SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
229 36 0 0

Files

Class Bugs
com.jsql.model.InjectionModel 1
com.jsql.model.accessible.ResourceAccess 2
com.jsql.model.accessible.vendor.ExploitH2 1
com.jsql.model.accessible.vendor.ExploitMysql 3
com.jsql.model.accessible.vendor.ExploitOracle 1
com.jsql.model.accessible.vendor.ExploitPostgres 4
com.jsql.model.accessible.vendor.ExploitSqlite 1
com.jsql.model.injection.strategy.DnsServer 1
com.jsql.model.injection.strategy.blind.InjectionBlindBin 1
com.jsql.model.injection.strategy.blind.InjectionBlindBit 1
com.jsql.model.injection.strategy.blind.InjectionCharInsertion 1
com.jsql.model.injection.strategy.blind.InjectionTime 1
com.jsql.model.injection.strategy.blind.InjectionVendor 1
com.jsql.model.injection.strategy.blind.callable.CallableBlindBit 2
com.jsql.model.injection.strategy.blind.callable.CallableCharInsertion 1
com.jsql.model.suspendable.AbstractSuspendable 4
com.jsql.util.PreferencesUtil 1
com.jsql.util.StringUtil 3
com.jsql.util.bruter.Bruter 5
com.jsql.util.bruter.DigestMD4 1

com.jsql.model.InjectionModel

Bug Category Details Line Priority
com.jsql.model.InjectionModel is Serializable; consider declaring a serialVersionUID BAD_PRACTICE SE_NO_SERIALVERSIONID 62-700 Medium

com.jsql.model.accessible.ResourceAccess

Bug Category Details Line Priority
Format string should use %n rather than \n in com.jsql.model.accessible.ResourceAccess.callCommand(String, boolean) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 321 Medium
Format string should use %n rather than \n in com.jsql.model.accessible.ResourceAccess.runWebShell(String, UUID, String, boolean) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 342 Medium

com.jsql.model.accessible.vendor.ExploitH2

Bug Category Details Line Priority
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitH2.runRce(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 71 Medium

com.jsql.model.accessible.vendor.ExploitMysql

Bug Category Details Line Priority
Found reliance on default encoding in com.jsql.model.accessible.vendor.ExploitMysql.copyBodyToShare(String, String): String.getBytes() I18N DM_DEFAULT_ENCODING 505 High
Found reliance on default encoding in com.jsql.model.accessible.vendor.ExploitMysql.create(String, String, String, String, BinaryOperator, String, ExploitMode): String.getBytes() I18N DM_DEFAULT_ENCODING 171 High
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitMysql.runRceCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 457 Medium

com.jsql.model.accessible.vendor.ExploitOracle

Bug Category Details Line Priority
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitOracle.runRceCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 89 Medium

com.jsql.model.accessible.vendor.ExploitPostgres

Bug Category Details Line Priority
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceArchiveCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 337 Medium
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceExtensionCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 398 Medium
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceLibraryCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 241 Medium
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitPostgres.runRceProgramCmd(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 364 Medium

com.jsql.model.accessible.vendor.ExploitSqlite

Bug Category Details Line Priority
Format string should use %n rather than \n in com.jsql.model.accessible.vendor.ExploitSqlite.runRce(String, UUID) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 68 Medium

com.jsql.model.injection.strategy.DnsServer

Bug Category Details Line Priority
There is an apparent infinite loop in com.jsql.model.injection.strategy.DnsServer.listen() CORRECTNESS IL_INFINITE_LOOP 45 High

com.jsql.model.injection.strategy.blind.InjectionBlindBin

Bug Category Details Line Priority
Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionBlindBin at new com.jsql.model.injection.strategy.blind.InjectionBlindBin(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 101 Medium

com.jsql.model.injection.strategy.blind.InjectionBlindBit

Bug Category Details Line Priority
Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionBlindBit at new com.jsql.model.injection.strategy.blind.InjectionBlindBit(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 95 Medium

