wcm.ioSpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.5
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 8 | 2 | 0 | 1 |
Files
| Class | Bugs |
|---|---|
| io.wcm.maven.plugins.contentpackage.InstallMojo | 1 |
| io.wcm.maven.plugins.wcmio_content_package_maven_plugin.HelpMojo | 1 |
io.wcm.maven.plugins.contentpackage.InstallMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 194 | Medium |
io.wcm.maven.plugins.wcmio_content_package_maven_plugin.HelpMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |