wcm.io DevOpsSpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.3
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 64 | 152 | 0 | 1 |
Files
org.apache.maven.plugin.eclipse.BuildCommand
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.maven.plugin.eclipse.BuildCommand at new org.apache.maven.plugin.eclipse.BuildCommand(String, String, Map) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 88 | Medium |
| Exception thrown in class org.apache.maven.plugin.eclipse.BuildCommand at new org.apache.maven.plugin.eclipse.BuildCommand(Xpp3Dom) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 118 | Medium |
org.apache.maven.plugin.eclipse.ConfigureWorkspaceMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 59 | Medium |
org.apache.maven.plugin.eclipse.EclipseCleanMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 104 | Medium |
org.apache.maven.plugin.eclipse.EclipsePlugin
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Test for floating point equality in org.apache.maven.plugin.eclipse.EclipsePlugin.fillDefaultBuilders(String) | STYLE | FE_FLOATING_POINT_EQUALITY | 1651 | Medium |
| Test for floating point equality in org.apache.maven.plugin.eclipse.EclipsePlugin.writeConfiguration(IdeDependency[]) | STYLE | FE_FLOATING_POINT_EQUALITY | 1204 | Medium |
| org.apache.maven.plugin.eclipse.EclipsePlugin.WTP_SUPPORTED_VERSIONS should be package protected | MALICIOUS_CODE | MS_PKGPROTECT | 158 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1696 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1703 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1886 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1904 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1791 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1806 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1809 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1816 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1759 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1000 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1135 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1256 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1356 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 1381 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.EclipsePlugin.extractResourceDirs(Set, List, File, File, boolean, String) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 1812 | Medium |
| Exceptional return value of java.io.File.delete() ignored in org.apache.maven.plugin.eclipse.EclipsePlugin.writeAdditionalConfig() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 1382 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.EclipsePlugin.writeAdditionalConfig() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 1266 | Medium |
org.apache.maven.plugin.eclipse.EclipseToMavenMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in org.apache.maven.plugin.eclipse.EclipseToMavenMojo.execute() due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 274 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 243 | Medium |
| The regular expression "(([0-9]+\\.)+[0-9]+)" is vulnerable to a denial of service attack (ReDOS) | SECURITY | REDOS | 116 | Medium |
| Exceptional return value of java.io.File.delete() ignored in org.apache.maven.plugin.eclipse.EclipseToMavenMojo.writeArtifact(Model, Map, ArtifactRepository) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 702 | Medium |
| org.apache.maven.plugin.eclipse.EclipseToMavenMojo.execute() makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 311 | Medium |
org.apache.maven.plugin.eclipse.HelpMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 76 | Medium |
org.apache.maven.plugin.eclipse.InstallPluginsMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.eclipse.InstallPluginsMojo.install(Artifact, MavenProject) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 265 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 172 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 283 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 284 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.InstallPluginsMojo.execute() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 181 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.InstallPluginsMojo.performFileOperations(boolean, Artifact, File, File) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 377 | Medium |
org.apache.maven.plugin.eclipse.LinkedResource
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.apache.maven.plugin.eclipse.LinkedResource at new org.apache.maven.plugin.eclipse.LinkedResource(Xpp3Dom) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 105 | Medium |
org.apache.maven.plugin.eclipse.RadCleanMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 181 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 120 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 130 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.RadCleanMojo.handleWarLibs() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 131 | Medium |
org.apache.maven.plugin.eclipse.RadPlugin
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 184 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 197 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 214 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.RadPlugin.addManifestResource(EclipseWriterConfig) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 184 | Medium |
org.apache.maven.plugin.eclipse.RemoveCacheMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 95 | Medium |
org.apache.maven.plugin.eclipse.WorkspaceDependencyResolveMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.WorkspaceDependencyResolveMojo.execute(): new java.io.FileReader(File) | I18N | DM_DEFAULT_ENCODING | 130 | High |
org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readArtefact(File, Log): new java.io.FileReader(File) | I18N | DM_DEFAULT_ENCODING | 373 | High |
