Review

Detector:	DMMC
Target:	project ' httpclient ' version 444
Misuse:	misuse ' 2 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	When AuthState.isPreemptive(), both invalidate() and setAuthRequested(true) should be called. The latter was missing.
Fix Description:	(see diff)
Violation Types:	missing/call
In File:	org/apache/commons/httpclient/HttpMethodDirector.java
In Method:	processWWWAuthChallenge(HttpMethod)
Code with Misuse:	class HttpMethodDirector { private boolean processWWWAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); } Map challenges = AuthChallengeParser.parseChallenges( method.getResponseHeaders(WWW_AUTH_CHALLENGE)); if (challenges.isEmpty()) { LOG.debug("Authentication challenge(s) not found"); return false; } AuthScheme authscheme = null; try { authscheme = this.authProcessor.processChallenge(authstate, challenges); } catch (AuthChallengeException e) { if (LOG.isWarnEnabled()) { LOG.warn(e.getMessage()); } } if (authscheme == null) { return false; } String host = method.getParams().getVirtualHost(); if (host == null) { host = conn.getHost(); } int port = conn.getPort(); AuthScope authscope = new AuthScope( host, port, authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authentication scope: " + authscope); } if (authstate.isAuthAttempted() && authscheme.isComplete()) { // Already tried and failed Credentials credentials = promptForCredentials( authscheme, method.getParams(), authscope); if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("Failure authenticating with " + authscope); } return false; } else { return true; } } else { authstate.setAuthAttempted(true); Credentials credentials = this.state.getCredentials(authscope); if (credentials == null) { credentials = promptForCredentials( authscheme, method.getParams(), authscope); } if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("No credentials available for " + authscope); } return false; } else { return true; } } } }
Code with Pattern(s):	`class SetHostAuthRequested { void pattern(HttpMethod method) throws AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); authstate.setAuthRequested(true); } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Firstcallline	Missingcalls	Presentcalls	Strangeness	Type
?	84	unknown	()	append()	0.404	java.lang.StringBuilder
?	85	unknown	()	append()	0.404	java.lang.StringBuilder
?	93	unknown	getPort();getHost()	()	0.333	org.apache.commons.httpclient.auth.AuthScope
?	83	unknown	()	append()	0.404	java.lang.StringBuilder
?	51	unknown	();append()	toString()	0.5	java.lang.StringBuilder
?	52	unknown	();append()	toString()	0.5	java.lang.StringBuilder
?	53	unknown	();append()	toString()	0.5	java.lang.StringBuilder
?	50	unknown	authenticate();isConnectionBased()	getSchemeName();isComplete();getRealm()	0.5	org.apache.commons.httpclient.auth.AuthScheme
?	21	unknown	isAuthenticationNeeded();authenticateProxy();processProxyAuthChallenge();executeWithRetry();authenticate();processAuthenticationResponse();processRedirectResponse();isRedirectNeeded();fakeResponse();authenticateHost();executeConnect();processWWWAuthChallenge();applyConnectionParams()	promptForCredentials()	0.833	org.apache.commons.httpclient.HttpMethodDirector
?	25	unknown	addRequestHeader();setURI();getProxyAuthState();getResponseHeader();getDoAuthentication();getStatusCode();getResponseBodyAsStream();getPath()	getParams();getHostAuthState();getResponseHeaders()	0.75	org.apache.commons.httpclient.HttpMethod