Review

Detector:

Tikanga

Target:

project '

jigsaw

' version

205

Tags:

Potential Misuse

Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.

Finding:	finding-13
In File:	org/w3c/www/http/HttpCredential.java
In Method:	parse()
Code with Finding:	class HttpCredential { /** * parse. * @exception HttpParserException if parsing failed. */ protected void parse() throws HttpParserException { ParseState ps = new ParseState(roff, rlen); // Get the scheme first if ( HttpParser.nextItem(raw, ps) < 0 ) error("Invalid credentials: no scheme."); this.scheme = ps.toString(raw); // Depending on the scheme... this.params = new ArrayDictionary(4, 4); ps.prepare(); if ( scheme.equalsIgnoreCase("basic") ) { // Basic Auth nasty hack if ( HttpParser.nextItem(raw, ps) < 0 ) error("Invalid basic auth credentials, no basic-cookie."); params.put("cookie", ps.toString(raw)); } else { // Normal credentials parsing ParseState it = new ParseState(); it.separator = (byte) '='; ps.separator = (byte) ','; while (HttpParser.nextItem(raw, ps) >= 0 ) { // Get the param name: it.prepare(ps); if (HttpParser.nextItem(raw, it) < 0) error("Invalid credentials: bad param name."); String key = it.toString(raw, true); // Get the param value: it.prepare(); if ( HttpParser.nextItem(raw, it) < 0) error("Invalid credentials: no param value."); it.ioff = it.start; HttpParser.unquote(raw, it); params.put(key, it.toString(raw)); ps.prepare(); } } } }

Metadata

Hit	Rank	Confidence	Defect Indicator	Missing Properties	Present Properties	Supporting Objects	Violation Types
No	13	0.97	9.67	AG (HttpParser.nextItem (byte[], ParseState) : int @ (2) => EX EF HttpParser.nextItem (byte[], ParseState) : int @ (2)) AG (HttpParser.nextItem (byte[], ParseState) : int @ (2) => EX EF ParseState.prepare () : void @ (0))	AG (ParseState.prepare () : void @ (0) => EX EF HttpParser.nextItem (byte[], ParseState) : int @ (2)) EF HttpParser.nextItem (byte[], ParseState) : int @ (2) AF HttpParser.nextItem (byte[], ParseState) : int @ (2) AG (ParseState.prepare () : void @ (0) => AX AF HttpParser.nextItem (byte[], ParseState) : int @ (2)) EF ParseState.prepare () : void @ (0) AG (ParseState.prepare () : void @ (0) => EX EF ParseState.prepare () : void @ (0))	HttpAccept.parse () : void : var #1@ParseState (line 40) HttpAccept.parse () : void : var #6@ParseState (line 55) HttpAcceptCharsetList.parse () : void : var #2@ParseState (line 15)

Reviewer Name:	sven
Comment: