illegal format string |
Correctness |
FS: Format string references missing argument |
Correctness |
FS: No previous argument for format string |
Correctness |
GC: No relationship between generic parameter and method argument |
Correctness |
HE: Signature declares use of unhashable class in hashed construct |
Correctness |
HE: Use of class without a hashCode() method in a hashed data structure |
Correctness |
ICAST: integral value cast to double and then passed to Math.ceil |
Correctness |
ICAST: int value cast to float and then passed to Math.round |
Correctness |
IJU: JUnit assertion in run method will not be noticed by JUnit |
Correctness |
IJU: TestCase declares a bad suite method |
Correctness |
IJU: TestCase has no tests |
Correctness |
IJU: TestCase defines setUp that doesn't call super.setUp() |
Correctness |
IJU: TestCase implements a non-static suite method |
Correctness |
IJU: TestCase defines tearDown that doesn't call super.tearDown() |
Correctness |
IL: A collection is added to itself |
Correctness |
IL: An apparent infinite loop |
Correctness |
IL: An apparent infinite recursive loop |
Correctness |
IM: Integer multiply of result of integer remainder |
Correctness |
INT: Bad comparison of nonnegative value with negative constant |
Correctness |
INT: Bad comparison of signed byte |
Correctness |
IO: Doomed attempt to append to an object output stream |
Correctness |
IP: A parameter is dead upon entry to a method but overwritten |
Correctness |
MF: Class defines field that masks a superclass field |
Correctness |
MF: Method defines a variable that obscures a field |
Correctness |
NP: Null pointer dereference |
Correctness |
NP: Null pointer dereference in method on exception path |
Correctness |
NP: Method does not check for null argument |
Correctness |
NP: close() invoked on a value that is always null |
Correctness |
NP: Null value is guaranteed to be dereferenced |
Correctness |
NP: Value is null and guaranteed to be dereferenced on exception path |
Correctness |
NP: Method call passes null to a nonnull parameter |
Correctness |
NP: Method may return null, but is declared @NonNull |
Correctness |
NP: A known null value is checked to see if it is an instance of a type |
Correctness |
NP: Possible null pointer dereference |
Correctness |
NP: Possible null pointer dereference in method on exception path |
Correctness |
NP: Method call passes null for nonnull parameter |
Correctness |
NP: Method call passes null for nonnull parameter |
Correctness |
NP: Non-virtual method call passes null for nonnull parameter |
Correctness |
NP: Store of null value into field annotated NonNull |
Correctness |
NP: Read of unwritten field |
Correctness |
Nm: Class defines equal(Object); should it be equals(Object)? |
Correctness |
Nm: Class defines hashcode(); should it be hashCode()? |
Correctness |
Nm: Class defines tostring(); should it be toString()? |
Correctness |
Nm: Apparent method/constructor confusion |
Correctness |
Nm: Very confusing method names |
Correctness |
Nm: Method doesn't override method in superclass due to wrong package for parameter |
Correctness |
QBA: Method assigns boolean literal in boolean expression |
Correctness |
RC: Suspicious reference comparison |
Correctness |
RCN: Nullcheck of value previously dereferenced |
Correctness |
RE: Invalid syntax for regular expression |
Correctness |
RE: File.separator used for regular expression |
Correctness |
RE: "." used for regular expression |
Correctness |
RV: Random value from 0 to 1 is coerced to the integer 0 |
Correctness |
RV: Bad attempt to compute absolute value of signed 32-bit hashcode |
Correctness |
RV: Bad attempt to compute absolute value of signed 32-bit random integer |
Correctness |
RV: Exception created and dropped rather than thrown |
Correctness |
RV: Method ignores return value |
Correctness |
RpC: Repeated conditional tests |
Correctness |
SA: Double assignment of field |
Correctness |
SA: Self assignment of field |
Correctness |
SA: Self comparison of field with itself |
Correctness |
SA: Nonsensical self computation involving a field (e.g., x & x) |
Correctness |
SA: Self comparison of value with itself |
Correctness |
SA: Nonsensical self computation involving a variable (e.g., x & x) |
Correctness |
SF: Dead store due to switch statement fall through |
Correctness |
SF: Dead store due to switch statement fall through to throw |
Correctness |
SIC: Deadly embrace of non-static inner class and thread local |
Correctness |
SIO: Unnecessary type check done using instanceof operator |
Correctness |
SQL: Method attempts to access a prepared statement parameter with index 0 |
Correctness |
SQL: Method attempts to access a result set field with index 0 |
Correctness |
STI: Unneeded use of currentThread() call, to call interrupted() |
Correctness |
STI: Static Thread.interrupted() method invoked on thread instance |
Correctness |
Se: Method must be private in order for serialization to work |
Correctness |
Se: The readResolve method must not be declared as a static method. |
Correctness |
TQ: Value annotated as carrying a type qualifier used where a value that must not carry that qualifier is required |
Correctness |
TQ: Value that might not carry a type qualifier is always used in a way requires that type qualifier |
Correctness |
TQ: Value that might carry a type qualifier is always used in a way prohibits it from having that type qualifier |
Correctness |
TQ: Value annotated as never carrying a type qualifier used where value carrying that qualifier is required |
Correctness |
UMAC: Uncallable method defined in anonymous class |
Correctness |
UR: Uninitialized read of field in constructor |
Correctness |
UR: Uninitialized read of field method called from constructor of superclass |
Correctness |
USELESS_STRING: Invocation of toString on an array |
Correctness |
USELESS_STRING: Invocation of toString on an array |
Correctness |
USELESS_STRING: Array formatted in useless way using format string |
Correctness |
UwF: Field only ever set to null |
Correctness |
UwF: Unwritten field |
Correctness |
VA: Primitive array passed to function expecting a variable number of object arguments |
Correctness |
LG: Potential lost logger changes due to weak reference in OpenJDK |
Experimental |
OBL: Method may fail to clean up stream or resource |
Experimental |
Dm: Consider using Locale parameterized version of invoked method |
Internationalization |
EI: May expose internal representation by returning reference to mutable object |
Malicious code vulnerability |
EI2: May expose internal representation by incorporating reference to mutable object |
Malicious code vulnerability |
FI: Finalizer should be protected, not public |
Malicious code vulnerability |
MS: May expose internal static state by storing a mutable object into a static field |
Malicious code vulnerability |
MS: Field isn't final and can't be protected from malicious code |
Malicious code vulnerability |
MS: Public static method may expose internal representation by returning array |
Malicious code vulnerability |
MS: Field should be both final and package protected |
Malicious code vulnerability |
MS: Field is a mutable array |
Malicious code vulnerability |
MS: Field is a mutable Hashtable |
Malicious code vulnerability |
MS: Field should be moved out of an interface and made package protected |
Malicious code vulnerability |
MS: Field should be package protected |
Malicious code vulnerability |
MS: Field isn't final but should be |
Malicious code vulnerability |
DC: Possible double check of field |
Multithreaded correctness |
DL: Synchronization on Boolean could lead to deadlock |
Multithreaded correctness |
DL: Synchronization on boxed primitive could lead to deadlock |
Multithreaded correctness |
DL: Synchronization on interned String could lead to deadlock |
Multithreaded correctness |
DL: Synchronization on boxed primitive values |
Multithreaded correctness |
Dm: Monitor wait() called on Condition |
Multithreaded correctness |
Dm: A thread was created using the default empty run method |
Multithreaded correctness |
ESync: Empty synchronized block |
Multithreaded correctness |
IS: Inconsistent synchronization |
Multithreaded correctness |
IS: Field not guarded against concurrent access |
Multithreaded correctness |
JLM: Synchronization performed on Lock |
Multithreaded correctness |
LI: Incorrect lazy initialization of static field |
Multithreaded correctness |
LI: Incorrect lazy initialization and update of static field |
Multithreaded correctness |
ML: Synchronization on field in futile attempt to guard that field |
Multithreaded correctness |
ML: Method synchronizes on an updated field |
Multithreaded correctness |
MSF: Mutable servlet field |
Multithreaded correctness |
MWN: Mismatched notify() |
Multithreaded correctness |
MWN: Mismatched wait() |
Multithreaded correctness |
NN: Naked notify |
Multithreaded correctness |
NP: Synchronize and null check on the same field. |
Multithreaded correctness |
No: Using notify() rather than notifyAll() |
Multithreaded correctness |
RS: Class's readObject() method is synchronized |
Multithreaded correctness |
RV: Return value of putIfAbsent ignored, value passed to putIfAbsent reused |
Multithreaded correctness |
Ru: Invokes run on a thread (did you mean to start it instead?) |
Multithreaded correctness |
SC: Constructor invokes Thread.start() |
Multithreaded correctness |
SP: Method spins on field |
Multithreaded correctness |
STCAL: Call to static Calendar |
Multithreaded correctness |
STCAL: Call to static DateFormat |
Multithreaded correctness |
STCAL: Static Calendar |
Multithreaded correctness |
STCAL: Static DateFormat |
Multithreaded correctness |
SWL: Method calls Thread.sleep() with a lock held |
Multithreaded correctness |
TLW: Wait with two locks held |
Multithreaded correctness |
UG: Unsynchronized get method, synchronized set method |
Multithreaded correctness |
UL: Method does not release lock on all paths |
Multithreaded correctness |
UL: Method does not release lock on all exception paths |
Multithreaded correctness |
UW: Unconditional wait |
Multithreaded correctness |
VO: A volatile reference to an array doesn't treat the array elements as volatile |
Multithreaded correctness |
WL: Sychronization on getClass rather than class literal |
Multithreaded correctness |
WS: Class's writeObject() method is synchronized but nothing else is |
Multithreaded correctness |
Wa: Condition.await() not in loop |
Multithreaded correctness |
Wa: Wait not in loop |
Multithreaded correctness |
Bx: Primitive value is boxed and then immediately unboxed |
Performance |
Bx: Primitive value is boxed then unboxed to perform primitive coercion |
Performance |
Bx: Method allocates a boxed primitive just to call toString |
Performance |
Bx: Method invokes inefficient floating-point Number constructor; use static valueOf instead |
Performance |
Bx: Method invokes inefficient Number constructor; use static valueOf instead |
Performance |
Dm: The equals and hashCode methods of URL are blocking |
Performance |
Dm: Maps and sets of URLs can be performance hogs |
Performance |
Dm: Method invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead |
Performance |
Dm: Explicit garbage collection; extremely dubious except in benchmarking code |
Performance |
Dm: Method allocates an object, only to get the class object |
Performance |
Dm: Use the nextInt method of Random rather than nextDouble to generate a random integer |
Performance |
Dm: Method invokes inefficient new String(String) constructor |
Performance |
Dm: Method invokes toString() method on a String |
Performance |
Dm: Method invokes inefficient new String() constructor |
Performance |
HSC: Huge string constants is duplicated across multiple class files |
Performance |
ITA: Method uses toArray() with zero-length array argument |
Performance |
SBSC: Method concatenates strings using + in a loop |
Performance |
SIC: Should be a static inner class |
Performance |
SIC: Could be refactored into a named static inner class |
Performance |
SIC: Could be refactored into a static inner class |
Performance |
SS: Unread field: should this field be static? |
Performance |
UM: Method calls static Math class method on a constant value |
Performance |
UPM: Private method is never called |
Performance |
UrF: Unread field |
Performance |
UuF: Unused field |
Performance |
WMI: Inefficient use of keySet iterator instead of entrySet iterator |
Performance |
Dm: Hardcoded constant database password |
Security |
Dm: Empty database password |
Security |
HRS: HTTP cookie formed from untrusted input |