| Possible null pointer dereference in org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readProjectLocations(File, Log) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 567 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readAvailableJREs(File, Log) may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 489 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readDefinedServers(WorkspaceConfiguration, Log) may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 416 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readAvailableJREs(File, Log) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 489 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readAvailableJREs(File, Log) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 521 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.readDefinedServers(WorkspaceConfiguration, Log) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 416 | Medium |
| This API (java/io/File.<init>(Ljava/net/URI;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 308 | High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 183 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 190 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 317 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 514 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 515 | Medium |
| org.apache.maven.plugin.eclipse.reader.ReadWorkspaceLocations.detectWTPDefaultServer(WorkspaceConfiguration, String, Log) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 132 | Medium |
org.apache.maven.plugin.eclipse.writers.AbstractEclipseManifestWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.eclipse.writers.AbstractEclipseManifestWriter.write() may fail to clean up java.io.OutputStream on checked exception | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE | 291 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 278 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.AbstractEclipseManifestWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 287 | Medium |
org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter.write() may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 122 | Medium |
| org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter.write() may fail to clean up java.io.OutputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 134 | Medium |
| org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter.write() may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 122 | Medium |
| org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter.write() may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 134 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 185 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 188 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 191 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.EclipseAjdtWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 107 | Medium |
org.apache.maven.plugin.eclipse.writers.EclipseClasspathWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 489 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 492 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 495 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 580 | Medium |
org.apache.maven.plugin.eclipse.writers.EclipseLaunchConfigurationWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 81 | Medium |
| org.apache.maven.plugin.eclipse.writers.EclipseLaunchConfigurationWriter.write() concatenates strings using + in a loop | PERFORMANCE | SBSC_USE_STRINGBUFFER_CONCATENATION | 131 | Medium |
org.apache.maven.plugin.eclipse.writers.EclipseManifestWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 154 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 155 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 181 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 110 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 65 | Medium |
| Exceptional return value of java.io.File.createNewFile() ignored in org.apache.maven.plugin.eclipse.writers.EclipseManifestWriter.addManifestResource(Log, EclipseWriterConfig) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 160 | Medium |
| Exceptional return value of java.io.File.delete() ignored in org.apache.maven.plugin.eclipse.writers.EclipseManifestWriter.addManifestResource(Log, EclipseWriterConfig) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 158 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.EclipseManifestWriter.addManifestResource(Log, EclipseWriterConfig) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 154 | Medium |
org.apache.maven.plugin.eclipse.writers.EclipseProjectWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 331 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 313 | Medium |
org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseHibernateWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseHibernateWriter.write(): new java.io.FileWriter(File) | I18N | DM_DEFAULT_ENCODING | 114 | High |
org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseMetadataWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseMetadataWriter.write(): new java.io.FileWriter(File) | I18N | DM_DEFAULT_ENCODING | 93 | High |
org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseSpringBeansWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseSpringBeansWriter.write(): new java.io.FileWriter(File) | I18N | DM_DEFAULT_ENCODING | 90 | High |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 115 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 119 | Medium |
org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseStrutsDataWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseStrutsDataWriter.write(): new java.io.FileWriter(File) | I18N | DM_DEFAULT_ENCODING | 95 | High |
| Write to static field org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseStrutsDataWriter.strutsPatterns from instance method new org.apache.maven.plugin.eclipse.writers.myeclipse.MyEclipseStrutsDataWriter(Map) | STYLE | ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD | 75 | High |
org.apache.maven.plugin.eclipse.writers.rad.RadApplicationXMLWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 506 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 136 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 145 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.rad.RadApplicationXMLWriter.writePrettyXmlFile(File, Xpp3Dom) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 529 | Medium |
org.apache.maven.plugin.eclipse.writers.rad.RadEjbClasspathWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 265 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.rad.RadEjbClasspathWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 94 | Medium |
