wcm.io DevOps

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
24 11 0 0

Files

Class Bugs
io.wcm.devops.conga.conga_maven_plugin.HelpMojo 1
io.wcm.devops.conga.tooling.maven.plugin.AbstractCongaMojo 5
io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo 1
io.wcm.devops.conga.tooling.maven.plugin.PackageMojo 1
io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil 3

io.wcm.devops.conga.conga_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

io.wcm.devops.conga.tooling.maven.plugin.AbstractCongaMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 259 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 271 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 311 Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 345 Medium
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 351 Medium

io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 61 Medium

io.wcm.devops.conga.tooling.maven.plugin.PackageMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 153 Medium

io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 70 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 73 Medium
Suppressing annotation DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED on the method io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil.buildClassLoader(List) is unnecessary STYLE US_USELESS_SUPPRESSION_ON_METHOD 57 Medium

Back to top

Copyright ©2015-2025 wcm.io DevOps. All Rights Reserved.

Version: 1.18.1-SNAPSHOT. Last Published: 2025-10-14.