04 2009 档案
摘要:[H B CN] Class defines clone() but doesn't implement Cloneable [CN_IMPLEMENTS_CLONE_BUT_NOT_CLONEABLE] This class defines a clone() method but the class doesn't implement Cloneable. There are some s...
阅读全文
摘要:[M S XSS] Servlet reflected cross site scripting vulnerability [XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER] This code directly writes an HTTP parameter to Servlet output, which allows for a reflected c...
阅读全文
摘要:[M D ICAST] Result of integer multiplication cast to long [ICAST_INTEGER_MULTIPLY_CAST_TO_LONG] This code performs integer multiply and then converts the result to a long, as in: long convertDays...
阅读全文
摘要:[M B DE] Method might ignore exception [DE_MIGHT_IGNORE] This method might ignore an exception. In general, exceptions should be handled or reported in some way, or they should be thrown out of the ...
阅读全文
摘要:前面已经写了一篇文档说明Inconsistent synchronization,但最近做代码安全时候又发现了一些关于Inconsistent synchronization的新问题,所以追加说明一下。 我们先看一段较长的代码: Code highlighting produced by Actipro CodeHighlighter (freeware)http://www.CodeH...
阅读全文
摘要:[M B Eq] Class defines compareTo(...) and uses Object.equals() [EQ_COMPARETO_USE_OBJECT_EQUALS] This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Gen...
阅读全文
摘要:[H C EC] equals() used to compare array and nonarray [EC_ARRAY_AND_NONARRAY] This method invokes the .equals(Object o) to compare an array and a reference that doesn't seem to be an array. If things b...
阅读全文
浙公网安备 33010602011771号