The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
51	7	0	3

Files

Class	Bugs
io.wcm.tooling.commons.packmgr.download.PackageDownloader	2
io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall	1
io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall	1
io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller	2
io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker	1

io.wcm.tooling.commons.packmgr.download.PackageDownloader

Bug	Category	Details	Line	Priority
Concatenating user-controlled input into a URL	SECURITY	HTTP_PARAMETER_POLLUTION	109	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	120	Medium

io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall

Bug	Category	Details	Line	Priority
Concatenating user-controlled input into a URL	SECURITY	HTTP_PARAMETER_POLLUTION	68	Medium

io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall

Bug	Category	Details	Line	Priority
Concatenating user-controlled input into a URL	SECURITY	HTTP_PARAMETER_POLLUTION	64	Medium

io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller

Bug	Category	Details	Line	Priority
Concatenating user-controlled input into a URL	SECURITY	HTTP_PARAMETER_POLLUTION	182	Medium
Concatenating user-controlled input into a URL	SECURITY	HTTP_PARAMETER_POLLUTION	191	Medium

io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker

Bug	Category	Details	Line	Priority
The use of SAXParser.parse(...) (SAXParser) is vulnerable to XML External Entity attacks	SECURITY	XXE_SAXPARSER	264	Medium

Copyright ©2014-2025 wcm.io. All Rights Reserved.

Version: 2.2.1-SNAPSHOT. Last Published: 2025-03-17.