| # | Category | Warning | Package/Class | Method |
| 1 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.authenticator.SingleSignOn |
| 2 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.Connector |
| 3 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.catalina.connector.Request | setCharacterEncoding |
| 4 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.Request |
| 5 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.Request |
| 6 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.Request |
| 7 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.RequestFacade |
| 8 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.Response |
| 9 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.connector.ResponseFacade |
| 10 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.catalina.core.ApplicationFilterConfig | setFilterDef |
| 11 | BAD_PRACTICE | SE_NO_SERIALVERSIONID | org.apache.catalina.core.ApplicationFilterConfig |
| 12 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.core.ContainerBase |
| 13 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.core.NamingContextListener |
| 14 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addApplicationListener |
| 15 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addApplicationParameter |
| 16 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addConstraint |
| 17 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addFilterMap |
| 18 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addInstanceListener |
| 19 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addSecurityRole |
| 20 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addWatchedResource |
| 21 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addWelcomeFile |
| 22 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addWrapperLifecycle |
| 23 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | addWrapperListener |
| 24 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeApplicationListener |
| 25 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeApplicationParameter |
| 26 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeConstraint |
| 27 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeFilterMap |
| 28 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeInstanceListener |
| 29 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeSecurityRole |
| 30 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeWatchedResource |
| 31 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeWelcomeFile |
| 32 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeWrapperLifecycle |
| 33 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardContext | removeWrapperListener |
| 34 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.core.StandardContext |
| 35 | BAD_PRACTICE | SE_BAD_FIELD | org.apache.catalina.core.StandardContext |
| 36 | BAD_PRACTICE | SE_BAD_FIELD | org.apache.catalina.core.StandardContext |
| 37 | BAD_PRACTICE | SE_NO_SERIALVERSIONID | org.apache.catalina.core.StandardContext |
| 38 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.core.StandardHost | removeAlias |
| 39 | CORRECTNESS | EC_UNRELATED_TYPES | org.apache.catalina.core.StandardHostValve | findErrorPage |
| 40 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.core.StandardPipeline |
| 41 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.loader.WebappClassLoader |
| 42 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.loader.WebappClassLoader |
| 43 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.DefaultContextMBean |
| 44 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.GroupMBean |
| 45 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.MemoryUserDatabaseMBean |
| 46 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.NamingResourcesMBean |
| 47 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.RoleMBean |
| 48 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.StandardContextMBean |
| 49 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.mbeans.UserMBean |
| 50 | CORRECTNESS | DMI_INVOKING_TOSTRING_ON_ARRAY | org.apache.catalina.realm.RealmBase | authenticate |
| 51 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.realm.RealmBase |
| 52 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.catalina.servlets.CGIServlet | init |
| 53 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.servlets.DefaultServlet |
| 54 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.servlets.DefaultServlet |
| 55 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.JDBCStore |
| 56 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.JDBCStore |
| 57 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.catalina.session.ManagerBase | getRandomBytes |
| 58 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.ManagerBase |
| 59 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.ManagerBase |
| 60 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.PersistentManager |
| 61 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.catalina.session.PersistentManagerBase |
| 62 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.StandardManager |
| 63 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.StandardSession |
| 64 | CORRECTNESS | SE_METHOD_MUST_BE_PRIVATE | org.apache.catalina.session.StandardSession | readObject |
| 65 | CORRECTNESS | SE_METHOD_MUST_BE_PRIVATE | org.apache.catalina.session.StandardSession | writeObject |
| 66 | BAD_PRACTICE | SE_NO_SERIALVERSIONID | org.apache.catalina.session.StandardSession |
| 67 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.StoreBase |
| 68 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.session.StoreBase |
| 69 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.catalina.ssi.SSIFlastmod | process |
| 70 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.ssi.SSIMediator |
| 71 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.ContextConfig |
| 72 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.ContextConfig |
| 73 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.DigesterFactory |
| 74 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.Embedded |
| 75 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.HostConfig |
