Review

Detector:	MuDetect
Target:	project ' httpclient ' version 444
Misuse:	misuse ' 3 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	When AuthState.isPreemptive(), both invalidate() and setAuthRequested(true) should be called. The latter was missing.
Fix Description:	(see diff)
Violation Types:	missing/call
In File:	org/apache/commons/httpclient/HttpMethodDirector.java
In Method:	processProxyAuthChallenge(HttpMethod)
Code with Misuse:	`class HttpMethodDirector {` `private boolean processProxyAuthChallenge(final HttpMethod method)` `throws MalformedChallengeException, AuthenticationException` `{` `AuthState authstate = method.getProxyAuthState();` `if (authstate.isPreemptive()) {` `authstate.invalidate();` `}` `Map proxyChallenges = AuthChallengeParser.parseChallenges(` `method.getResponseHeaders(PROXY_AUTH_CHALLENGE));` `if (proxyChallenges.isEmpty()) {` `LOG.debug("Proxy authentication challenge(s) not found");` `return false;` `}` `AuthScheme authscheme = null;` `try {` `authscheme = this.authProcessor.processChallenge(authstate, proxyChallenges);` `} catch (AuthChallengeException e) {` `if (LOG.isWarnEnabled()) {` `LOG.warn(e.getMessage());` `}` `}` `if (authscheme == null) {` `return false;` `}` `AuthScope authscope = new AuthScope(` `conn.getProxyHost(), conn.getProxyPort(),` `authscheme.getRealm(),` `authscheme.getSchemeName());` `if (LOG.isDebugEnabled()) {` `LOG.debug("Proxy authentication scope: " + authscope);` `}` `if (authstate.isAuthAttempted() && authscheme.isComplete()) {` `// Already tried and failed` `Credentials credentials = promptForProxyCredentials(` `authscheme, method.getParams(), authscope);` `if (credentials == null) {` `if (LOG.isInfoEnabled()) {` `LOG.info("Failure authenticating with " + authscope);` `}` `return false;` `} else {` `return true;` `}` `} else {` `authstate.setAuthAttempted(true);` `Credentials credentials = this.state.getProxyCredentials(authscope);` `if (credentials == null) {` `credentials = promptForProxyCredentials(` `authscheme, method.getParams(), authscope);` `}` `if (credentials == null) {` `if (LOG.isInfoEnabled()) {` `LOG.info("No credentials available for " + authscope);` `}` `return false;` `} else {` `return true;` `}` `}` `}` `}`
Code with Pattern(s):	`class SetProxyAuthRequested { void pattern(HttpMethod method) throws AuthenticationException { AuthState authstate = method.getProxyAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); authstate.setAuthRequested(true); } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Confidence String	Pattern Examples	Pattern Support	Pattern Violation	Target Environment Mapping
Yes	0	0.875	overlap = 14.00 / 16.00	httpclient/misuses/3/patterns-src/org/apache/commons/httpclient/SetProxyAuthRequested.java#pattern(HttpMethod)	1

Reviewer Name:	sarah
Comment: