View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

Java checker reference

Checker code Description Default severity Enabled by default? Tunable?
ANDROID.LIFECYCLE.SV.FRAGMENTINJ Unvalidated fragment class name 1 true No
ANDROID.LIFECYCLE.SV.GETEXTRA Unvalidated external data 3 true No
ANDROID.NPE Dereference of a null value in an Android application 4 true Yes
ANDROID.RLK.MEDIAPLAYER Media player is not released on exit 1 true Yes
ANDROID.RLK.MEDIARECORDER Media recorder is not released on exit 1 true Yes
ANDROID.RLK.SQLCON Sql connection is not closed on exit 1 true Yes
ANDROID.RLK.SQLOBJ Sql object is not closed on exit 1 true Yes
ANDROID.UF.BITMAP Usage of recycled bitmap 2 true Yes
ANDROID.UF.CAMERA Usage of released camera 2 true Yes
ANDROID.UF.MEDIAPLAYER Usage of released media player 2 true Yes
ANDROID.UF.MEDIARECORDER Usage of released media recorder 2 true Yes
CMP.CLASS Comparing by classname 4 false No
CMPF.FLOAT Equality checks on floating point types should be avoided 4 true No
CMP.OBJ Comparing objects with == 4 true No
CMP.STR Comparing strings with == 4 true No
COV.CMP Method compareTo() should have signature 'public int compareTo(Object)' 4 true No
ECC.EMPTY Empty catch clause 4 true No
EHC.EQ Class defines hashCode() but does not define equals() 4 true No
EHC.HASH Class defines equals() but does not define hashCode() 4 true No
ESCMP.EMPTYSTR Inefficient empty string comparison 4 true No
EXC.BROADTHROWS Method has an overly broad throws declaration 4 true No
FIN.EMPTY Empty finalize() method should be removed 3 true No
FIN.NOSUPER Implementation of the finalize() method should call super.finalize() 3 true No
FSC.PRT Class and its superclass have protected fields with the same name 4 false No
FSC.PRV Class and its superclass have private fields with the same name 4 false No
FSC.PUB Class and its superclass have public fields with the same name 4 false No
JD.BITCMP Using non short-circuit logic in expression 3 true No
JD.BITMASK Possible error in bit operations 3 true No
JD.BITR Redundant expression 3 true No
JD.CALL.WRONGSTATIC Call to static method via instance reference 4 true No
JD.CAST.COL Possible ClassCastException for collection 4 true No
JD.CAST.KEY Suspicious key type used to retrieve an element from collection 4 true No
JD.CAST.SUSP Possible ClassCastException for different types 4 true No
JD.CAST.UPCAST Possible ClassCastException for subtypes 4 true No
JD.CATCH Catching runtime exception 4 true No
JD.CONCUR Possible ConcurrentModificationException 3 true No
JD.EQ.ARR Calling 'equals' on array 4 true No
JD.EQ.UTA Calling 'equals' on incompatible types (array and non-array) 4 true No
JD.EQ.UTC Calling equals on incompatible types 4 true No
JD.FINRET Return inside finally 4 true No
JD.IFBAD Redundant 'if' statement 3 true No
JD.IFEMPTY Redundant 'if' statement. Unfinished code 3 true No
JD.INF.AREC Apparent infinite recursion 4 true No
JD.INST.TRUE Redundant 'instanceof' condition 4 true No
JD.LIST.ADD Container added to itself 4 true No
JD.LOCK Lock without unlock 2 true Yes
JD.LOCK.NOTIFY Method 'notify' called with locks held 4 true No
JD.LOCK.SLEEP Method 'sleep' called with locks held 4 true No
JD.LOCK.WAIT Method 'wait' called with locks held 4 true No
JD.METHOD.CBS Method can be static 4 false No
JD.NEXT Possible 'NoSuchElementException' 4 true Yes
JD.OVER Mismatched override 4 true No
JD.RC.EXPR.CHECK Test expression is always true 4 true No
JD.RC.EXPR.DEAD Redundant check causing dead code 4 false No
JD.ST.POS Incorrect check for method 'indexOf' 4 true No
JD.SYNC.DCL Double-checked locking 4 true No
JD.SYNC.IN Inconsistent synchronization 4 true No
JD.THREAD.RUN Explicit call to a 'Thread.run' method 4 true No
JD.UMC.FINALIZE Explicit call to method 'Object.finalize' 3 true No
JD.UMC.RUNFIN runFinalizersOnExit() is called 3 true No
JD.UMC.WAIT Wait called on incorrect object 4 true No
JD.UNCAUGHT Uncaught exception 4 true No
JD.UN.MET Unused non-private method 4 false No
JD.UNMOD Modification of unmodifiable collection 2 true Yes
JD.UN.PMET Unused private method 3 true No
JD.VNU Variable was never read after being assigned 4 true No
JD.VNU.NULL Variable was never read after null being assigned 4 true No
MNA.CAP Method name should start with non-capital letter 4 true No
MNA.CNS Method name is same as constructor name but it is not a constructor 4 true No
MNA.SUS Suspicious method name 4 true No
NPE.COND Null pointer dereference where null comes from condition 1 true Yes
NPE.CONST Null pointer dereference where null comes from constant 1 true Yes
NPE.RET Dereference of a null value which is returned from a method 1 true Yes
NPE.RET.UTIL Dereference of a null value which is returned from a map or a collection 1 true Yes
NPE.STAT Null pointer dereference of a return value (statistical) 4 false Yes
REDUN.DEF Assignment of expression to itself 4 true No
REDUN.EQ Suspicious equals() called with same expression on both sides 4 true No
REDUN.EQNULL Suspicious equals() called with expression and null (never true) 4 true No
REDUN.FINAL Redundant 'final' modifier 4 true No
REDUN.NULL Usage of variable instead of null constant 4 true No
REDUN.OP Suspicious operation with same expression on both sides 4 true No
RI.IGNOREDCALL The value returned by a method called on immutable object is ignored 4 true No
RI.IGNOREDNEW Newly created object is ignored 4 true No
RLK.AWT AWT object is not disposed on exit 1 true Yes
RLK.FIELD Possible leak of system resource stored in a field 4 true No
RLK.HIBERNATE Hibernate object is not closed on exit 1 true Yes
RLK.IMAGEIO ImageIO stream is not closed on exit 1 true Yes
RLK.IN Input stream is not closed on exit 1 true Yes
RLK.JNDI JNDI context is not closed on exit 1 true Yes
RLK.MAIL Java mail object is not closed on exit 1 true Yes
RLK.MICRO Java Microedition connection is not closed on exit 1 true Yes
RLK.NIO NIO object is not closed on exit 1 true Yes
RLK.OUT Output stream is not closed on exit 1 true Yes
RLK.SOCK Socket is not closed on exit 1 true Yes
RLK.SQLCON Sql connection is not closed on exit 1 true Yes
RLK.SQLOBJ Sql object is not closed on exit 1 true Yes
RLK.SWT SWT object is not disposed on exit 1 true Yes
RLK.ZIP Zip file is not closed on exit 1 true Yes
RNU.THIS Compare this and null but this cannot be null 4 true No
RR.IGNORED The returned value is ignored 4 true No
RTC.CALL Type cast is redundant 4 true No
STRCON.LOOP Using append for string in a loop 4 true No
SV.CLASSDEF.INJ Runtime Class Definition Injection 2 true No
SV.CLASSLOADER.INJ Class Loader URL Injection 2 true No
SV.CLEXT.CLLOADER Class extends 'java.lang.ClassLoader' 4 false No
SV.CLEXT.POLICY Class extends 'java.security.Policy' 4 false No
SV.CLLOADER Direct use of Classloader 4 false No
SV.CLONE.SUP Class implements 'clone' method but does not implement Cloneable 4 false No
SV.CSRF.GET CSRF Token in GET request 4 false Yes
SV.CSRF.ORIGIN Request handler without an origin check 4 false Yes
SV.CSRF.TOKEN State changing request handler without a CSRF check 4 false Yes
SV.DATA.BOUND Untrusted Data leaks into trusted storage 3 true Yes
SV.DATA.DB Data injection 2 true Yes
SV.DOS.ARRINDEX Tainted index used for array access 3 true Yes
SV.DOS.ARRSIZE Tainted size used for array allocation 3 true Yes
SV.DOS.TMPFILEDEL Leaving temporary file for lifetime of JVM 3 true Yes
SV.DOS.TMPFILEEXIT Leaving temporary file 3 true Yes
SV.ECV Empty certificate validation 4 false No
SV.EMAIL Unchecked e-mail 2 true Yes
SV.EXEC Process Injection 2 true Yes
SV.EXEC.DIR Process Injection. Working Directory 2 true Yes
SV.EXEC.ENV Process Injection. Environment Variables 2 true Yes
SV.EXEC.LOCAL Process Injection. Local Arguments 3 true No
SV.EXPOSE.FIELD Static field may be changed by malicious code 4 false No
SV.EXPOSE.FIN Method finalize() should have protected access modifier, not public 4 false No
SV.EXPOSE.IFIELD Instance field should be made final 4 false No
SV.EXPOSE.MUTABLEFIELD Static mutable field can be accessed by malicious code 4 false No
SV.EXPOSE.RET Internal representation may be exposed 4 false No
SV.EXPOSE.STORE Method stores reference to mutable object 4 false No
SV.HASH.NO_SALT Use of a one-way cryptographic hash without a salt 3 true No
SV.HTTP_SPLIT Http Response Splitting 2 true Yes
SV.IL.DEV Design information leakage 3 true Yes
SV.IL.FILE File Name Leaking 3 true Yes
SV.INT_OVF Tainted data may lead to Integer Overflow 2 true Yes
SV.LDAP Unvalidated user input is used as LDAP filter 2 true Yes
SV.LOG_FORGING Log Forging 3 true Yes
SV.PASSWD.HC Hardcoded Password 2 true Yes
SV.PASSWD.HC.EMPTY Empty Password 2 true Yes
SV.PASSWD.PLAIN Plain-text Password 2 true Yes
SV.PATH Path and file name injection 3 true Yes
SV.PATH.INJ File injection 3 true Yes
SV.RANDOM Use of insecure Random number generator 4 true No
SV.SCRIPT Script Execution 2 true Yes
SV.SENSITIVE.DATA Unencrypted sensitive data is written 2 true Yes
SV.SENSITIVE.OBJ Object with unencrypted sensitive data is stored 2 true Yes
SV.SERIAL.INON Interface extends 'Serializable' 4 false No
SV.SERIAL.NON Class implements 'Serializable' 4 false No
SV.SERIAL.NOREAD Method readObject() should be defined for a serializable class 4 false No
SV.SERIAL.NOWRITE Method writeObject() should be defined for a serializable class 4 false No
SV.SERIAL.SIG Methods readObject() and writeObject() in serializable classes should have correct signature 4 false No
SV.SHARED.VAR Unsynchronized access to static variable from servlet 4 true No
SV.SOCKETS Bad practices: use of sockets 4 false No
SV.SQL Sql Injection 2 true Yes
SV.SQL.DBSOURCE Unchecked information from the database is used in SQL statements 3 true Yes
SV.STRBUF.CLEAN String buffer not cleaned 3 false Yes
SV.STRUTS.NOTRESET Struts Forms: inconsistent reset 4 false No
SV.STRUTS.NOTVALID Struts Forms: inconsistent validate 4 false No
SV.STRUTS.PRIVATE Struts Forms: non-private fields 4 false No
SV.STRUTS.RESETMET Struts Forms: reset method 4 false No
SV.STRUTS.STATIC Struts Forms: static fields 4 false No
SV.STRUTS.VALIDMET Struts Forms: validate method 4 false No
SV.TAINT Tainted data 3 false Yes
SV.TAINT_NATIVE Tainted data goes to native code 3 true Yes
SV.TMPFILE Temporary file path tampering 3 true Yes
SV.UMC.EXIT The System.exit() and Runtime.exit() method calls should not be used in servlets code 4 false No
SV.UMC.JDBC Application should avoid calling to DriverManager.getConnection() directly 4 false No
SV.UMC.THREADS Bad practices: use of thread management 4 false No
SV.UMD.MAIN Leftover debug code - main method 4 false No
SV.USE.POLICY Direct use methods of Policy 4 false No
SV.WEAK.CRYPT Use of a Broken or Risky Cryptographic Algorithm 3 true No
SV.XPATH Unvalidated user input is used as an XPath expression 2 true Yes
SV.XSS.DB Cross Site Scripting (Stored XSS) 2 true Yes
SV.XSS.REF Cross Site Scripting (Reflected XSS) 2 true Yes
SYNCH.NESTED Synchronized method calls another synchronized method with the same lock held 4 true No
SYNCH.NESTEDS Synchronized static method calls another synchronized static method with the same lock held 4 true No
UC.BOOLB Unnecessary creation of new Boolean object from a boolean expression 4 true No
UC.BOOLS Unnecessary creation of new Boolean object from a string expression 4 true No
UC.STRS Unnecessary creation of new String object from a string expression 4 true No
UC.STRV Unnecessary creation of empty String object 4 true No
UF.IMAGEIO Usage of closed ImageIO stream 2 true No
UF.IN Usage of closed input stream 2 true No
UF.JNDI Usage of closed JNDI context 2 true No
UF.MAIL Usage of closed Java mail object 2 true No
UF.MICRO Usage of closed Java Microedition connection 2 true No
UF.NIO Usage of closed NIO object 2 true No
UF.OUT Usage of closed output stream 2 true No
UF.SOCK Usage of closed socket 2 true No
UF.SQLCON Usage of closed SQL connection 2 true No
UF.SQLOBJ Usage of closed SQL object 2 true No
UF.ZIP Usage of closed zip file 2 true No
UMC.EXIT The System.exit() method call is unwanted 4 false No
UMC.GC The System.gc() method call is unwanted 4 false No
UMC.SYSERR Debug print using System.err method calls is unwanted 4 false No
UMC.SYSOUT Debug print using System.out method calls is unwanted 4 false No
UMC.TOSTRING Unnecessary toString() method called for a String argument 4 true No
  1. ANDROID.LIFECYCLE.SV.FRAGMENTINJ
  2. ANDROID.LIFECYCLE.SV.GETEXTRA
  3. ANDROID.NPE
  4. ANDROID.RLK.MEDIAPLAYER
  5. ANDROID.RLK.MEDIARECORDER
  6. ANDROID.RLK.SQLCON
  7. ANDROID.RLK.SQLOBJ
  8. ANDROID.UF.BITMAP
  9. ANDROID.UF.CAMERA
  10. ANDROID.UF.MEDIAPLAYER
  11. ANDROID.UF.MEDIARECORDER
  12. CMP.CLASS
  13. CMPF.FLOAT
  14. CMP.OBJ
  15. CMP.STR
  16. COV.CMP
  17. ECC.EMPTY
  18. EHC.EQ
  19. EHC.HASH
  20. ESCMP.EMPTYSTR
  21. EXC.BROADTHROWS
  22. FIN.EMPTY
  23. FIN.NOSUPER
  24. FSC.PRT
  25. FSC.PRV
  26. FSC.PUB
  27. JD.BITCMP
  28. JD.BITMASK
  29. JD.BITR
  30. JD.CALL.WRONGSTATIC
  31. JD.CAST.COL
  32. JD.CAST.KEY
  33. JD.CAST.SUSP
  34. JD.CAST.UPCAST
  35. JD.CATCH
  36. JD.CONCUR
  37. JD.EQ.ARR
  38. JD.EQ.UTA
  39. JD.EQ.UTC
  40. JD.FINRET
  41. JD.IFBAD
  42. JD.IFEMPTY
  43. JD.INF.AREC
  44. JD.INST.TRUE
  45. JD.LIST.ADD
  46. JD.LOCK
  47. JD.LOCK.NOTIFY
  48. JD.LOCK.SLEEP
  49. JD.LOCK.WAIT
  50. JD.METHOD.CBS
  51. JD.NEXT
  52. JD.OVER
  53. JD.RC.EXPR.CHECK
  54. JD.RC.EXPR.DEAD
  55. JD.ST.POS
  56. JD.SYNC.DCL
  57. JD.SYNC.IN
  58. JD.THREAD.RUN
  59. JD.UMC.FINALIZE
  60. JD.UMC.RUNFIN
  61. JD.UMC.WAIT
  62. JD.UNCAUGHT
  63. JD.UN.MET
  64. JD.UNMOD
  65. JD.UN.PMET
  66. JD.VNU
  67. JD.VNU.NULL
  68. MNA.CAP
  69. MNA.CNS
  70. MNA.SUS
  71. NPE.COND
  72. NPE.CONST
  73. NPE.RET
  74. NPE.RET.UTIL
  75. NPE.STAT
  76. REDUN.DEF
  77. REDUN.EQ
  78. REDUN.EQNULL
  79. REDUN.FINAL
  80. REDUN.NULL
  81. REDUN.OP
  82. RI.IGNOREDCALL
  83. RI.IGNOREDNEW
  84. RLK.AWT
  85. RLK.FIELD
  86. RLK.HIBERNATE
  87. RLK.IMAGEIO
  88. RLK.IN
  89. RLK.JNDI
  90. RLK.MAIL
  91. RLK.MICRO
  92. RLK.NIO
  93. RLK.OUT
  94. RLK.SOCK
  95. RLK.SQLCON
  96. RLK.SQLOBJ
  97. RLK.SWT
  98. RLK.ZIP
  99. RNU.THIS
  100. RR.IGNORED
  101. RTC.CALL
  102. STRCON.LOOP
  103. SV.CLASSDEF.INJ
  104. SV.CLASSLOADER.INJ
  105. SV.CLEXT.CLLOADER
  106. SV.CLEXT.POLICY
  107. SV.CLLOADER
  108. SV.CLONE.SUP
  109. SV.CSRF.GET
  110. SV.CSRF.ORIGIN
  111. SV.CSRF.TOKEN
  112. SV.DATA.BOUND
  113. SV.DATA.DB
  114. SV.DOS.ARRINDEX
  115. SV.DOS.ARRSIZE
  116. SV.DOS.TMPFILEDEL
  117. SV.DOS.TMPFILEEXIT
  118. SV.ECV
  119. SV.EMAIL
  120. SV.EXEC
  121. SV.EXEC.DIR
  122. SV.EXEC.ENV
  123. SV.EXEC.LOCAL
  124. SV.EXPOSE.FIELD
  125. SV.EXPOSE.FIN
  126. SV.EXPOSE.IFIELD
  127. SV.EXPOSE.MUTABLEFIELD
  128. SV.EXPOSE.RET
  129. SV.EXPOSE.STORE
  130. SV.HASH.NO_SALT
  131. SV.HTTP_SPLIT
  132. SV.IL.DEV
  133. SV.IL.FILE
  134. SV.INT_OVF
  135. SV.LDAP
  136. SV.LOG_FORGING
  137. SV.PASSWD.HC
  138. SV.PASSWD.HC.EMPTY
  139. SV.PASSWD.PLAIN
  140. SV.PATH
  141. SV.PATH.INJ
  142. SV.RANDOM
  143. SV.SCRIPT
  144. SV.SENSITIVE.DATA
  145. SV.SENSITIVE.OBJ
  146. SV.SERIAL.INON
  147. SV.SERIAL.NON
  148. SV.SERIAL.NOREAD
  149. SV.SERIAL.NOWRITE
  150. SV.SERIAL.SIG
  151. SV.SHARED.VAR
  152. SV.SOCKETS
  153. SV.SQL
  154. SV.SQL.DBSOURCE
  155. SV.STRBUF.CLEAN
  156. SV.STRUTS.NOTRESET
  157. SV.STRUTS.NOTVALID
  158. SV.STRUTS.PRIVATE
  159. SV.STRUTS.RESETMET
  160. SV.STRUTS.STATIC
  161. SV.STRUTS.VALIDMET
  162. SV.TAINT
  163. SV.TAINT_NATIVE
  164. SV.TMPFILE
  165. SV.UMC.EXIT
  166. SV.UMC.JDBC
  167. SV.UMC.THREADS
  168. SV.UMD.MAIN
  169. SV.USE.POLICY
  170. SV.WEAK.CRYPT
  171. SV.XPATH
  172. SV.XSS.DB
  173. SV.XSS.REF
  174. SYNCH.NESTED
  175. SYNCH.NESTEDS
  176. UC.BOOLB
  177. UC.BOOLS
  178. UC.STRS
  179. UC.STRV
  180. UF.IMAGEIO
  181. UF.IN
  182. UF.JNDI
  183. UF.MAIL
  184. UF.MICRO
  185. UF.NIO
  186. UF.OUT
  187. UF.SOCK
  188. UF.SQLCON
  189. UF.SQLOBJ
  190. UF.ZIP
  191. UMC.EXIT
  192. UMC.GC
  193. UMC.SYSERR
  194. UMC.SYSOUT
  195. UMC.TOSTRING
  196. Conventions used in reported Java issue messages
Parent topic: Checkers

© Rogue Wave Software, Inc. All rights reserved. | Contact