SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.8
Threshold is medium
Effort is max
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 18 | 85 | 0 | 0 |
Files
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Instance field com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo.goal likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks | SECURITY | XXE_DOCUMENT | 77 | Medium |
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDefault() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 70 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDetailWithGitGoal() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 252 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDetailWithGitGoal() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 254 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteInfoNotEnabledSkipsInfoLog() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 234 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailAndGoal() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 161 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailAndGoal() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 163 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailTrue() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 88 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailTrue() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 89 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithGoalGit() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 126 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithGoalMakeself() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 108 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithNegativeLineLength() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 217 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithUnknownGoal() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 144 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithZeroIndentSize() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 199 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithZeroLineLength() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 181 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 56 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testGetIndentLevel() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 328 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testGetPropertyFromExpression() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 270 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testIsNotEmpty() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 296 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testRepeat() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 312 | Medium |
| Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testToLinesNonBreakingSpace() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 351 | Medium |
com.hazendaz.maven.makeself.AbstractGitMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection | SECURITY | COMMAND_INJECTION | 214 | Medium |
| Method com.hazendaz.maven.makeself.AbstractGitMojo.extractPortableGit() throws alternative exception from catch block without history | CORRECTNESS | LEST_LOST_EXCEPTION_STACK_TRACE | 140 | Medium |
| Possible null pointer dereference in com.hazendaz.maven.makeself.AbstractGitMojo.installGit(Artifact, String) due to return value of called method | STYLE | NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE | 174 | Medium |
com.hazendaz.maven.makeself.AbstractGitMojoTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.hazendaz.maven.makeself.AbstractGitMojoTest.testExtractPortableGitNotResolved() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 250 | Medium |
| Method com.hazendaz.maven.makeself.AbstractGitMojoTest.testExtractPortableGitResolvedAndInstalled() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 511 | Medium |
| Method com.hazendaz.maven.makeself.AbstractGitMojoTest.getField(Object, String) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 103 | Medium |
| Method com.hazendaz.maven.makeself.AbstractGitMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 83 | Medium |
com.hazendaz.maven.makeself.AbstractGitMojoTest$1
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Non derivable method com.hazendaz.maven.makeself.AbstractGitMojoTest$1.runInstaller(List) declares throwing an exception that isn't thrown | CORRECTNESS | BED_BOGUS_EXCEPTION_DECLARATION | 451 | Medium |
com.hazendaz.maven.makeself.GitMojoTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.hazendaz.maven.makeself.GitMojoTest.testSkipExecution() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 99 | Medium |
| Method com.hazendaz.maven.makeself.GitMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 61 | Medium |
com.hazendaz.maven.makeself.MakeselfMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 55 | STYLE | CC_CYCLOMATIC_COMPLEXITY | 817 | Medium |
| This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection | SECURITY | COMMAND_INJECTION | 679 | Medium |
| Overly permissive file permission can lead to privilege escalation or information leakage. | SECURITY | OVERLY_PERMISSIVE_FILE_PERMISSION | 797 | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.archiveDir likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.buildTarget likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.classifier likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.cleanupScript likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.compExtra likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.complevel likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.extension likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.fileName likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.gpgExtraOpt likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.headerFile likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.helpHeaderFile likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.label likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.licenseFile likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.lsmFile likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.packagingDate likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.preextractScript likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.signPassphrase likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.sslPassSrc likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.sslPasswd likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.startupScript likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.tarExtraOpt likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.tarFormatOpt likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.threads likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| Instance field com.hazendaz.maven.makeself.MakeselfMojo.untarExtraOpt likely could be defined as static | CORRECTNESS | SPP_FIELD_COULD_BE_STATIC | Not available | Medium |
| This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field | STYLE | STT_STRING_PARSING_A_FIELD | 580 | Medium |
| This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field | STYLE | STT_STRING_PARSING_A_FIELD | 583 | Medium |
com.hazendaz.maven.makeself.MakeselfMojoTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithInlineScriptAndScriptArgs() builds a list from one element using Arrays.asList rather than Collections.singletonList | CORRECTNESS | LUI_USE_SINGLETON_LIST | 586 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateFailStatus() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 862 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateWindowsPortableGitNotNull() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 746 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithAutoRun() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 556 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithInlineScriptAndScriptArgs() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 585 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testInlineScriptWithoutScriptArgs() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 185 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissionsFailure() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 764 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSkipExecution() needlessly boxes a boolean constant | PERFORMANCE | NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION | 151 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.callIsTrue(MakeselfMojo, Boolean) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 137 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.callLoadArgs(MakeselfMojo) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 118 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 76 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateFailStatus() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 861 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateWindowsPortableGitNotNull() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 745 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeself() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 380 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfCreatesNewDirectory() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 816 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfIdempotent() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 402 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfMkdirsFails() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 841 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissions() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 429 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissionsFailure() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 768 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetPosixFilePermissions() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 450 | Medium |
| Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetPosixFilePermissionsIOException() uses AccessibleObject.setAccessible to modify accessibility of classes | CORRECTNESS | RFI_SET_ACCESSIBLE | 792 | Medium |
com.hazendaz.maven.makeself.PortableGit
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 126 | Medium |
com.hazendaz.maven.makeself.PortableGitTest
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class | STYLE | CE_CLASS_ENVY | 38-45 | Medium |


