Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.3

Threshold is medium

Effort is max

Summary

Classes Bugs Errors Missing Classes
6 11 0 1

Files

Class Bugs
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo 1
com.hazendaz.maven.makeself.MakeselfMojo 8
com.hazendaz.maven.makeself.PortableGit 1
com.hazendaz.maven.makeself.PortableGitTest 1

com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

com.hazendaz.maven.makeself.MakeselfMojo

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 54 STYLE CC_CYCLOMATIC_COMPLEXITY 927 Medium
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection SECURITY COMMAND_INJECTION 702 Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.extractPortableGit() throws alternative exception from catch block without history CORRECTNESS LEST_LOST_EXCEPTION_STACK_TRACE 839 Medium
Possible null pointer dereference in com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 873 Medium
Overly permissive file permission can lead to privilege escalation or information leakage. SECURITY OVERLY_PERMISSIVE_FILE_PERMISSION 908 Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field STYLE STT_STRING_PARSING_A_FIELD 614 Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field STYLE STT_STRING_PARSING_A_FIELD 617 Medium
Unwritten field: com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir CORRECTNESS UWF_UNWRITTEN_FIELD 1212 Medium

com.hazendaz.maven.makeself.PortableGit

Bug Category Details Line Priority
Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 126 Medium

com.hazendaz.maven.makeself.PortableGitTest

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class STYLE CE_CLASS_ENVY 38-45 Medium