SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
Classes | Bugs | Errors | Missing Classes |
---|---|---|---|
8 | 2 | 0 | 1 |
Files
Class | Bugs |
---|---|
io.wcm.maven.plugins.contentpackage.InstallMojo | 1 |
io.wcm.maven.plugins.wcmio_content_package_maven_plugin.HelpMojo | 1 |
io.wcm.maven.plugins.contentpackage.InstallMojo
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 194 | Medium |
io.wcm.maven.plugins.wcmio_content_package_maven_plugin.HelpMojo
Bug | Category | Details | Line | Priority |
---|---|---|---|---|
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |