Review

Detector:	Jadet
Target:	project ' httpclient ' version 444
Misuse:	misuse ' 2 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	When AuthState.isPreemptive(), both invalidate() and setAuthRequested(true) should be called. The latter was missing.
Fix Description:	(see diff)
Violation Types:	missing/call
In File:	org/apache/commons/httpclient/HttpMethodDirector.java
In Method:	processWWWAuthChallenge(HttpMethod)
Code with Misuse:	class HttpMethodDirector { private boolean processWWWAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); } Map challenges = AuthChallengeParser.parseChallenges( method.getResponseHeaders(WWW_AUTH_CHALLENGE)); if (challenges.isEmpty()) { LOG.debug("Authentication challenge(s) not found"); return false; } AuthScheme authscheme = null; try { authscheme = this.authProcessor.processChallenge(authstate, challenges); } catch (AuthChallengeException e) { if (LOG.isWarnEnabled()) { LOG.warn(e.getMessage()); } } if (authscheme == null) { return false; } String host = method.getParams().getVirtualHost(); if (host == null) { host = conn.getHost(); } int port = conn.getPort(); AuthScope authscope = new AuthScope( host, port, authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authentication scope: " + authscope); } if (authstate.isAuthAttempted() && authscheme.isComplete()) { // Already tried and failed Credentials credentials = promptForCredentials( authscheme, method.getParams(), authscope); if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("Failure authenticating with " + authscope); } return false; } else { return true; } } else { authstate.setAuthAttempted(true); Credentials credentials = this.state.getCredentials(authscope); if (credentials == null) { credentials = promptForCredentials( authscheme, method.getParams(), authscope); } if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("No credentials available for " + authscope); } return false; } else { return true; } } } }
Code with Pattern(s):	`class SetHostAuthRequested { void pattern(HttpMethod method) throws AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); authstate.setAuthRequested(true); } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Confidence	Defect Indicator	Missing Properties	Pattern Support	Present Properties
Yes	4	0.98	30.27	AuthState.invalidate () : void @ (0) < AuthState.setAuthRequested (boolean) : void @ (0);RETVAL: HttpMethod.getHostAuthState () : AuthState < AuthState.setAuthRequested (boolean) : void @ (0);AuthState.isPreemptive () : boolean @ (0) < AuthState.setAuthRequested (boolean) : void @ (0)	50	AuthState.isPreemptive () : boolean @ (0) < AuthState.invalidate () : void @ (0);RETVAL: HttpMethod.getHostAuthState () : AuthState < AuthState.invalidate () : void @ (0);RETVAL: HttpMethod.getHostAuthState () : AuthState < AuthState.isPreemptive () : boolean @ (0)

Reviewer Name:	sarah
Comment: