The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
Classes |
Bugs |
Errors |
Missing Classes |
12 |
24 |
0 |
1 |
Bug |
Category |
Details |
Line |
Priority |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
166 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
176 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
186 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
81 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
89 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
93 |
Medium |
io.wcm.maven.plugins.nodejs.installation.TarUnArchiver
Bug |
Category |
Details |
Line |
Priority |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
61 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
64 |
Medium |
Exceptional return value of java.io.File.createNewFile() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
71 |
Medium |
Exceptional return value of java.io.File.delete() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
85 |
Medium |
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
68 |
Medium |
io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver
Bug |
Category |
Details |
Line |
Priority |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
58 |
Medium |
Exceptional return value of java.io.File.createNewFile() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
63 |
Medium |
Exceptional return value of java.io.File.delete() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
76 |
Medium |
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
60 |
Medium |
io.wcm.maven.plugins.nodejs.mojo.AbstractNodeJsMojo
Bug |
Category |
Details |
Line |
Priority |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
206 |
Medium |
io.wcm.maven.plugins.nodejs.mojo.NodeJsTask
Bug |
Category |
Details |
Line |
Priority |
Read of unwritten public or protected field workingDirectory in io.wcm.maven.plugins.nodejs.mojo.NodeJsTask.installModule(NodeInstallationInformation) |
STYLE |
NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD |
75 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
76 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
80 |
Medium |
io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler
Bug |
Category |
Details |
Line |
Priority |
Found reliance on default encoding in io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler.run(): new java.io.InputStreamReader(InputStream) |
I18N |
DM_DEFAULT_ENCODING |
49 |
High |
io.wcm.maven.plugins.nodejs.mojo.Task
Bug |
Category |
Details |
Line |
Priority |
Exceptional return value of java.io.File.mkdir() ignored in io.wcm.maven.plugins.nodejs.mojo.Task.execute(NodeInstallationInformation) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
57 |
Medium |
Unwritten public or protected field: io.wcm.maven.plugins.nodejs.mojo.Task.workingDirectory |
STYLE |
UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD |
55 |
Medium |
io.wcm.maven.plugins.nodejs.mojo.Task.setNodePath(ProcessBuilder, NodeInstallationInformation) makes inefficient use of keySet iterator instead of entrySet iterator |
PERFORMANCE |
WMI_WRONG_MAP_ITERATOR |
105 |
Medium |
io.wcm.maven.plugins.nodejs_maven_plugin.HelpMojo
Bug |
Category |
Details |
Line |
Priority |
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |