Review

Detector:	DMMC
Target:	project ' httpclient ' version 444
Misuse:	misuse ' 2 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	When AuthState.isPreemptive(), both invalidate() and setAuthRequested(true) should be called. The latter was missing.
Fix Description:	(see diff)
Violation Types:	missing/call
In File:	org/apache/commons/httpclient/HttpMethodDirector.java
In Method:	processWWWAuthChallenge(HttpMethod)
Code with Misuse:	class HttpMethodDirector { private boolean processWWWAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); } Map challenges = AuthChallengeParser.parseChallenges( method.getResponseHeaders(WWW_AUTH_CHALLENGE)); if (challenges.isEmpty()) { LOG.debug("Authentication challenge(s) not found"); return false; } AuthScheme authscheme = null; try { authscheme = this.authProcessor.processChallenge(authstate, challenges); } catch (AuthChallengeException e) { if (LOG.isWarnEnabled()) { LOG.warn(e.getMessage()); } } if (authscheme == null) { return false; } String host = method.getParams().getVirtualHost(); if (host == null) { host = conn.getHost(); } int port = conn.getPort(); AuthScope authscope = new AuthScope( host, port, authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Authentication scope: " + authscope); } if (authstate.isAuthAttempted() && authscheme.isComplete()) { // Already tried and failed Credentials credentials = promptForCredentials( authscheme, method.getParams(), authscope); if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("Failure authenticating with " + authscope); } return false; } else { return true; } } else { authstate.setAuthAttempted(true); Credentials credentials = this.state.getCredentials(authscope); if (credentials == null) { credentials = promptForCredentials( authscheme, method.getParams(), authscope); } if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("No credentials available for " + authscope); } return false; } else { return true; } } } }
Code with Pattern(s):	`class SetHostAuthRequested { void pattern(HttpMethod method) throws AuthenticationException { AuthState authstate = method.getHostAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); authstate.setAuthRequested(true); } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Firstcallline	Missingcalls	Presentcalls	Strangeness	Type
No	84	unknown	()	append()	0.404	java.lang.StringBuilder
No	85	unknown	()	append()	0.404	java.lang.StringBuilder
No	93	unknown	getPort();getHost()	()	0.333	org.apache.commons.httpclient.auth.AuthScope
No	83	unknown	()	append()	0.404	java.lang.StringBuilder
No	51	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	52	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	53	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	50	unknown	authenticate();isConnectionBased()	getSchemeName();isComplete();getRealm()	0.5	org.apache.commons.httpclient.auth.AuthScheme
No	21	unknown	isAuthenticationNeeded();authenticateProxy();processProxyAuthChallenge();executeWithRetry();authenticate();processAuthenticationResponse();processRedirectResponse();isRedirectNeeded();fakeResponse();authenticateHost();executeConnect();processWWWAuthChallenge();applyConnectionParams()	promptForCredentials()	0.833	org.apache.commons.httpclient.HttpMethodDirector
No	25	unknown	addRequestHeader();setURI();getProxyAuthState();getResponseHeader();getDoAuthentication();getStatusCode();getResponseBodyAsStream();getPath()	getParams();getHostAuthState();getResponseHeaders()	0.75	org.apache.commons.httpclient.HttpMethod

Reviewer Name:	sarah
Comment: