Bug |
Category |
Details |
Line |
Priority |
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 53 |
STYLE |
CC_CYCLOMATIC_COMPLEXITY |
928 |
Medium |
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection |
SECURITY |
COMMAND_INJECTION |
714 |
Medium |
Overly permissive file permission can lead to privilege escalation or information leakage. |
SECURITY |
OVERLY_PERMISSIVE_FILE_PERMISSION |
909 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
599 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
617 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
757 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
768 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
827 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
869 |
Medium |
Exceptional return value of java.io.File.mkdirs() ignored in com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
875 |
Medium |
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
617 |
Medium |
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field |
STYLE |
STT_STRING_PARSING_A_FIELD |
620 |
Medium |
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object |
CORRECTNESS |
UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH |
870 |
Medium |
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object |
CORRECTNESS |
UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH |
878 |
Medium |
Unwritten field: com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir |
CORRECTNESS |
UWF_UNWRITTEN_FIELD |
1206 |
Medium |