SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is max

Summary

Classes Bugs Errors Missing Classes
18 85 0 0

Files

Class Bugs
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo 2
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest 20
com.hazendaz.maven.makeself.AbstractGitMojo 3
com.hazendaz.maven.makeself.AbstractGitMojoTest 4
com.hazendaz.maven.makeself.AbstractGitMojoTest$1 1
com.hazendaz.maven.makeself.GitMojoTest 2
com.hazendaz.maven.makeself.MakeselfMojo 30
com.hazendaz.maven.makeself.MakeselfMojoTest 21
com.hazendaz.maven.makeself.PortableGit 1
com.hazendaz.maven.makeself.PortableGitTest 1

com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo

Bug Category Details Line Priority
Instance field com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo.goal likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium

com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest

Bug Category Details Line Priority
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDefault() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 70 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDetailWithGitGoal() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 252 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteDetailWithGitGoal() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 254 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteInfoNotEnabledSkipsInfoLog() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 234 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailAndGoal() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 161 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailAndGoal() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 163 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailTrue() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 88 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithDetailTrue() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 89 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithGoalGit() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 126 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithGoalMakeself() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 108 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithNegativeLineLength() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 217 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithUnknownGoal() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 144 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithZeroIndentSize() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 199 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testExecuteWithZeroLineLength() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 181 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 56 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testGetIndentLevel() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 328 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testGetPropertyFromExpression() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 270 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testIsNotEmpty() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 296 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testRepeat() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 312 Medium
Method com.github.hazendaz.maven.makeself_maven_plugin.HelpMojoTest.testToLinesNonBreakingSpace() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 351 Medium

com.hazendaz.maven.makeself.AbstractGitMojo

Bug Category Details Line Priority
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection SECURITY COMMAND_INJECTION 214 Medium
Method com.hazendaz.maven.makeself.AbstractGitMojo.extractPortableGit() throws alternative exception from catch block without history CORRECTNESS LEST_LOST_EXCEPTION_STACK_TRACE 140 Medium
Possible null pointer dereference in com.hazendaz.maven.makeself.AbstractGitMojo.installGit(Artifact, String) due to return value of called method STYLE NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE 174 Medium

com.hazendaz.maven.makeself.AbstractGitMojoTest

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.AbstractGitMojoTest.testExtractPortableGitNotResolved() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 250 Medium
Method com.hazendaz.maven.makeself.AbstractGitMojoTest.testExtractPortableGitResolvedAndInstalled() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 511 Medium
Method com.hazendaz.maven.makeself.AbstractGitMojoTest.getField(Object, String) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 103 Medium
Method com.hazendaz.maven.makeself.AbstractGitMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 83 Medium

com.hazendaz.maven.makeself.AbstractGitMojoTest$1

Bug Category Details Line Priority
Non derivable method com.hazendaz.maven.makeself.AbstractGitMojoTest$1.runInstaller(List) declares throwing an exception that isn't thrown CORRECTNESS BED_BOGUS_EXCEPTION_DECLARATION 451 Medium

com.hazendaz.maven.makeself.GitMojoTest

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.GitMojoTest.testSkipExecution() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 99 Medium
Method com.hazendaz.maven.makeself.GitMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 61 Medium

com.hazendaz.maven.makeself.MakeselfMojo

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 55 STYLE CC_CYCLOMATIC_COMPLEXITY 817 Medium
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection SECURITY COMMAND_INJECTION 679 Medium
Overly permissive file permission can lead to privilege escalation or information leakage. SECURITY OVERLY_PERMISSIVE_FILE_PERMISSION 797 Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.archiveDir likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.buildTarget likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.classifier likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.cleanupScript likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.compExtra likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.complevel likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.extension likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.fileName likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.gpgExtraOpt likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.headerFile likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.helpHeaderFile likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.label likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.licenseFile likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.lsmFile likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.packagingDate likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.preextractScript likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.signPassphrase likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.sslPassSrc likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.sslPasswd likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.startupScript likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.tarExtraOpt likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.tarFormatOpt likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.threads likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
Instance field com.hazendaz.maven.makeself.MakeselfMojo.untarExtraOpt likely could be defined as static CORRECTNESS SPP_FIELD_COULD_BE_STATIC Not available Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field STYLE STT_STRING_PARSING_A_FIELD 580 Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field STYLE STT_STRING_PARSING_A_FIELD 583 Medium

com.hazendaz.maven.makeself.MakeselfMojoTest

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithInlineScriptAndScriptArgs() builds a list from one element using Arrays.asList rather than Collections.singletonList CORRECTNESS LUI_USE_SINGLETON_LIST 586 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateFailStatus() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 862 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateWindowsPortableGitNotNull() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 746 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithAutoRun() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 556 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecuteWithInlineScriptAndScriptArgs() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 585 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testInlineScriptWithoutScriptArgs() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 185 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissionsFailure() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 764 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSkipExecution() needlessly boxes a boolean constant PERFORMANCE NAB_NEEDLESS_BOOLEAN_CONSTANT_CONVERSION 151 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.callIsTrue(MakeselfMojo, Boolean) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 137 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.callLoadArgs(MakeselfMojo) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 118 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.setField(Object, String, Object) uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 76 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateFailStatus() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 861 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExecutePrivateWindowsPortableGitNotNull() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 745 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeself() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 380 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfCreatesNewDirectory() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 816 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfIdempotent() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 402 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testExtractMakeselfMkdirsFails() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 841 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissions() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 429 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetFilePermissionsFailure() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 768 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetPosixFilePermissions() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 450 Medium
Method com.hazendaz.maven.makeself.MakeselfMojoTest.testSetPosixFilePermissionsIOException() uses AccessibleObject.setAccessible to modify accessibility of classes CORRECTNESS RFI_SET_ACCESSIBLE 792 Medium

com.hazendaz.maven.makeself.PortableGit

Bug Category Details Line Priority
Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 126 Medium

com.hazendaz.maven.makeself.PortableGitTest

Bug Category Details Line Priority
Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class STYLE CE_CLASS_ENVY 38-45 Medium