org.apache.maven.plugin.eclipse.writers.rad.RadLibCopier
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 82 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 91 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 144 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 154 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.rad.RadLibCopier.handleWarLibs(IdeDependency[]) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 155 | Medium |
org.apache.maven.plugin.eclipse.writers.rad.RadManifestWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 63 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 75 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 89 | Medium |
org.apache.maven.plugin.eclipse.writers.rad.RadWebSettingsWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 139 | Medium |
org.apache.maven.plugin.eclipse.writers.workspace.EclipseCodeFormatterProfile
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.workspace.EclipseCodeFormatterProfile.convertFormatterToString(URL): java.io.ByteArrayOutputStream.toString() | I18N | DM_DEFAULT_ENCODING | 121 | High |
| Found reliance on default encoding in org.apache.maven.plugin.eclipse.writers.workspace.EclipseCodeFormatterProfile.loadDefaultProfileName(URL): new java.io.InputStreamReader(InputStream) | I18N | DM_DEFAULT_ENCODING | 75 | High |
| This web server request could be used by an attacker to expose internal services and filesystem. | SECURITY | URLCONNECTION_SSRF_FD | 108 | Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. | SECURITY | URLCONNECTION_SSRF_FD | 75 | Medium |
org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter.write() may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 148 | Medium |
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter.write() may fail to clean up java.io.OutputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 160 | Medium |
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter.write() may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 148 | Medium |
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter.write() may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 160 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 85 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 95 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 106 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 117 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.workspace.EclipseSettingsWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 133 | Medium |
org.apache.maven.plugin.eclipse.writers.workspace.EclipseWorkspaceWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseWorkspaceWriter.loadProperties(File) may fail to clean up java.io.InputStream | EXPERIMENTAL | OBL_UNSATISFIED_OBLIGATION | 144 | Medium |
| org.apache.maven.plugin.eclipse.writers.workspace.EclipseWorkspaceWriter.loadProperties(File) may fail to close stream | BAD_PRACTICE | OS_OPEN_STREAM | 144 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.workspace.EclipseWorkspaceWriter.init(Log, WorkspaceConfiguration) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 85 | Medium |
org.apache.maven.plugin.eclipse.writers.wtp.AbstractWtpResourceWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 232 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 241 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 244 | Medium |
org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpApplicationXMLWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Possible null pointer dereference in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpApplicationXMLWriter.copyDirectoryStructure(File, File) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 225 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 190 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 193 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 231 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 132 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 152 | Medium |
| Exceptional return value of java.io.File.delete() ignored in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpApplicationXMLWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 141 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpApplicationXMLWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 136 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpApplicationXMLWriter.writePrettyXmlFile(File, Xpp3Dom) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 625 | Medium |
org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpComponentWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 146 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 165 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 195 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpComponentWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 90 | Medium |
org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpFacetsWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpFacetsWriter.write() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 92 | Medium |
org.apache.maven.plugin.eclipse.writers.wtp.EclipseWtpmodulesWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 96 | Medium |
org.apache.maven.plugin.ide.AbstractIdeSupportMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 745 | Medium |
| Exceptional return value of java.io.File.createNewFile() ignored in org.apache.maven.plugin.ide.AbstractIdeSupportMojo.resolveDependenciesWithClassifier(IdeDependency[], String, boolean) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 965 | Medium |
org.apache.maven.plugin.ide.IdeDependency
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.apache.maven.plugin.ide.IdeDependency.equals(Object) is unusual | STYLE | EQ_UNUSUAL | 590 | Medium |
| org.apache.maven.plugin.ide.IdeDependency.equals(Object) does not check for null argument | BAD_PRACTICE | NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT | 590 | Medium |
org.apache.maven.plugin.ide.IdeUtils
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 460 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 585 | Medium |
| Return value of java.util.Properties.getProperty(String) ignored, but method has no side effect | STYLE | RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT | 194 | High |