| 76 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.startup.HostConfig |
| 77 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.catalina.startup.TldConfig | setTldNamespaceAware |
| 78 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.catalina.startup.TldConfig | setTldValidation |
| 79 | MT_CORRECTNESS | STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | org.apache.catalina.util.CookieTools | getCookieHeaderValue |
| 80 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.util.InstanceSupport | addInstanceListener |
| 81 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.util.InstanceSupport | removeInstanceListener |
| 82 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.util.LifecycleSupport | addLifecycleListener |
| 83 | MT_CORRECTNESS | ML_SYNC_ON_FIELD_TO_GUARD_CHANGING_THAT_FIELD | org.apache.catalina.util.LifecycleSupport | removeLifecycleListener |
| 84 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.util.Strftime |
| 85 | BAD_PRACTICE | HE_EQUALS_USE_HASHCODE | org.apache.catalina.util.URL | equals |
| 86 | CORRECTNESS | NP_ALWAYS_NULL | org.apache.catalina.valves.AccessLogValve | replace |
| 87 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.valves.ErrorReportValve |
| 88 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.valves.RequestFilterValve |
| 89 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.catalina.valves.ValveBase |
| 90 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.coyote.http11.Http11Processor |
| 91 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.coyote.http11.Http11Protocol |
| 92 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.coyote.http11.Http11Protocol |
| 93 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.coyote.http11.InternalInputBuffer |
| 94 | MALICIOUS_CODE | MS_MUTABLE_ARRAY | org.apache.jasper.Constants |
| 95 | MALICIOUS_CODE | MS_MUTABLE_ARRAY | org.apache.jasper.Constants |
| 96 | MALICIOUS_CODE | MS_MUTABLE_ARRAY | org.apache.jasper.Constants |
| 97 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.jasper.compiler.Parser | parseAttributeDirective |
| 98 | STYLE | DLS_DEAD_LOCAL_STORE | org.apache.jasper.compiler.Parser | parseVariableDirective |
| 99 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.compiler.ServletWriter |
| 100 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.compiler.ServletWriter |
| 101 | CORRECTNESS | IL_INFINITE_RECURSIVE_LOOP | org.apache.jasper.runtime.JspContextWrapper | include |
| 102 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.runtime.TagHandlerPool |
| 103 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.runtime.TagHandlerPool |
| 104 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.util.SystemLogHandler |
| 105 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jasper.util.SystemLogHandler |
| 106 | CORRECTNESS | INT_BAD_COMPARISON_WITH_SIGNED_BYTE | org.apache.jasper.xmlparser.ASCIIReader | read |
| 107 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.jk.apr.AprImpl | |
| 108 | CORRECTNESS | DMI_INVOKING_TOSTRING_ON_ARRAY | org.apache.jk.common.ChannelSocket | read |
| 109 | CORRECTNESS | DMI_INVOKING_TOSTRING_ON_ARRAY | org.apache.jk.common.JkInputStream | receive |
| 110 | CORRECTNESS | MF_CLASS_MASKS_FIELD | org.apache.jk.common.JkMX |
| 111 | CORRECTNESS | DMI_INVOKING_TOSTRING_ON_ARRAY | org.apache.jk.common.MsgAjp | dump |
| 112 | CORRECTNESS | UWF_NULL_FIELD | org.apache.jk.config.ApacheConfig |
| 113 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.jk.server.JkCoyoteHandler |
| 114 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.jk.server.JkMain | |
| 115 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.naming.ContextBindings |
| 116 | BAD_PRACTICE | DE_MIGHT_IGNORE | org.apache.naming.factory.SendMailFactory$1 | run |
| 117 | BAD_PRACTICE | CN_IDIOM_NO_SUPER_CALL | org.apache.naming.resources.ResourceAttributes | clone |
| 118 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.IntrospectionUtils |
| 119 | CORRECTNESS | EQ_SELF_USE_OBJECT | org.apache.tomcat.util.buf.MessageBytes | equals |
| 120 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.buf.StringCache |
| 121 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.buf.StringCache |
| 122 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | reset |
| 123 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | reset |
| 124 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | setByteEnabled |
| 125 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | setCacheSize |
| 126 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | setCharEnabled |
| 127 | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | org.apache.tomcat.util.buf.StringCache | setTrainThreshold |
| 128 | BAD_PRACTICE | ES_COMPARING_STRINGS_WITH_EQ | org.apache.tomcat.util.digester.Digester | updateBodyText |
| 129 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.GenericParser |
| 130 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.GenericParser |
| 131 | CORRECTNESS | NP_NULL_PARAM_DEREF | org.apache.tomcat.util.digester.SetNextRule | end |
| 132 | CORRECTNESS | NP_NULL_PARAM_DEREF | org.apache.tomcat.util.digester.SetRootRule | end |
| 133 | CORRECTNESS | NP_NULL_PARAM_DEREF | org.apache.tomcat.util.digester.SetTopRule | end |
| 134 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.XercesParser |
| 135 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.XercesParser |
| 136 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.XercesParser |
| 137 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.digester.XercesParser |
| 138 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.http.HttpMessages |
| 139 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.http.MimeMap |
| 140 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.log.SystemLogHandler |
| 141 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.log.SystemLogHandler |
| 142 | MALICIOUS_CODE | MS_MUTABLE_ARRAY | org.apache.tomcat.util.net.SSLSupport |
| 143 | BAD_PRACTICE | HE_EQUALS_USE_HASHCODE | org.apache.tomcat.util.net.URL | equals |
| 144 | MALICIOUS_CODE | MS_SHOULD_BE_FINAL | org.apache.tomcat.util.threads.ThreadWithAttributes |