SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
Classes | Bugs | Errors | Missing Classes |
---|---|---|---|
11 | 4 | 0 | 3 |
Files
io.wcm.maven.plugins.sling_initial_content_transform_maven_plugin.HelpMojo
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |
io.wcm.maven.plugins.slinginitialcontenttransform.TransformMojo
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 242 | Medium |
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 162 | Medium |
io.wcm.maven.plugins.slinginitialcontenttransform.contentparser.ContentElementHandler
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The regular expression "^((/[^/]+)*)(/([^/]+))$" is vulnerable to a denial of service attack (ReDOS) | SECURITY | REDOS | 40 | Medium |