Review

Detector:	DMMC
Target:	project ' httpclient ' version 444
Misuse:	misuse ' 3 '
Tags:

Misuse Details

Details about the known misuse from the MUBench dataset.

Description:	When AuthState.isPreemptive(), both invalidate() and setAuthRequested(true) should be called. The latter was missing.
Fix Description:	(see diff)
Violation Types:	missing/call
In File:	org/apache/commons/httpclient/HttpMethodDirector.java
In Method:	processProxyAuthChallenge(HttpMethod)
Code with Misuse:	class HttpMethodDirector { private boolean processProxyAuthChallenge(final HttpMethod method) throws MalformedChallengeException, AuthenticationException { AuthState authstate = method.getProxyAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); } Map proxyChallenges = AuthChallengeParser.parseChallenges( method.getResponseHeaders(PROXY_AUTH_CHALLENGE)); if (proxyChallenges.isEmpty()) { LOG.debug("Proxy authentication challenge(s) not found"); return false; } AuthScheme authscheme = null; try { authscheme = this.authProcessor.processChallenge(authstate, proxyChallenges); } catch (AuthChallengeException e) { if (LOG.isWarnEnabled()) { LOG.warn(e.getMessage()); } } if (authscheme == null) { return false; } AuthScope authscope = new AuthScope( conn.getProxyHost(), conn.getProxyPort(), authscheme.getRealm(), authscheme.getSchemeName()); if (LOG.isDebugEnabled()) { LOG.debug("Proxy authentication scope: " + authscope); } if (authstate.isAuthAttempted() && authscheme.isComplete()) { // Already tried and failed Credentials credentials = promptForProxyCredentials( authscheme, method.getParams(), authscope); if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("Failure authenticating with " + authscope); } return false; } else { return true; } } else { authstate.setAuthAttempted(true); Credentials credentials = this.state.getProxyCredentials(authscope); if (credentials == null) { credentials = promptForProxyCredentials( authscheme, method.getParams(), authscope); } if (credentials == null) { if (LOG.isInfoEnabled()) { LOG.info("No credentials available for " + authscope); } return false; } else { return true; } } } }
Code with Pattern(s):	`class SetProxyAuthRequested { void pattern(HttpMethod method) throws AuthenticationException { AuthState authstate = method.getProxyAuthState(); if (authstate.isPreemptive()) { authstate.invalidate(); authstate.setAuthRequested(true); } } }`

Potential Hits

Findings of the detector that identify an anomaly in the same file and method as the known misuse.

Hit	Rank	Firstcallline	Missingcalls	Presentcalls	Strangeness	Type
No	85	unknown	()	append()	0.404	java.lang.StringBuilder
No	86	unknown	()	append()	0.404	java.lang.StringBuilder
No	87	unknown	()	append()	0.404	java.lang.StringBuilder
No	93	unknown	getPort();getHost()	()	0.333	org.apache.commons.httpclient.auth.AuthScope
No	54	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	55	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	56	unknown	();append()	toString()	0.5	java.lang.StringBuilder
No	53	unknown	authenticate();isConnectionBased()	getSchemeName();isComplete();getRealm()	0.5	org.apache.commons.httpclient.auth.AuthScheme
No	21	unknown	isAuthenticationNeeded();authenticateProxy();processProxyAuthChallenge();executeWithRetry();authenticate();processAuthenticationResponse();processRedirectResponse();isRedirectNeeded();fakeResponse();authenticateHost();executeConnect();processWWWAuthChallenge();applyConnectionParams()	promptForProxyCredentials()	0.833	org.apache.commons.httpclient.HttpMethodDirector
No	25	unknown	addRequestHeader();setURI();getHostAuthState();getResponseHeader();getDoAuthentication();getStatusCode();getResponseBodyAsStream();getPath()	getParams();getResponseHeaders();getProxyAuthState()	0.75	org.apache.commons.httpclient.HttpMethod

Reviewer Name:	hoan
Comment: