SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.8
Threshold is medium
Effort is max
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 131 |
126 |
0 |
0 |
com.github.hazendaz.maven.coveralls_maven_plugin.HelpMojo
| Bug |
Category |
Details |
Line |
Priority |
| Instance field com.github.hazendaz.maven.coveralls_maven_plugin.HelpMojo.goal likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |
org.eluder.coveralls.maven.plugin.CoverageFixture
| Bug |
Category |
Details |
Line |
Priority |
| org.eluder.coveralls.maven.plugin.CoverageFixture.getTotalFiles(List): 1st parameter 'fixture' could be declared as java.util.Collection instead |
STYLE |
OCP_OVERLY_CONCRETE_COLLECTION_PARAMETER |
85 |
Medium |
| org.eluder.coveralls.maven.plugin.CoverageFixture.getTotalLines(List): 1st parameter 'fixture' could be declared as java.lang.Iterable instead |
STYLE |
OCP_OVERLY_CONCRETE_PARAMETER |
69 |
Medium |
org.eluder.coveralls.maven.plugin.CoverallsReportMojo
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojo.report(List, Logger$Position) calls equals on an enum instance |
CORRECTNESS |
ENMI_EQUALS_ON_ENUM |
572 |
Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.createSourceCallbackChain(JsonWriter, List): 2nd parameter 'reporters' could be declared as java.util.Collection instead |
STYLE |
OCP_OVERLY_CONCRETE_COLLECTION_PARAMETER |
459 |
Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.report(List, Logger$Position): 1st parameter 'reporters' could be declared as java.lang.Iterable instead |
STYLE |
OCP_OVERLY_CONCRETE_PARAMETER |
571 |
Medium |
| org.eluder.coveralls.maven.plugin.CoverallsReportMojo.writeCoveralls(JsonWriter, SourceCallback, List): 3rd parameter 'parsers' could be declared as java.lang.Iterable instead |
STYLE |
OCP_OVERLY_CONCRETE_PARAMETER |
485 |
Medium |
| Instance field org.eluder.coveralls.maven.plugin.CoverallsReportMojo.coverallsUrl likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| Instance field org.eluder.coveralls.maven.plugin.CoverallsReportMojo.timestamp likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
| Instance field org.eluder.coveralls.maven.plugin.CoverallsReportMojo.timestampFormat likely could be defined as static |
CORRECTNESS |
SPP_FIELD_COULD_BE_STATIC |
Not available |
Medium |
org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.defaultBehavior() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
254 |
Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.init() needlessly boxes a boolean constant |
PERFORMANCE |
NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION |
135 |
Medium |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.defaultBehavior() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
262 |
High |
| Method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest.init() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
192 |
Medium |
org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest$2
| Bug |
Category |
Details |
Line |
Priority |
| Non derivable method org.eluder.coveralls.maven.plugin.CoverallsReportMojoTest$2.createCoverageParsers(SourceLoader) declares throwing an exception that isn't thrown |
CORRECTNESS |
BED_BOGUS_EXCEPTION_DECLARATION |
251 |
Medium |
org.eluder.coveralls.maven.plugin.Environment
| Bug |
Category |
Details |
Line |
Priority |
| new org.eluder.coveralls.maven.plugin.Environment(CoverallsReportMojo, Iterable) may expose internal representation by storing an externally mutable object into Environment.mojo |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
56 |
Medium |
org.eluder.coveralls.maven.plugin.EnvironmentTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.missingMojo() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
89 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.setupWithIncompleteJob() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
129 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.setupWithoutJobOverride() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
188 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.setupWithoutSourceEncoding() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
116 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.init() needlessly boxes a boolean constant |
PERFORMANCE |
NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION |
81 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$missingMojo$0(List) uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
90 |
Medium |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest.lambda$missingServices$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
98 |
Medium |
org.eluder.coveralls.maven.plugin.EnvironmentTest$1
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.EnvironmentTest$1.createCoverageParsers(SourceLoader) builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
71 |
Medium |
org.eluder.coveralls.maven.plugin.domain.Git
| Bug |
Category |
Details |
Line |
Priority |
| org.eluder.coveralls.maven.plugin.domain.Git.getRemotes() may expose internal representation by returning Git.remotes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
110 |
Medium |
| new org.eluder.coveralls.maven.plugin.domain.Git(File, Git$Head, String, List) may expose internal representation by storing an externally mutable object into Git.remotes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
74 |
Medium |
org.eluder.coveralls.maven.plugin.domain.GitRepository
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.domain.GitRepository.getRemotes(Repository) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
126 |
Medium |
org.eluder.coveralls.maven.plugin.domain.Job
| Bug |
Category |
Details |
Line |
Priority |
| org.eluder.coveralls.maven.plugin.domain.Job.getServiceEnvironment() may expose internal representation by returning Job.serviceEnvironment |
MALICIOUS_CODE |
EI_EXPOSE_REP |
288 |
Medium |
| org.eluder.coveralls.maven.plugin.domain.Job.withServiceEnvironment(Properties) may expose internal representation by storing an externally mutable object into Job.serviceEnvironment |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
168 |
Medium |
| This method org.eluder.coveralls.maven.plugin.domain.Job.getBranch() parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
327 |
Medium |
org.eluder.coveralls.maven.plugin.domain.JobTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.domain.JobTest.branchWithRemote() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
46 |
Medium |
org.eluder.coveralls.maven.plugin.domain.Source
| Bug |
Category |
Details |
Line |
Priority |
| org.eluder.coveralls.maven.plugin.domain.Source.getCoverage() may expose internal representation by returning Source.coverage |
MALICIOUS_CODE |
EI_EXPOSE_REP |
140 |
Medium |
| Class org.eluder.coveralls.maven.plugin.domain.Source defines non-transient non-serializable instance field branches |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
Medium |
org.eluder.coveralls.maven.plugin.domain.SourceTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
123-153 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
142 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
143 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
144 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
146 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
147 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
148 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
149 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
150 |
Medium |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
147 |
High |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
149 |
High |
| Method org.eluder.coveralls.maven.plugin.domain.SourceTest.merge() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
151 |
High |
org.eluder.coveralls.maven.plugin.httpclient.CoverallsClient
| Bug |
Category |
Details |
Line |
Priority |
| new org.eluder.coveralls.maven.plugin.httpclient.CoverallsClient(String, HttpClient, ObjectMapper) may expose internal representation by storing an externally mutable object into CoverallsClient.objectMapper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
111 |
Medium |
org.eluder.coveralls.maven.plugin.httpclient.HttpClientFactoryTest
org.eluder.coveralls.maven.plugin.json.JsonWriter
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.eluder.coveralls.maven.plugin.json.JsonWriter at new org.eluder.coveralls.maven.plugin.json.JsonWriter(Job, File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
81 |
Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in new org.eluder.coveralls.maven.plugin.json.JsonWriter(Job, File) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
77 |
Medium |
org.eluder.coveralls.maven.plugin.json.JsonWriterTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.json.JsonWriterTest.job() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
238 |
Medium |
org.eluder.coveralls.maven.plugin.logging.CoverageTracingLoggerTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.logging.CoverageTracingLoggerTest.lambda$constructorWithNull$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
62 |
Medium |
org.eluder.coveralls.maven.plugin.logging.DryRunLogger
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.DryRunLogger at new org.eluder.coveralls.maven.plugin.logging.DryRunLogger(boolean, File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
org.eluder.coveralls.maven.plugin.logging.DryRunLoggerTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.logging.DryRunLoggerTest.lambda$missingCoverallsFile$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
57 |
Medium |
org.eluder.coveralls.maven.plugin.logging.JobLogger
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.JobLogger at new org.eluder.coveralls.maven.plugin.logging.JobLogger(Job) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
57 |
Medium |
| Exception thrown in class org.eluder.coveralls.maven.plugin.logging.JobLogger at new org.eluder.coveralls.maven.plugin.logging.JobLogger(Job, ObjectMapper) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
70 |
Medium |
| Constrained method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) converts checked exception to unchecked |
STYLE |
EXS_EXCEPTION_SOFTENING_NO_CHECKED |
118 |
Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
87 |
Medium |
| Method org.eluder.coveralls.maven.plugin.logging.JobLogger.log(Log) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
93 |
Medium |
org.eluder.coveralls.maven.plugin.logging.JobLoggerTest
org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.assertCoverage(Collection, String, int, Set, Set, Set, Set) excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
268-300 |
Medium |
| Method org.eluder.coveralls.maven.plugin.parser.AbstractCoverageParserTest.toIntegerSet(String) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
196 |
Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParser
org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Hard coded reference to an absolute pathname in org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest.parseNonExistentFileThrowsIoException() |
STYLE |
DMI_HARDCODED_ABSOLUTE_FILENAME |
89 |
Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest$1
| Bug |
Category |
Details |
Line |
Priority |
| Non derivable method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest$1.onEvent(XMLStreamReader, SourceCallback) declares throwing an exception that isn't thrown |
CORRECTNESS |
BED_BOGUS_EXCEPTION_DECLARATION |
74 |
Medium |
org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest$2
| Bug |
Category |
Details |
Line |
Priority |
| Non derivable method org.eluder.coveralls.maven.plugin.parser.AbstractXmlEventParserTest$2.onEvent(XMLStreamReader, SourceCallback) declares throwing an exception that isn't thrown |
CORRECTNESS |
BED_BOGUS_EXCEPTION_DECLARATION |
95 |
Medium |
org.eluder.coveralls.maven.plugin.parser.CloverParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.CloverParserTest.parseCondLineWithZeroFalseCount() accesses list or array with constant index |
CORRECTNESS |
CLI_CONSTANT_LIST_INDEX |
91 |
Medium |
| Method org.eluder.coveralls.maven.plugin.parser.CloverParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
56 |
Medium |
org.eluder.coveralls.maven.plugin.parser.CoberturaParser
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.CoberturaParser.onEvent(XMLStreamReader, SourceCallback) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
96 |
Medium |
org.eluder.coveralls.maven.plugin.parser.CoberturaParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.CoberturaParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
56 |
Medium |
org.eluder.coveralls.maven.plugin.parser.SagaParser
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.SagaParser.onEvent(XMLStreamReader, SourceCallback) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
88 |
Medium |
org.eluder.coveralls.maven.plugin.parser.SagaParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.parser.SagaParserTest.getCoverageResources() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
56 |
Medium |
org.eluder.coveralls.maven.plugin.source.AbstractSourceLoader
| Bug |
Category |
Details |
Line |
Priority |
| This method org.eluder.coveralls.maven.plugin.source.AbstractSourceLoader stores the value of a toString() call into a field |
STYLE |
STT_TOSTRING_STORED_IN_FIELD |
58 |
Medium |
org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback
| Bug |
Category |
Details |
Line |
Priority |
| Empty method org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback.onBeginInternal() could be declared abstract |
STYLE |
ACEM_ABSTRACT_CLASS_EMPTY_METHODS |
84 |
Medium |
| Empty method org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback.onCompleteInternal() could be declared abstract |
STYLE |
ACEM_ABSTRACT_CLASS_EMPTY_METHODS |
113 |
Medium |
| Exception thrown in class org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback at new org.eluder.coveralls.maven.plugin.source.ChainingSourceCallback(SourceCallback) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
49 |
Medium |
org.eluder.coveralls.maven.plugin.source.DirectorySourceLoaderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.source.DirectorySourceLoaderTest.missingSourceFileFromDirectory() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
55 |
Medium |
org.eluder.coveralls.maven.plugin.source.ScanSourceLoaderTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.source.ScanSourceLoaderTest.missingSourceFileFromDirectory() appears to call the same method on the same object redundantly |
PERFORMANCE |
PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS |
56 |
Medium |
org.eluder.coveralls.maven.plugin.source.UrlSourceLoader
| Bug |
Category |
Details |
Line |
Priority |
| This web server request could be used by an attacker to expose internal services and filesystem. |
SECURITY |
URLCONNECTION_SSRF_FD |
62 |
Medium |
org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory
| Bug |
Category |
Details |
Line |
Priority |
| new org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory(MavenProject, SourceLoader) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.project |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
117 |
Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withCloverReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.cloverReports |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
189 |
Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withCoberturaReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.coberturaReports |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
163 |
Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withJaCoCoReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.jacocoReports |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
150 |
Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withRelativeReportDirs(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.relativeReportDirs |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
202 |
Medium |
| org.eluder.coveralls.maven.plugin.util.CoverageParsersFactory.withSagaReports(List) may expose internal representation by storing an externally mutable object into CoverageParsersFactory.sagaReports |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
176 |
Medium |
org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withCloverReport() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
335 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withCoberturaReport() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
305 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withJacocoReportsParam() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
285 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withRelativeReportDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
351 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withRootRelativeReportDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
366 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withSagaReport() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
320 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.CoverageParsersFactoryTest.withRootRelativeReportDirectory() ignores return value of a non mutating method |
CORRECTNESS |
NPMC_NON_PRODUCTIVE_METHOD_CALL |
365 |
Medium |
org.eluder.coveralls.maven.plugin.util.ExistingFiles
| Bug |
Category |
Details |
Line |
Priority |
| Class org.eluder.coveralls.maven.plugin.util.ExistingFiles defines List based fields but uses them like Sets |
PERFORMANCE |
DLC_DUBIOUS_LIST_COLLECTION |
80 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.ExistingFiles.toParsers(Function) does not presize the allocation of a collection |
PERFORMANCE |
PSC_PRESIZE_COLLECTIONS |
118 |
Medium |
org.eluder.coveralls.maven.plugin.util.MavenProjectCollector
| Bug |
Category |
Details |
Line |
Priority |
| new org.eluder.coveralls.maven.plugin.util.MavenProjectCollector(MavenProject) may expose internal representation by storing an externally mutable object into MavenProjectCollector.root |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
48 |
Medium |
org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory
| Bug |
Category |
Details |
Line |
Priority |
| new org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory(File, MavenProject, Charset) may expose internal representation by storing an externally mutable object into SourceLoaderFactory.project |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
71 |
Medium |
| org.eluder.coveralls.maven.plugin.util.SourceLoaderFactory.withSourceDirectories(List) may expose internal representation by storing an externally mutable object into SourceLoaderFactory.sourceDirectories |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
84 |
Medium |
org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest
| Bug |
Category |
Details |
Line |
Priority |
| The m1Sources field in class org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest is used only as a local, but defined on class level |
CORRECTNESS |
FCBL_FIELD_COULD_BE_LOCAL |
86 |
Medium |
| The m2Sources field in class org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest is used only as a local, but defined on class level |
CORRECTNESS |
FCBL_FIELD_COULD_BE_LOCAL |
87 |
Medium |
| The rootSources field in class org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest is used only as a local, but defined on class level |
CORRECTNESS |
FCBL_FIELD_COULD_BE_LOCAL |
85 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.createSourceLoaderInvalidDirectory() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
143 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
92 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
94 |
Medium |
| Method org.eluder.coveralls.maven.plugin.util.SourceLoaderFactoryTest.init() builds a list from one element using Arrays.asList rather than Collections.singletonList |
CORRECTNESS |
LUI_USE_SINGLETON_LIST |
96 |
Medium |
org.eluder.coveralls.maven.plugin.util.TestIoUtil
| Bug |
Category |
Details |
Line |
Priority |
| Unconstrained method org.eluder.coveralls.maven.plugin.util.TestIoUtil.getFile(String) converts checked exception to unchecked |
STYLE |
EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS |
95 |
High |
| Method org.eluder.coveralls.maven.plugin.util.TestIoUtil.getFile(String) passes constant String of length 1 to character overridden method |
PERFORMANCE |
UCPM_USE_CHARACTER_PARAMETERIZED_METHOD |
87 |
Medium |
org.eluder.coveralls.maven.plugin.util.TimestampParser
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.eluder.coveralls.maven.plugin.util.TimestampParser at new org.eluder.coveralls.maven.plugin.util.TimestampParser(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
68 |
Medium |
org.eluder.coveralls.maven.plugin.util.TimestampParserTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.util.TimestampParserTest.lambda$invalidFormat$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
44 |
Medium |
org.eluder.coveralls.maven.plugin.util.UrlUtils
org.eluder.coveralls.maven.plugin.validation.JobValidator
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.eluder.coveralls.maven.plugin.validation.JobValidator at new org.eluder.coveralls.maven.plugin.validation.JobValidator(Job) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
| Class org.eluder.coveralls.maven.plugin.validation.JobValidator has a circular dependency with other classes |
CORRECTNESS |
FCCD_FIND_CLASS_CIRCULAR_DEPENDENCY |
46-101 |
Medium |
org.eluder.coveralls.maven.plugin.validation.JobValidatorTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.validation.JobValidatorTest.lambda$missingJob$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
44 |
Medium |
org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest.lambda$missingLevel$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
41 |
Medium |
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrorTest.lambda$missingMessage$0() uses a Side Effect Constructor |
STYLE |
SEC_SIDE_EFFECT_CONSTRUCTOR |
49 |
Medium |
org.eluder.coveralls.maven.plugin.validation.ValidationErrors
| Bug |
Category |
Details |
Line |
Priority |
| Method org.eluder.coveralls.maven.plugin.validation.ValidationErrors.filter(ValidationError$Level) calls equals on an enum instance |
CORRECTNESS |
ENMI_EQUALS_ON_ENUM |
75 |
Medium |
