SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.3

Threshold is medium

Effort is max

Summary

Classes	Bugs	Errors	Missing Classes
6	18	0	0

Files

Class	Bugs
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo	1
com.hazendaz.maven.makeself.MakeselfMojo	15
com.hazendaz.maven.makeself.PortableGit	1
com.hazendaz.maven.makeself.PortableGitTest	1

com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo

Bug	Category	Details	Line	Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks	SECURITY	XXE_DOCUMENT	77	Medium

com.hazendaz.maven.makeself.MakeselfMojo

Bug	Category	Details	Line	Priority
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 53	STYLE	CC_CYCLOMATIC_COMPLEXITY	928	Medium
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection	SECURITY	COMMAND_INJECTION	714	Medium
Overly permissive file permission can lead to privilege escalation or information leakage.	SECURITY	OVERLY_PERMISSIVE_FILE_PERMISSION	909	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	599	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	617	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	757	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	768	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	827	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	869	Medium
Exceptional return value of java.io.File.mkdirs() ignored in com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String)	BAD_PRACTICE	RV_RETURN_VALUE_IGNORED_BAD_PRACTICE	875	Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field	STYLE	STT_STRING_PARSING_A_FIELD	617	Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field	STYLE	STT_STRING_PARSING_A_FIELD	620	Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object	CORRECTNESS	UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH	870	Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object	CORRECTNESS	UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH	878	Medium
Unwritten field: com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir	CORRECTNESS	UWF_UNWRITTEN_FIELD	1206	Medium

com.hazendaz.maven.makeself.PortableGit

Bug	Category	Details	Line	Priority
Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	80	Medium

com.hazendaz.maven.makeself.PortableGitTest

Bug	Category	Details	Line	Priority
Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class	STYLE	CE_CLASS_ENVY	38-45	Medium