The following document contains the results of SpotBugs

SpotBugs Version is 3.1.11

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
24 17 0 3

io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo

Bug Category Details Line Priority
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 115 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 127 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 166 Medium
java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 199 Medium
java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 205 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 168 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions(ResourceCollection, File, File, String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 210 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.DefinitionPackageMojo.copyDefinitions(ResourceCollection, File, File, String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 201 Medium

io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo

Bug Category Details Line Priority
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 58 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo.execute() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 65 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.devops.conga.tooling.maven.plugin.GenerateVersionInfoMojo.execute() BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 60 Medium

io.wcm.devops.conga.tooling.maven.plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 76 Medium

io.wcm.devops.conga.tooling.maven.plugin.PackageMojo

Bug Category Details Line Priority
Possible null pointer dereference in io.wcm.devops.conga.tooling.maven.plugin.PackageMojo.addZipDirectory(String, File) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 172 Medium
java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 146 Medium

io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil

Bug Category Details Line Priority
io.wcm.devops.conga.tooling.maven.plugin.util.ClassLoaderUtil.buildClassLoader(List) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block MALICIOUS_CODE DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED 56 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 69 Medium
java/io/File.<init>(Ljava/lang/String;)V reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 72 Medium

Back to top

Version: 1.11.3-SNAPSHOT. Last Published: 2019-09-18.