The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
Classes |
Bugs |
Errors |
Missing Classes |
45 |
8 |
0 |
3 |
Bug |
Category |
Details |
Line |
Priority |
Concatenating user-controlled input into a URL |
SECURITY |
HTTP_PARAMETER_POLLUTION |
128 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
139 |
Medium |
Bug |
Category |
Details |
Line |
Priority |
Exception thrown in class io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker at new io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker(JSONObject) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
50 |
Medium |
io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker
Bug |
Category |
Details |
Line |
Priority |
The use of SAXParser.parse(...) (SAXParser) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_SAXPARSER |
260 |
Medium |