The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
11 4 0 3

Files

Class Bugs
io.wcm.maven.plugins.sling_initial_content_transform_maven_plugin.HelpMojo 1
io.wcm.maven.plugins.slinginitialcontenttransform.TransformMojo 2
io.wcm.maven.plugins.slinginitialcontenttransform.contentparser.ContentElementHandler 1

io.wcm.maven.plugins.sling_initial_content_transform_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

io.wcm.maven.plugins.slinginitialcontenttransform.TransformMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 242 Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 162 Medium

io.wcm.maven.plugins.slinginitialcontenttransform.contentparser.ContentElementHandler

Bug Category Details Line Priority
The regular expression "^((/[^/]+)*)(/([^/]+))$" is vulnerable to a denial of service attack (ReDOS) SECURITY REDOS 40 Medium

Back to top

Version: 1.1.5-SNAPSHOT. Last Published: 2024-12-09.