execute custom action #505
SpotBugs report
Discovered issues
Annotations
Check warning on line 38 in com/yubico/yubikit/android/app/databinding/ActivityMainBinding.java
github-actions / SpotBugs
May expose internal representation by returning reference to mutable object
com.yubico.yubikit.android.app.databinding.ActivityMainBinding.getRoot() may expose internal representation by returning ActivityMainBinding.rootView
Check warning on line 33 in com/yubico/yubikit/android/app/databinding/AppBarMainBinding.java
github-actions / SpotBugs
May expose internal representation by returning reference to mutable object
com.yubico.yubikit.android.app.databinding.AppBarMainBinding.getRoot() may expose internal representation by returning AppBarMainBinding.rootView
Check warning on line 44 in com/yubico/yubikit/android/app/databinding/FragmentWebBinding.java
github-actions / SpotBugs
May expose internal representation by returning reference to mutable object
com.yubico.yubikit.android.app.databinding.FragmentWebBinding.getRoot() may expose internal representation by returning FragmentWebBinding.rootView
Check warning on line 65 in com/yubico/yubikit/android/transport/nfc/NfcYubiKeyManager.java
github-actions / SpotBugs
Be wary of letting constructors throw exceptions.
Exception thrown in class com.yubico.yubikit.android.transport.nfc.NfcYubiKeyManager at new com.yubico.yubikit.android.transport.nfc.NfcYubiKeyManager(Context, NfcDispatcher) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
Check warning on line 80 in com/yubico/yubikit/android/transport/usb/UsbYubiKeyDevice.java
github-actions / SpotBugs
Be wary of letting constructors throw exceptions.
Exception thrown in class com.yubico.yubikit.android.transport.usb.UsbYubiKeyDevice at new com.yubico.yubikit.android.transport.usb.UsbYubiKeyDevice(UsbManager, UsbDevice) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
github-actions / SpotBugs
Be wary of letting constructors throw exceptions.
Exception thrown in class com.yubico.yubikit.android.transport.usb.connection.UsbSmartCardConnection at new com.yubico.yubikit.android.transport.usb.connection.UsbSmartCardConnection(UsbDeviceConnection, UsbInterface, UsbEndpoint, UsbEndpoint) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
Check warning on line 47 in com/yubico/yubikit/android/ui/OtpActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field keyListener is not initialized by new com.yubico.yubikit.android.ui.OtpActivity()
Check warning on line 134 in com/yubico/yubikit/android/ui/YubiKeyPromptActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field action is not initialized by new com.yubico.yubikit.android.ui.YubiKeyPromptActivity()
Check warning on line 134 in com/yubico/yubikit/android/ui/YubiKeyPromptActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field cancelButton is not initialized by new com.yubico.yubikit.android.ui.YubiKeyPromptActivity()
Check warning on line 134 in com/yubico/yubikit/android/ui/YubiKeyPromptActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field enableNfcButton is not initialized by new com.yubico.yubikit.android.ui.YubiKeyPromptActivity()
Check warning on line 134 in com/yubico/yubikit/android/ui/YubiKeyPromptActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field helpTextView is not initialized by new com.yubico.yubikit.android.ui.YubiKeyPromptActivity()
Check warning on line 134 in com/yubico/yubikit/android/ui/YubiKeyPromptActivity.java
github-actions / SpotBugs
Non-null field is not initialized
Non-null field yubiKit is not initialized by new com.yubico.yubikit.android.ui.YubiKeyPromptActivity()
Check warning on line 66 in com/yubico/yubikit/core/application/CommandState.java
github-actions / SpotBugs
Wait not in loop
Wait not in loop in com.yubico.yubikit.core.application.CommandState.waitForCancel(long)
Check warning on line 80 in com/yubico/yubikit/core/fido/FidoProtocol.java
github-actions / SpotBugs
Be wary of letting constructors throw exceptions.
Exception thrown in class com.yubico.yubikit.core.fido.FidoProtocol at new com.yubico.yubikit.core.fido.FidoProtocol(FidoConnection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
Check warning on line 144 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.trace(Ljava/lang/String;)V might be used to include CRLF characters into log messages
Check warning on line 144 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.debug(Ljava/lang/String;)V might be used to include CRLF characters into log messages
Check warning on line 144 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.info(Ljava/lang/String;)V might be used to include CRLF characters into log messages
Check warning on line 144 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.warn(Ljava/lang/String;)V might be used to include CRLF characters into log messages
Check warning on line 144 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.error(Ljava/lang/String;)V might be used to include CRLF characters into log messages
Check warning on line 168 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.trace(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages
Check warning on line 168 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.debug(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages
Check warning on line 168 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.info(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages
Check warning on line 168 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.warn(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages
Check warning on line 168 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.error(Ljava/lang/String;Ljava/lang/Object;)V might be used to include CRLF characters into log messages
Check warning on line 192 in com/yubico/yubikit/core/internal/Logger.java
github-actions / SpotBugs
Potential CRLF Injection for logs
This use of org/slf4j/Logger.trace(Ljava/lang/String;Ljava/lang/Object;Ljava/lang/Object;)V might be used to include CRLF characters into log messages