com.jsql.model.injection.strategy.blind.InjectionCharInsertion

Bug Category Details Line Priority
Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionCharInsertion at new com.jsql.model.injection.strategy.blind.InjectionCharInsertion(InjectionModel, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 114 Medium

com.jsql.model.injection.strategy.blind.InjectionTime

Bug Category Details Line Priority
Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionTime at new com.jsql.model.injection.strategy.blind.InjectionTime(InjectionModel, AbstractInjectionBit$BlindOperator) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 81 Medium

com.jsql.model.injection.strategy.blind.InjectionVendor

Bug Category Details Line Priority
Exception thrown in class com.jsql.model.injection.strategy.blind.InjectionVendor at new com.jsql.model.injection.strategy.blind.InjectionVendor(InjectionModel, String, Vendor) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 89 Medium

com.jsql.model.injection.strategy.blind.callable.CallableBlindBit

Bug Category Details Line Priority
Do not catch NullPointerException like in com.jsql.model.injection.strategy.blind.callable.CallableBlindBit.isTrue() STYLE DCN_NULLPOINTER_EXCEPTION 71 Medium
Do not catch NullPointerException like in com.jsql.model.injection.strategy.blind.callable.CallableBlindBit.isTrue() STYLE DCN_NULLPOINTER_EXCEPTION 81 Medium

com.jsql.model.injection.strategy.blind.callable.CallableCharInsertion

Bug Category Details Line Priority
Do not catch NullPointerException like in com.jsql.model.injection.strategy.blind.callable.CallableCharInsertion.isTrue() STYLE DCN_NULLPOINTER_EXCEPTION 50 Medium

com.jsql.model.suspendable.AbstractSuspendable

Bug Category Details Line Priority
Shared primitive variable "isPaused" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 68 Medium
Shared primitive variable "isPaused" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 75 Medium
Inconsistent synchronization of com.jsql.model.suspendable.AbstractSuspendable.isStopped; locked 50% of time MT_CORRECTNESS IS2_INCONSISTENT_SYNC 61 Medium
Naked notify in com.jsql.model.suspendable.AbstractSuspendable.resume() MT_CORRECTNESS NN_NAKED_NOTIFY 91 Medium

com.jsql.util.PreferencesUtil

Bug Category Details Line Priority
Exception thrown in class com.jsql.util.PreferencesUtil at new com.jsql.util.PreferencesUtil() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 124 Medium

com.jsql.util.StringUtil

Bug Category Details Line Priority
Found reliance on default encoding in com.jsql.util.StringUtil.compress(String): String.getBytes() I18N DM_DEFAULT_ENCODING 269 High
Found reliance on default encoding in com.jsql.util.StringUtil.toBase64Zip(String): new String(byte[]) I18N DM_DEFAULT_ENCODING 209 High
Check for oddness that won't work for negative numbers in com.jsql.util.StringUtil.decodeHexString(String) STYLE IM_BAD_CHECK_FOR_ODD 312 Medium

com.jsql.util.bruter.Bruter

Bug Category Details Line Priority
Shared primitive variable "found" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 135 Medium
Shared primitive variable "done" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 143 Medium
Shared primitive variable "maxLength" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 123 Medium
Shared primitive variable "minLength" in one thread may not yield the value of the most recent write from another thread MT_CORRECTNESS AT_STALE_THREAD_WRITE_OF_PRIMITIVE 127 Medium
Inconsistent synchronization of com.jsql.util.bruter.Bruter.endtime; locked 50% of time MT_CORRECTNESS IS2_INCONSISTENT_SYNC 112 Medium

com.jsql.util.bruter.DigestMD4

Bug Category Details Line Priority
Unsigned right shift cast to short/byte in com.jsql.util.bruter.DigestMD4.engineDigest() STYLE ICAST_QUESTIONABLE_UNSIGNED_RIGHT_SHIFT 212 Medium