Security |
HRS: HTTP Response splitting vulnerability |
Security |
SQL: Nonconstant string passed to execute method on an SQL statement |
Security |
SQL: A prepared statement is generated from a nonconstant String |
Security |
XSS: JSP reflected cross site scripting vulnerability |
Security |
XSS: Servlet reflected cross site scripting vulnerability |
Security |
XSS: Servlet reflected cross site scripting vulnerability |
Security |
BC: Questionable cast to abstract collection |
Dodgy |
BC: Questionable cast to concrete collection |
Dodgy |
BC: Unchecked/unconfirmed cast |
Dodgy |
BC: instanceof will always return true |
Dodgy |
BSHIFT: Unsigned right shift cast to short/byte |
Dodgy |
CI: Class is final but declares protected field |
Dodgy |
DB: Method uses the same code for two branches |
Dodgy |
DB: Method uses the same code for two switch clauses |
Dodgy |
DLS: Dead store to local variable |
Dodgy |
DLS: Useless assignment in return statement |
Dodgy |
DLS: Dead store of null to local variable |
Dodgy |
DMI: Code contains a hard coded reference to an absolute pathname |
Dodgy |
DMI: Non serializable object written to ObjectOutput |
Dodgy |
DMI: Invocation of substring(0), which returns the original value |
Dodgy |
Dm: Thread passed where Runnable expected |
Dodgy |
Eq: Class doesn't override equals in superclass |
Dodgy |
Eq: Unusual equals method |
Dodgy |
FE: Test for floating point equality |
Dodgy |
FS: Non-Boolean argument formatted using %b format specifier |
Dodgy |
IA: Ambiguous invocation of either an inherited or outer method |
Dodgy |
IC: Initialization circularity |
Dodgy |
ICAST: integral division result cast to double or float |
Dodgy |
ICAST: Result of integer multiplication cast to long |
Dodgy |
IM: Computation of average could overflow |
Dodgy |
IM: Check for oddness that won't work for negative numbers |
Dodgy |
INT: Integer remainder modulo 1 |
Dodgy |
INT: Vacuous comparison of integer value |
Dodgy |
MTIA: Class extends Servlet class and uses instance variables |
Dodgy |
MTIA: Class extends Struts Action class and uses instance variables |
Dodgy |
NP: Dereference of the result of readLine() without nullcheck |
Dodgy |
NP: Immediate dereference of the result of readLine() |
Dodgy |
NP: Load of known null value |
Dodgy |
NP: Possible null pointer dereference due to return value of called method |
Dodgy |
NP: Possible null pointer dereference on path that might be infeasible |
Dodgy |
NP: Parameter must be nonnull but is marked as nullable |
Dodgy |
NS: Potentially dangerous use of non-short-circuit logic |
Dodgy |
NS: Questionable use of non-short-circuit logic |
Dodgy |
PZLA: Consider returning a zero length array rather than null |
Dodgy |
QF: Complicated, subtle or wrong increment in for-loop |
Dodgy |
RCN: Redundant comparison of non-null value to null |
Dodgy |
RCN: Redundant comparison of two null values |
Dodgy |
RCN: Redundant nullcheck of value known to be non-null |
Dodgy |
RCN: Redundant nullcheck of value known to be null |
Dodgy |
REC: Exception is caught when Exception is not thrown |
Dodgy |
RI: Class implements same interface as superclass |
Dodgy |
RV: Method checks to see if result of String.indexOf is positive |
Dodgy |
RV: Method discards result of readLine after checking if it is nonnull |
Dodgy |
RV: Remainder of hashCode could be negative |
Dodgy |
RV: Remainder of 32-bit signed random integer |
Dodgy |
SA: Double assignment of local variable |
Dodgy |
SA: Self assignment of local variable |
Dodgy |
SF: Switch statement found where one case falls through to the next case |
Dodgy |
SF: Switch statement found where default case is missing |
Dodgy |
ST: Write to static field from instance method |
Dodgy |
Se: private readResolve method not inherited by subclasses |
Dodgy |
Se: Transient field of class that isn't Serializable. |
Dodgy |
TQ: Explicit annotation inconsistent with use |
Dodgy |
TQ: Explicit annotation inconsistent with use |
Dodgy |
UCF: Useless control flow |
Dodgy |
UCF: Useless control flow to next line |
Dodgy |
UwF: Field not initialized in constructor |
Dodgy |
XFB: Method directly allocates a specific implementation of xml interfaces |
Dodgy |