The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
45 8 0 3

Files

Class Bugs
io.wcm.tooling.commons.packmgr.download.PackageDownloader 2
io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall 1
io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall 1
io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller 2
io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker 1
io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker 1

io.wcm.tooling.commons.packmgr.download.PackageDownloader

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 128 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 139 Medium

io.wcm.tooling.commons.packmgr.httpaction.BundleStatusCall

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 68 Medium

io.wcm.tooling.commons.packmgr.httpaction.PackageManagerInstallStatusCall

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 64 Medium

io.wcm.tooling.commons.packmgr.install.crx.CrxPackageInstaller

Bug Category Details Line Priority
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 182 Medium
Concatenating user-controlled input into a URL SECURITY HTTP_PARAMETER_POLLUTION 191 Medium

io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker

Bug Category Details Line Priority
Exception thrown in class io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker at new io.wcm.tooling.commons.packmgr.install.crx.PackageInstalledChecker(JSONObject) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 50 Medium

io.wcm.tooling.commons.packmgr.unpack.ContentUnpacker

Bug Category Details Line Priority
The use of SAXParser.parse(...) (SAXParser) is vulnerable to XML External Entity attacks SECURITY XXE_SAXPARSER 260 Medium

Back to top

Version: 2.1.7-SNAPSHOT. Last Published: 2024-12-09.