The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
12 24 0 1

Files

Class Bugs
io.wcm.maven.plugins.nodejs.installation.NodeInstallationInformation 6
io.wcm.maven.plugins.nodejs.installation.TarUnArchiver 5
io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver 4
io.wcm.maven.plugins.nodejs.mojo.AbstractNodeJsMojo 1
io.wcm.maven.plugins.nodejs.mojo.NodeJsTask 3
io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler 1
io.wcm.maven.plugins.nodejs.mojo.Task 3
io.wcm.maven.plugins.nodejs_maven_plugin.HelpMojo 1

io.wcm.maven.plugins.nodejs.installation.NodeInstallationInformation

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 166 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 176 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 186 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 81 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 89 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 93 Medium

io.wcm.maven.plugins.nodejs.installation.TarUnArchiver

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 61 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 64 Medium
Exceptional return value of java.io.File.createNewFile() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 71 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 85 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.maven.plugins.nodejs.installation.TarUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 68 Medium

io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 58 Medium
Exceptional return value of java.io.File.createNewFile() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 63 Medium
Exceptional return value of java.io.File.delete() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 76 Medium
Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.maven.plugins.nodejs.installation.ZipUnArchiver.unarchive(String) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 60 Medium

io.wcm.maven.plugins.nodejs.mojo.AbstractNodeJsMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 206 Medium

io.wcm.maven.plugins.nodejs.mojo.NodeJsTask

Bug Category Details Line Priority
Read of unwritten public or protected field workingDirectory in io.wcm.maven.plugins.nodejs.mojo.NodeJsTask.installModule(NodeInstallationInformation) STYLE NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD 75 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 76 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 80 Medium

io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler

Bug Category Details Line Priority
Found reliance on default encoding in io.wcm.maven.plugins.nodejs.mojo.NodejsOutputStreamHandler.run(): new java.io.InputStreamReader(InputStream) I18N DM_DEFAULT_ENCODING 49 High

io.wcm.maven.plugins.nodejs.mojo.Task

Bug Category Details Line Priority
Exceptional return value of java.io.File.mkdir() ignored in io.wcm.maven.plugins.nodejs.mojo.Task.execute(NodeInstallationInformation) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 57 Medium
Unwritten public or protected field: io.wcm.maven.plugins.nodejs.mojo.Task.workingDirectory STYLE UWF_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD 55 Medium
io.wcm.maven.plugins.nodejs.mojo.Task.setNodePath(ProcessBuilder, NodeInstallationInformation) makes inefficient use of keySet iterator instead of entrySet iterator PERFORMANCE WMI_WRONG_MAP_ITERATOR 105 Medium

io.wcm.maven.plugins.nodejs_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

Back to top

Version: 3.0.9-SNAPSHOT. Last Published: 2024-12-09.