wcm.ioSpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 3 | 2 | 0 | 2 |
Files
| Class | Bugs |
|---|---|
| io.wcm.maven.plugins.cq.InstallMojo | 1 |
| io.wcm.maven.plugins.cq_maven_plugin.HelpMojo | 1 |
io.wcm.maven.plugins.cq.InstallMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 200 | Medium |
io.wcm.maven.plugins.cq_maven_plugin.HelpMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |