wcm.io

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
55 9 0 0

Files

Class Bugs
io.wcm.tooling.commons.packmgr.download.PackageDownloader 2
io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall 1
io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall 1
io.wcm.tooling.commons.packmgr.httpaction.SystemReadyStatusCall 1
io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller 2
io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker 1
io.wcm.tooling.commons.packmgr.unpack.DocViewUtil 1

io.wcm.tooling.commons.packmgr.download.PackageDownloader

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 109 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 120 Medium

io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 68 Medium

io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 64 Medium

io.wcm.tooling.commons.packmgr.httpaction.SystemReadyStatusCall

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 65 Medium

io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 184 Medium
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 193 Medium

io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker

Bug Category Details Line Priority
The use of SAXParser.parse(...) (SAXParser) is vulnerable to XML External Entity attacks SECURITY XXE_SAXPARSER 266 Medium

io.wcm.tooling.commons.packmgr.unpack.DocViewUtil

Bug Category Details Line Priority
Invocation of toString on valueObjects in io.wcm.tooling.commons.packmgr.unpack.DocViewUtil.formatValues(List, int) CORRECTNESS DMI_INVOKING_TOSTRING_ON_ARRAY 79 Medium

Back to top

Copyright ©2014-2025 wcm.io. All Rights Reserved.

Version: 2.4.1-SNAPSHOT. Last Published: 2025-09-25.