wcm.io

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
13 14 0 0

Files

Class Bugs
io.wcm.maven.plugins.nodejs.installation.NodeInstallationInformation 6
io.wcm.maven.plugins.nodejs.mojo.AbstractNodeJsMojo 1
io.wcm.maven.plugins.nodejs.mojo.NodeJsTask 3
io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler 1
io.wcm.maven.plugins.nodejs.mojo.Task 2
io.wcm.maven.plugins.nodejs_maven_plugin.HelpMojo 1

io.wcm.maven.plugins.nodejs.installation.NodeInstallationInformation

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 211 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 221 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 231 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 97 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 109 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 117 Medium

io.wcm.maven.plugins.nodejs.mojo.AbstractNodeJsMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 215 Medium

io.wcm.maven.plugins.nodejs.mojo.NodeJsTask

Bug Category Details Line Priority
Read of unwritten public or protected field workingDirectory in io.wcm.maven.plugins.nodejs.mojo.NodeJsTask.installModule(NodeInstallationInformation) STYLE NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD 77 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 78 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 82 Medium

io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler

Bug Category Details Line Priority
Found reliance on default encoding in io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler.run(): new java.io.InputStreamReader(InputStream) I18N DM_DEFAULT_ENCODING 49 High

io.wcm.maven.plugins.nodejs.mojo.Task

Bug Category Details Line Priority
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection SECURITY COMMAND_INJECTION 56 Medium
Unwritten public or protected field: io.wcm.maven.plugins.nodejs.mojo.Task.workingDirectory STYLE UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD 57 Medium

io.wcm.maven.plugins.nodejs_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

Back to top

Copyright ©2014-2026 wcm.io. All Rights Reserved.

Version: 3.1.0-SNAPSHOT. Last Published: 2024-06-04.