最新最全Klocwork錯誤代碼對照表

1、 No Checker coder5NPE.COND6NPE.CONST7NPE.RET9RLK.AWT10RLK.HIBERNATE11RLK.IMAGEIO12RLK.IN13RLK.JNDI14RLK.MAIL15RLK.MICRO16RLK.NIO17RLK.OUT18RLK.SOCK19RLK.SQLCON20RLK.SQLOBJ21RLK.SWT22RLK.ZIP29SV.EMAIL30SV.EXEC33SV.HTTP_SPLIT34SV.INT_OVF35SV.LDAP39SV.SQL40SV.XPATH43UF.IMAGEIO44UF.IN45UF.JNDI46UF.MAIL4

2、7UF.MICRO48UF.NIO49UF.OUT50UF.SOCK51UF.SQLCON52UF.SQLOBJ53UF.ZIP54FIN.EMPTY55FIN.NOSUPER 56JD.BITCMP57JD.BITMASK 58JD.BITR59JD.CONCUR60JD.IFBAD61JD.IFEMPTY72SV.LOG_FORGING 73SV.PATH78SV.TAINT_NATIVE 79SV.TMPFILE80ANDROID.NPE 81CMP.CLASS82CMP.OBJ83CMP.STR84CMPF.FLOAT85COV.CMP86ECC.EMPTY87EHC.EQ88EHC.

3、HASH89ESCMP.EMPTYSTR 90EXC.BROADTHROWS91FSC.PRT92FSC.PRV93FSC.PUB99JD.CATCH103JD.FINRET107JD.LOCK112JD.OVER138RR.IGNORED139RTC.CALL140STRCON.LOOP143SV.CLLOADER158SV.SOCKETS173UC.BOOLS174UC.STRS175UC.STRV176UMC.EXIT177UMC.GC178UMC.SYSERR 179UMC.SYSOUT 180UMC.TOSTRINGDescriptionMedia player not releas

4、ed on exit(媒體播放器在退出時沒有被釋放Media recorder not released on exit(媒體錄影機(jī)在退出時沒有被釋放SQL connection not closed on exit(SQL連接在退出時沒有被關(guān)閉SQL object not closed on exit(SQL對象在退出時沒有被關(guān)閉Null pointer dereference where null comes from condition(在空值來自的條件句中發(fā)生空指針解引用Null pointer dereference where null comes from constant(在空

5、值來自的常量中發(fā)生空指針解引用Dereference of a null value which is returned from a method(來自一個方法中的空值的解引用Dereference of a null value which is returned from a map or a collection(來自一個映射或者一個集合的一個空值的解引用AWT object not disposed on exit(AWT對象在退出時沒有被處理Hibernate object is not closed on exit(潛伏對象在退出時沒有被關(guān)閉ImageIO stream is n

6、ot closed on exit(ImageIO 流在退出時沒有被關(guān)閉Input stream is not closed on exit(輸入流在退出時沒有被關(guān)閉JNDI context is not closed on exit(JNDI上下文在退出時沒有被關(guān)閉Java mail object is not closed on exit(Java郵件對象在退出時沒有被關(guān)閉Java Microedition connection is not closed on exit(Java Microedition連接在退出時沒有被關(guān)閉NIO object is not closed on exi

7、t(NIO對象在退出時沒有被關(guān)閉Output stream is not closed on exit(輸出流在退出時沒有被關(guān)閉Socket is not closed on exit(Socket在退出時沒有被關(guān)閉SQL connection is not closed on exit(SQL連接在退出時沒有被關(guān)閉SQL object is not closed on exit(SQL對象在退出時沒有被關(guān)閉SWT object is not disposed on exit(SWT對象在退出時沒有被處理Zip file is not closed on exit(Zip文件在退出時沒有被關(guān)閉

8、Usage of recycled bitmap(循環(huán)位圖的使用Usage of released camera(已發(fā)布相機(jī)的使用Usage of released media player(已發(fā)布媒體播放器的使用Usage of released media recorder(已發(fā)布媒體播放器的使用Modification of unmodifiable collection(無法改變地址的調(diào)整Data injection(數(shù)據(jù)注入Unchecked e-mail(未檢查的電子郵件Process Injection(過程注入Process Injection. Working Directo

9、ry(過程注入。工作目錄Process Injection. Environment Variables(過程注入。環(huán)境變量。HTTP Response Splitting(HTTP相應(yīng)拆分攻擊Tainted data may lead to Integer Overflow(感染數(shù)據(jù)可能導(dǎo)致整數(shù)溢出Unvalidated user input is used as LDAP filter (未驗(yàn)證的用戶輸入被用來作為LDAP過濾器Hardcoded Password(硬編碼密碼Empty Password(空密碼Plain-text Password(普通字符密碼SQL Injection(

10、SQL注入Unvalidated user input is used as an XPath expression (未驗(yàn)證的用戶輸入被用來作為Xpath表達(dá)式 Cross Site Scripting (Stored XSS(跨站點(diǎn)的腳本語言(已儲存的XSSCross Site Scripting (Reflected XSS(跨站點(diǎn)的腳本語言(已反映的XSSUsage of closed ImageIO stream(已關(guān)閉的ImageIO流的使用Usage of closed input stream(已關(guān)閉的輸入流的使用Usage of closed JNDI context(已關(guān)閉

11、的JNDI上下文的使用Usage of closed Java mail object(已關(guān)閉的Java郵件對象的使用Usage of closed Java Microedition connection(已關(guān)閉的Java Microedition連接的使用Usage of closed NIO object(已關(guān)閉的NIO對象的使用Usage of closed output stream(已關(guān)閉的輸出流的使用Usage of closed socket(已關(guān)閉的socket的使用Usage of closed SQL connection(已關(guān)閉的SQL連接的使用Usage of clo

12、sed SQL object(已關(guān)閉的SQL對象的使用Usage of closed zip file(已關(guān)閉的zip文件的使用Empty finalize( method(空的finalize(方法 Implementation of finalize( without call to super.finalize( (在沒有調(diào)用super.finalize(時對finalize(的實(shí)現(xiàn) Using non short-circuit logic in expression(在表達(dá)式中使用非短路邏輯Possible error in bit operations(在位操作中可能的錯誤Redu

13、ndant expression(多余的表達(dá)式Possible ConcurrentModificationException(可能的并行調(diào)整異常Redundant if statement(多余的if語句Redundant if statement. Unfinished code(多余的if語句。未完成的代碼Explicit call to method Object.finalize(直接調(diào)用方法Objent.finalizerunFinalizersOnExit( is called(調(diào)用runFinalizedOnExit(Unused private method(未使用私有方法U

14、ntrusted Data leaks into trusted storage (在可信用的儲存中出現(xiàn)不信任的數(shù)據(jù)泄露Tainted index used for array access(將已污染的指標(biāo)用作數(shù)組存取Tainted size used for array allocation(將已污染的尺寸用作數(shù)組分配Leaving temporary file for lifetime of JVM(為了JVM的壽命舍去臨時文件Leaving temporary file(去除臨時文件Design information leakage(設(shè)計信息泄露File Name Leaking(文件

15、名泄露Log Forging(偽造日志Path and file name injection(路徑和文件名注入File injection(文件名注入Unchecked information from the database is used in SQL statements (把來自數(shù)據(jù)庫中未檢查的信息用在SQL語句中String buffer not cleaned(字符串緩沖區(qū)沒有被清掃Tainted data(被污染的數(shù)據(jù)Tainted data goes to native code(被污染的數(shù)據(jù)進(jìn)入本地代碼中Temporary file path tampering(臨時文件

16、路徑損壞Dereference of a null value in an Android application(在一個Androind應(yīng)用程序中一個空值的解引用Comparing by classname(通過類名來比較Comparing objects with =(用=號來比較對象Comparing strings with =(用=號來比較字符串Equality checks on floating point types(在浮點(diǎn)類型中等式的檢查Method compareTo( should have signature public int compareTo(Object (方

17、法compareTo(應(yīng)該有簽名公共的int compareTo(對象Empty catch clause(空的catch從句Class defines hashCode( but does not define equals(類定義了hashCode(,但是沒有定義equals(Class defines equals( but does not define hashCode(類定義了equal(,但是沒有定義hashCode(Inefficient empty string comparison(無效的空字符串比較Method has an overly broad throws dec

18、laration(方法有一個過寬泛的throws聲明Class and its superclass have protected fields with same name(類和它的父類中有同名的受保護(hù)的字段 Class and its superclass have private fields with same name(類和它的父類中有同名的私有的字段Class and its superclass have public fields with same name (類和它的父類中有同名的公共的字段Call to static method via instance referen

19、ce(通過實(shí)例引用來調(diào)用靜態(tài)的方法Possible ClassCastException for collection(針對集合中可能的類拋出異常 Suspicious key type used to retrieve element from collection (把可疑的關(guān)鍵類型用來從集合中獲得元素Possible ClassCastException for different types(針對不同類型可能的類拋出異常Possible ClassCastException for subtypes(針對子類型可能的類拋出異常Catching runtime exception(捕捉運(yùn)

20、行時間異常Calling equals on array(在數(shù)組中調(diào)用equalsCalling equals on incompatible types (array and non-array (在不兼容的類型(數(shù)組和非數(shù)組中調(diào)用equals Calling equals on incompatible types(在不兼容的類型中調(diào)用等式Return inside finally(最終返回到內(nèi)部Apparent infinite recursion(明顯的無限遞歸Redundant instanceof condition(多余的instanceof條件Container added t

21、o itself(把容器添加到自身Lock without unlock(在未鎖的情況下上鎖Method notify called with locks held(用已持有的鎖來調(diào)用方法notifyMethod sleep called with locks held(用已持有的鎖來調(diào)用方法sleepMethod wait called with locks held(用已持有的鎖來調(diào)用方法waitPossible NoSuchElementException(可能的沒有此元素異常Mismatched override(不匹配的覆蓋Test expression is always true

22、(測試表達(dá)式始終是正確的Redundant check causing dead code(導(dǎo)致死代碼的多余的檢查Incorrect check for method indexOf(針對方法indexOf不正確的檢查Double-checked locking(已雙重檢查過的鎖定Inconsistent synchronization(不一致的同步Explicit call to a Thread.run method(直接調(diào)用一個Thread.run方法Wait called on incorrect object(Wait被調(diào)用在不正確的對象中Unused non-private met

23、hod(未使用的非私有的方法Uncaught exception(未被捕捉到的異常Variable was never read after being assigned(變量在被分配后從未被讀取Variable was never read after null being assigned(變量在空值被分配后從未被讀取Method name should start with non-capital letter(方法名稱應(yīng)該以非大寫字母開始Method name is same as constructor name but is not a constructor (方法名稱與結(jié)構(gòu)名稱

24、相同,但不是一個結(jié)構(gòu)體Suspicious method name(可疑的方法名稱Null pointer dereference of a return value (statistical(一個返回值(靜態(tài)的的空指針解引用Assignment of expression to itself(表達(dá)式分配給自身Suspicious equals( called with same expression on both sides (在兩邊使用相同的表達(dá)式來調(diào)用可疑的equals( Suspicious equals( called with expression and null (never

25、 true(用表達(dá)式和空值(從未正確來調(diào)用可疑的equals(Redundant final modifier(多余的final修飾語Usage of variable instead of null constant(使用變量,而不是空的常量Suspicious operation with same expression on both sides(在同樣表達(dá)式的兩邊使用可疑的操作符The value returned by a method called on immutable object is ignored (一個被調(diào)用在不變對象上的方法的返回值被忽略Newly created

26、object is ignored(新創(chuàng)建的對象被忽略Possible leak of system resource stored in a field(儲存在一個字段的系統(tǒng)資源發(fā)生可能的泄露Comparison of this and null but this cannot be null(this和null的比較,但是this不能為nullThe returned value is ignored(已返回的值被忽略Type cast is redundant(拋出的類型是多余的Using append for string in a loop(在一個循環(huán)體中針對字符串使用附加Direc

27、t use of Classloader(類別載入器的直接使用Class implements clone method but does not implement Cloneable(類實(shí)施clone方法,但是不實(shí)施Clonable方法Static field may be changed by malicious code(靜態(tài)字段被惡意的代碼給修改Method finalize( should have protected access modifier, not public (方法finalize(應(yīng)該有受保護(hù)的進(jìn)入修飾語,而不是公共的修飾語Instance field shoul

28、d be made final(實(shí)例字段應(yīng)該被制成finalStatic mutable field can be accessed by malicious code(靜態(tài)可變的字段可能被惡意的代碼入侵Internal representation may be exposed(內(nèi)部表示可能被暴露Method stores reference to mutable object(方法儲存引用可變的對象Use of insecure Random number generator(使用不安全的隨機(jī)數(shù)字生成器Interface extends Serializable(界面擴(kuò)展為Serializ

29、ableClass implements Serializable(類實(shí)施SerializableMethod readObject( should be defined for a serializable class(方法readObject(應(yīng)該被定義為一個序列化的類Method writeObject( should be defined for a serializable class(方法writeObject(應(yīng)該被定義為一個序列化的類Methods readObject( and writeObject( in serializable classes should have

30、correct signature (在序列類中方法readObject(和writeObject(應(yīng)該有正確的特征Unsynchronized access to static variable from servlet(未同步地進(jìn)入控制器中的靜態(tài)變量Bad practices: use of socket(錯誤的實(shí)踐:使用socketStruts Forms: inconsistent reset(源代碼形式:不一致的重置Struts Forms: inconsistent validate(源代碼形式:不一致的驗(yàn)證Struts Forms: non-private fields(源代碼形

31、式:非私有的字段Struts Forms: reset method(源代碼形式:重置的方法Struts Forms: static fields(源代碼形式:靜態(tài)的字段Struts Forms: validate method(源代碼形式:驗(yàn)證方法The System.exit( and Runtime.exit( method calls should not be used in servlets code (System.exit(和Runtime.exit(方法的調(diào)用不應(yīng)該被使用在控制器模式Application should avoid calling DriverManager.

32、getConnection( directly(應(yīng)用程序應(yīng)該避免直接調(diào)用DriverManager.getConnection(Bad practices: use of thread management(錯誤的實(shí)踐:使用線程管理Leftover debug code - main method(殘余的調(diào)試模式-主要的方法Direct use methods of Policy(直接使用Policy的方法Synchronized method calls another synchronized method with the same lock held (已同步的方法用同樣已持有的鎖來調(diào)用另一個已同步的方法 Synchronized static method calls another synchronized static method with the same lock held (已同步的靜態(tài)方法用同樣已持有的鎖來調(diào)用另一個已同步的靜態(tài)的方法 Unnecessary creation of new Boolean object from a boolean expression(從一個布爾表達(dá)式中不必要地創(chuàng)建新的布爾表達(dá)式U