SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.1
Threshold is medium
Effort is max
Summary
Classes |
Bugs |
Errors |
Missing Classes |
6 |
11 |
0 |
1 |
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo
Bug |
Category |
Details |
Line |
Priority |
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |
com.hazendaz.maven.makeself.MakeselfMojo
Bug |
Category |
Details |
Line |
Priority |
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 54 |
STYLE |
CC_CYCLOMATIC_COMPLEXITY |
922 |
Medium |
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection |
SECURITY |
COMMAND_INJECTION |
698 |
Medium |
Method com.hazendaz.maven.makeself.MakeselfMojo.extractPortableGit() throws alternative exception from catch block without history |
CORRECTNESS |
LEST_LOST_EXCEPTION_STACK_TRACE |
836 |
Medium |
Possible null pointer dereference in com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
868 |
Medium |
Overly permissive file permission can lead to privilege escalation or information leakage. |
SECURITY |
OVERLY_PERMISSIVE_FILE_PERMISSION |
903 |
Medium |
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
610 |
Medium |
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
613 |
Medium |
Unwritten field: com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir |
CORRECTNESS |
UWF_UNWRITTEN_FIELD |
1207 |
Medium |
com.hazendaz.maven.makeself.PortableGit
Bug |
Category |
Details |
Line |
Priority |
Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
80 |
Medium |
com.hazendaz.maven.makeself.PortableGitTest
Bug |
Category |
Details |
Line |
Priority |
Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class |
STYLE |
CE_CLASS_ENVY |
38-45 |
Medium |