The following document contains the results of SpotBugs

SpotBugs Version is 3.1.12

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
24 16 0 3

Files

Class Bugs
io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo 8
io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo 3
io.wcm.devops.conga.tooling.maven.plugin.HelpMojo 1
io.wcm.devops.conga.tooling.maven.plugin.PackageMojo 1
io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil 3

io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo

Bug Category Details Line Priority
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 115 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 127 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 165 Medium
java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 198 Medium
java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 204 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 167 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions(ResourceCollection, File, File, String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 209 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions(ResourceCollection, File, File, String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 200 Medium

io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo

Bug Category Details Line Priority
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 58 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo.execute() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 65 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo.execute() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 60 Medium

io.wcm.devops.conga.tooling.maven.plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 76 Medium

io.wcm.devops.conga.tooling.maven.plugin.PackageMojo

Bug Category Details Line Priority
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 142 Medium

io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil

Bug Category Details Line Priority
io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil.buildClassLoader(List) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block MALICIOUS_CODE DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED 56 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 69 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 72 Medium

Back to top

Version: 1.12.1-SNAPSHOT. Last Published: 2020-02-12.