Java

Biometric authentication should not be performed without an associated CryptoObject value.

The method invokes the execute or addBatch method on an SQL statement with a String that seems to be dynamically generated. This can allow SQL injection attacks to occur.

This class is a JUnit TestCase but has not implemented any test methods. Did you forget to implement them?

close() is being invoked on a value that is always null. If this statement is executed, a null pointer exception will occur. Another serious issue is the fact that the resource that is meant to be closed is not closed.

A null pointer is dereferenced here. This will lead to a NullPointerException when the code is executed.

The code creates an SQL prepared statement from a String that was formed dynamically. This may be vulnerable to SQL injection attacks.

This Spring security configuration appears to store passwords in plaintext or hashed with a weak hashing algorithm. This could allow an attacker to easily steal user login information.

Configure Spring to store passwords securely.

A boxed primitive is created just to call its compareTo method. It's more efficient to use the associated static compare method (for double and float since Java 1.4, for other primitive types since Java 7) which works on primitives directly.

This code stores a reference to an externally mutable object into a static field. If unchecked changes to the mutable object would compromise security or other important properties, you will need to do something different. It may be possible for external code to inspect or change the value of the static field by holding a reference to it after passing it to this class.

A public static method returns a reference to an array that is part of the static state of the class. Any code that calls this method can freely modify the underlying array. This is dangerous because it could allow external code to modify the behavior of the class by changing data asssumed to be invariant.

Our analysis shows that this object is useless. It's created and modified, but its value never goes outside the method or produces any side effect. Either there is a mistake and the object was intended to be used or it can be removed.

This method or field is or uses a Map or Set of URLs. Since both the equals and hashCode method of URL perform domain name resolution, this can result in a big performance hit.

This code is casting the result of calling toArray() on a collection to a subtype of Object[], as in:

BigDecimals constructed from a double may not be represented correctly.

This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.

This class is not an exception, and does not extend Throwable or any other exception class, but ends with 'Exception'. This may be confusing to users of this class.

This class implements the java.util.Iterator interface. However, its next() method is not capable of throwing java.util.NoSuchElementException. This is a violation of the Iterator interface's contract, and will not work with code that expects next() to throw when the iterator is exhausted.

This method invokes System.exit(), and is called by other code. This can prevent proper error handling and debugging.