wcm.io DevOps

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
24 10 0 0

Files

Class Bugs
io.wcm.devops.conga.conga_maven_plugin.HelpMojo 1
io.wcm.devops.conga.tooling.maven.plugin.AbstractCongaMojo 5
io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo 1
io.wcm.devops.conga.tooling.maven.plugin.PackageMojo 1
io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil 2

io.wcm.devops.conga.conga_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

io.wcm.devops.conga.tooling.maven.plugin.AbstractCongaMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 296 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 308 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 350 Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 384 Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 390 Medium

io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 61 Medium

io.wcm.devops.conga.tooling.maven.plugin.PackageMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 153 Medium

io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 68 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 71 Medium

Back to top

Copyright ©2015-2026 wcm.io DevOps. All Rights Reserved.

Version: 1.19.1-SNAPSHOT. Last Published: 2026-05-19.