SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is max
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 117 | 165 | 0 | 1 |
Files
com.github.hazendaz.maven.coveralls_maven_plugin.HelpMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |
org.eluder.coveralls.maven.plugin.CoverageFixture
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.CoverageFixture.getTotalLines(String[][]) accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 58 | Medium |
| org.eluder.coveralls.maven.plugin.CoverageFixture.JAVASCRIPT_FILES is a mutable array | MALICIOUS_CODE | MS_MUTABLE_ARRAY | 49 | High |
| org.eluder.coveralls.maven.plugin.CoverageFixture.JAVA_FILES is a mutable array | MALICIOUS_CODE | MS_MUTABLE_ARRAY | 28 | High |
| org.eluder.coveralls.maven.plugin.CoverageFixture.JAVA_FILES_CLOVER is a mutable array | MALICIOUS_CODE | MS_MUTABLE_ARRAY | 42 | High |
| org.eluder.coveralls.maven.plugin.CoverageFixture.JAVA_FILES_IT is a mutable array | MALICIOUS_CODE | MS_MUTABLE_ARRAY | 35 | High |
org.eluder.coveralls.maven.plugin.CoverallsReportMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojo.report(List, Logger$Position) calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 445 | Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.createSourceCallbackChain(JsonWriter, List): 2nd parameter 'reporters' could be declared as java.util.Collection instead | STYLE | OCP_OVERLY_CONCRETE_PARAMETER | 377 | Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.report(List, Logger$Position): 1st parameter 'reporters' could be declared as java.lang.Iterable instead | STYLE | OCP_OVERLY_CONCRETE_PARAMETER | 444 | Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.writeCoveralls(JsonWriter, SourceCallback, List): 3rd parameter 'parsers' could be declared as java.lang.Iterable instead | STYLE | OCP_OVERLY_CONCRETE_PARAMETER | 398 | Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojo.createSourceCallbackChain(JsonWriter, List) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 384 | Medium |
org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.readFileContent(String) declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 320 | Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.testSuccessfullSubmission() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 247 | Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.testDefaultBehavior() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 225 | Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.init() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 130 | Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.testDefaultBehavior() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 233 | High |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.init() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 181 | Medium |
org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest$3
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest$3.createCoverageParsers(SourceLoader) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 222 | Medium |
org.eluder.coveralls.maven.plugin.Environment
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.eluder.coveralls.maven.plugin.Environment(CoverallsReportMojo, Iterable) may expose internal representation by storing an externally mutable object into Environment.mojo | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 | Medium |
org.eluder.coveralls.maven.plugin.EnvironmentTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$testMissingMojo$0() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 80 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$testSetupWithoutSourceEncoding$2() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 101 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.testSetupWithIncompleteJob() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 110 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.testSetupWithoutJobOverride() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 163 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.init() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 74 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$testMissingMojo$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 80 | Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$testMissingServices$1() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 87 | Medium |
org.eluder.coveralls.maven.plugin.EnvironmentTest$1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest$1.createCoverageParsers(SourceLoader) builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 64 | Medium |
org.eluder.coveralls.maven.plugin.domain.Git
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.eluder.coveralls.maven.plugin.domain.Git.getRemotes() may expose internal representation by returning Git.remotes | MALICIOUS_CODE | EI_EXPOSE_REP | 69 | Medium |
| new org.eluder.coveralls.maven.plugin.domain.Git(File, Git$Head, String, List) may expose internal representation by storing an externally mutable object into Git.remotes | MALICIOUS_CODE | EI_EXPOSE_REP2 | 53 | Medium |
org.eluder.coveralls.maven.plugin.domain.GitRepository
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.domain.GitRepository.getRemotes(Repository) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 79 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.GitRepository.getHead(Repository) stores return result in local before immediately returning it | STYLE | USBR_UNNECESSARY_STORE_BEFORE_RETURN | 67 | Medium |
org.eluder.coveralls.maven.plugin.domain.Job
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.eluder.coveralls.maven.plugin.domain.Job.getServiceEnvironment() may expose internal representation by returning Job.serviceEnvironment | MALICIOUS_CODE | EI_EXPOSE_REP | 133 | Medium |
| org.eluder.coveralls.maven.plugin.domain.Job.getTimestamp() may expose internal representation by returning Job.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP | 137 | Medium |
| org.eluder.coveralls.maven.plugin.domain.Job.withServiceEnvironment(Properties) may expose internal representation by storing an externally mutable object into Job.serviceEnvironment | MALICIOUS_CODE | EI_EXPOSE_REP2 | 83 | Medium |
| org.eluder.coveralls.maven.plugin.domain.Job.withTimestamp(Date) may expose internal representation by storing an externally mutable object into Job.timestamp | MALICIOUS_CODE | EI_EXPOSE_REP2 | 88 | Medium |
| This method org.eluder.coveralls.maven.plugin.domain.Job.getBranch() parses a String that is a field | STYLE | STT_STRING_PARSING_A_FIELD | 152 | Medium |
org.eluder.coveralls.maven.plugin.domain.JobTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.domain.JobTest.testGetBranchWithRemote() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 40 | Medium |
org.eluder.coveralls.maven.plugin.domain.Source
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.eluder.coveralls.maven.plugin.domain.Source.getCoverage() may expose internal representation by returning Source.coverage | MALICIOUS_CODE | EI_EXPOSE_REP | 82 | Medium |
| Class org.eluder.coveralls.maven.plugin.domain.Source defines non-transient non-serializable instance field branches | BAD_PRACTICE | SE_BAD_FIELD | Not available | Medium |
org.eluder.coveralls.maven.plugin.domain.SourceTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 94-122 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 111 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 112 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 113 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 115 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 116 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 117 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 118 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 119 | Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 116 | High |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 118 | High |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.testMerge() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 120 | High |
org.eluder.coveralls.maven.plugin.httpclient.CoverallsClient
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.eluder.coveralls.maven.plugin.httpclient.CoverallsClient(String, HttpClient, ObjectMapper) may expose internal representation by storing an externally mutable object into CoverallsClient.objectMapper | MALICIOUS_CODE | EI_EXPOSE_REP2 | 72 | Medium |
org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest.testFailOnServiceError() declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 105-112 | Medium |
| Method org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest.testParseEntityWithoutContentType() declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 155-171 | Medium |
| Method org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest.testParseFailingEntity() declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 142-151 | Medium |
| Method org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest.testParseInvalidResponse() declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 116-125 | Medium |
| Method org.eluder.coveralls.maven.plugin.httpclient.CoverallsClientTest.testSubmit() declares RuntimeException in throws clause | STYLE | DRE_DECLARED_RUNTIME_EXCEPTION | 94-101 | Medium |
org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Class org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest defines fields that are used only as locals | CORRECTNESS | FCBL_FIELD_COULD_BE_LOCAL | 39 | Medium |
| Class org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest defines fields that are used only as locals | CORRECTNESS | FCBL_FIELD_COULD_BE_LOCAL | 40 | Medium |
| Class org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest defines fields that are used only as locals | CORRECTNESS | FCBL_FIELD_COULD_BE_LOCAL | 41 | Medium |
| Hard coded password found | SECURITY | HARD_CODE_PASSWORD | 93 | Medium |
| Unread field: org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest.PROXY_PORT; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 39 | Medium |
| Unread field: org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest.TARGET_PORT; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 40 | Medium |
| Unread field: org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest.TARGET_URL; should this field be static? | PERFORMANCE | SS_SHOULD_BE_STATIC | 41 | Medium |
org.eluder.coveralls.maven.plugin.json.JsonWriter
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method org.eluder.coveralls.maven.plugin.json.JsonWriter.writeOptionalEnvironment(String, Properties) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 142 | Medium |
| Exception thrown in class org.eluder.coveralls.maven.plugin.json.JsonWriter at new org.eluder.coveralls.maven.plugin.json.JsonWriter(Job, File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 60 | Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in new org.eluder.coveralls.maven.plugin.json.JsonWriter(Job, File) | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 56 | Medium |
org.eluder.coveralls.maven.plugin.json.JsonWriterTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.json.JsonWriterTest.job() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 133-137 | Medium |
| Method org.eluder.coveralls.maven.plugin.json.JsonWriterTest.job() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 146 | Medium |
org.eluder.coveralls.maven.plugin.logging.CoverageTracingLoggerTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.logging.CoverageTracingLoggerTest.lambda$testConstructorWithNull$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 57 | Medium |
org.eluder.coveralls.maven.plugin.logging.DryRunLogger
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.DryRunLogger at new org.eluder.coveralls.maven.plugin.logging.DryRunLogger(boolean, File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 37 | Medium |
org.eluder.coveralls.maven.plugin.logging.DryRunLoggerTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.logging.DryRunLoggerTest.lambda$testMissingCoverallsFile$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 53 | Medium |
org.eluder.coveralls.maven.plugin.logging.JobLogger
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.JobLogger at new org.eluder.coveralls.maven.plugin.logging.JobLogger(Job) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 43 | Medium |
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.JobLogger at new org.eluder.coveralls.maven.plugin.logging.JobLogger(Job, ObjectMapper) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 48 | Medium |
| Constrained method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CHECKED | 96 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes simple concatenating string in StringBuffer or StringBuilder append | PERFORMANCE | ISB_INEFFICIENT_STRING_BUFFERING | 63 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes simple concatenating string in StringBuffer or StringBuilder append | PERFORMANCE | ISB_INEFFICIENT_STRING_BUFFERING | 65 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes simple concatenating string in StringBuffer or StringBuilder append | PERFORMANCE | ISB_INEFFICIENT_STRING_BUFFERING | 67 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes simple concatenating string in StringBuffer or StringBuilder append | PERFORMANCE | ISB_INEFFICIENT_STRING_BUFFERING | 69 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 71 | Medium |
org.eluder.coveralls.maven.plugin.logging.JobLoggerTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.testLogDryRun() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 103 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.testLogJobWithDebug() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 126 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.testLogJobWithErrorInDebug() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 140 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.testLogJobWithId() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 76 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.testLogParallel() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 114 | Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLoggerTest.lambda$testMissingJob$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 61 | Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.assertCoverage(Collection, String, int, Set, Set, Set, Set) excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 175-207 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.init() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 74 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.testParseCoverage() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 115 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.testParseCoverage() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 116 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.testParseCoverage() accesses list or array with constant index | CORRECTNESS | CLI_CONSTANT_LIST_INDEX | 117 | Medium |
| Possible null pointer dereference of tested in org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.assertCoverage(Collection, String, int, Set, Set, Set, Set) | CORRECTNESS | NP_NULL_ON_SOME_PATH | 185 | High |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.toIntegerSet(String) does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 134 | Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest$1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest$1.answer(InvocationOnMock) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 88 | Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unconstrained method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser.createEventReader(Reader) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 82 | High |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser.createEventReader(Reader) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 77 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser.createEventReader(Reader) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 78 | Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser.createEventReader(Reader) needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 79 | Medium |
org.eluder.coveralls.maven.plugin.parser.CloverParserTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.parser.CloverParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 46 | Medium |
org.eluder.coveralls.maven.plugin.parser.CoberturaParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.parser.CoberturaParser.onEvent(XMLStreamReader, SourceCallback) passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 80 | Medium |
org.eluder.coveralls.maven.plugin.parser.CoberturaParserTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.parser.CoberturaParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 43 | Medium |
org.eluder.coveralls.maven.plugin.parser.SagaParserTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.parser.SagaParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 43 | Medium |
org.eluder.coveralls.maven.plugin.source.AbstractSourceLoader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This method org.eluder.coveralls.maven.plugin.source.AbstractSourceLoader stores the value of a toString() call into a field | STYLE | STT_TOSTRING_STORED_IN_FIELD | 44 | Medium |
org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Empty method org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback.onBeginInternal() could be declared abstract | STYLE | ACEM_ABSTRACT_CLASS_EMPTY_METHODS | 74 | Medium |
| Empty method org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback.onCompleteInternal() could be declared abstract | STYLE | ACEM_ABSTRACT_CLASS_EMPTY_METHODS | 96 | Medium |
| Exception thrown in class org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback at new org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback(SourceCallback) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 41 | Medium |
org.eluder.coveralls.maven.plugin.source.DirectorySourceLoader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.source.DirectorySourceLoader.locate(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 48 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 43 | Medium |
org.eluder.coveralls.maven.plugin.source.DirectorySourceLoaderTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.source.DirectorySourceLoaderTest.testMissingSourceFileFromDirectory() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 48 | Medium |
org.eluder.coveralls.maven.plugin.source.ScanSourceLoader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.source.ScanSourceLoader.locate(String) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 57 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 51 | Medium |
org.eluder.coveralls.maven.plugin.source.ScanSourceLoaderTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.source.ScanSourceLoaderTest.testMissingSourceFileFromDirectory() appears to call the same method on the same object redundantly | PERFORMANCE | PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS | 48 | Medium |
org.eluder.coveralls.maven.plugin.source.UniqueSourceCallbackTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method org.eluder.coveralls.maven.plugin.source.UniqueSourceCallbackTest.createSource(String, String, int[]) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 97 | Medium |
org.eluder.coveralls.maven.plugin.source.UrlSourceLoader
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This web server request could be used by an attacker to expose internal services and filesystem. | SECURITY | URLCONNECTION_SSRF_FD | 46 | Medium |
org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory(MavenProject, SourceLoader) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.project | MALICIOUS_CODE | EI_EXPOSE_REP2 | 64 | Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withCoberturaReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.coberturaReports | MALICIOUS_CODE | EI_EXPOSE_REP2 | 74 | Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withJaCoCoReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.jacocoReports | MALICIOUS_CODE | EI_EXPOSE_REP2 | 69 | Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withRelativeReportDirs(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.relativeReportDirs | MALICIOUS_CODE | EI_EXPOSE_REP2 | 84 | Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withSagaReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.sagaReports | MALICIOUS_CODE | EI_EXPOSE_REP2 | 79 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 97 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 98 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 111 | Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 112 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.createParsers() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 128 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.createParsers() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 131 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.createParsers() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 134 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.createParsers() does not presize the allocation of a collection | PERFORMANCE | PSC_PRESIZE_COLLECTIONS | 137 | Medium |
| Unwritten field: org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.cloverReports | CORRECTNESS | UWF_UNWRITTEN_FIELD | 95 | Medium |
org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithCoberturaReport() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 140 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithJaCoCoReport() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 130 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithRelativeReportDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 160 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithRootRelativeReportDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 169 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithSagaReport() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 150 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithRootRelativeReportDirectory() ignores return value of a non mutating method | CORRECTNESS | NPMC_NON_PRODUCTIVE_METHOD_CALL | 168 | Medium |
| Exceptional return value of java.io.File.createNewFile() ignored in org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithCoberturaReport() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 139 | Medium |
| Exceptional return value of java.io.File.createNewFile() ignored in org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithJaCoCoReport() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 129 | Medium |
| Exceptional return value of java.io.File.createNewFile() ignored in org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.testWithSagaReport() | BAD_PRACTICE | RV_RETURN_VALUE_IGNORED_BAD_PRACTICE | 149 | Medium |
org.eluder.coveralls.maven.plugin.util.MavenProjectCollector
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.eluder.coveralls.maven.plugin.util.MavenProjectCollector(MavenProject) may expose internal representation by storing an externally mutable object into MavenProjectCollector.root | MALICIOUS_CODE | EI_EXPOSE_REP2 | 37 | Medium |
org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| new org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory(File, MavenProject, String) may expose internal representation by storing an externally mutable object into SourceLoaderFactory.project | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 | Medium |
| org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory.withSourceDirectories(List) may expose internal representation by storing an externally mutable object into SourceLoaderFactory.sourceDirectories | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input | SECURITY | PATH_TRAVERSAL_IN | 66 | Medium |
org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 73 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 74 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 75 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.testCreateSourceLoaderInvalidDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 106 | Medium |
org.eluder.coveralls.maven.plugin.util.TestIoUtil
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.util.TestIoUtil.readFileContent(File) declares throwing two or more exceptions related by inheritance | CORRECTNESS | BED_HIERARCHICAL_EXCEPTION_DECLARATION | 49 | Medium |
| Found reliance on default encoding in org.eluder.coveralls.maven.plugin.util.TestIoUtil.writeFileContent(String, File): new java.io.PrintWriter(File) | I18N | DM_DEFAULT_ENCODING | 43 | High |
| Unconstrained method org.eluder.coveralls.maven.plugin.util.TestIoUtil.getFile(String) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 65 | High |
| Method org.eluder.coveralls.maven.plugin.util.TestIoUtil.readFileContent(File) uses a FileInputStream or FileOutputStream constructor | PERFORMANCE | IOI_USE_OF_FILE_STREAM_CONSTRUCTORS | 49 | Medium |
| Method org.eluder.coveralls.maven.plugin.util.TestIoUtil.getFile(String) passes constant String of length 1 to character overridden method | PERFORMANCE | UCPM_USE_CHARACTER_PARAMETERIZED_METHOD | 57 | Medium |
org.eluder.coveralls.maven.plugin.util.TimestampParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.eluder.coveralls.maven.plugin.util.TimestampParser at new org.eluder.coveralls.maven.plugin.util.TimestampParser(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 52 | Medium |
org.eluder.coveralls.maven.plugin.util.TimestampParser$EpochMillisParser
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Boxing/unboxing to parse a primitive org.eluder.coveralls.maven.plugin.util.TimestampParser$EpochMillisParser.parse(String) | PERFORMANCE | DM_BOXED_PRIMITIVE_FOR_PARSING | 89 | High |
| Method org.eluder.coveralls.maven.plugin.util.TimestampParser$EpochMillisParser.parse(String) converts String to primitive using excessive boxing | PERFORMANCE | NAB_NEEDLESS_BOXING_PARSE | 89 | Medium |
org.eluder.coveralls.maven.plugin.util.TimestampParserTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.util.TimestampParserTest.lambda$testInvalidFormat$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 41 | Medium |
org.eluder.coveralls.maven.plugin.util.UrlUtils
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Unconstrained method org.eluder.coveralls.maven.plugin.util.UrlUtils.create(String) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 37 | High |
| Unconstrained method org.eluder.coveralls.maven.plugin.util.UrlUtils.toUri(URL) converts checked exception to unchecked | STYLE | EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS | 45 | High |
org.eluder.coveralls.maven.plugin.validation.JobValidator
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.eluder.coveralls.maven.plugin.validation.JobValidator at new org.eluder.coveralls.maven.plugin.validation.JobValidator(Job) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 39 | Medium |
| Class org.eluder.coveralls.maven.plugin.validation.JobValidator has a circular dependency with other classes | CORRECTNESS | FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY | 37-74 | Medium |
org.eluder.coveralls.maven.plugin.validation.JobValidatorTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.validation.JobValidatorTest.lambda$testMissingJob$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 40 | Medium |
org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest.lambda$testMissingLevel$0() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 37 | Medium |
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest.lambda$testMissingMessage$1() uses a Side Effect Constructor | STYLE | SEC_SIDE_EFFECT_CONSTRUCTOR | 44 | Medium |
org.eluder.coveralls.maven.plugin.validation.ValidationErrors
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrors.filter(ValidationError$Level) calls equals on an enum instance | CORRECTNESS | ENMI_EQUALS_ON_ENUM | 47 | Medium |