SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is max

Summary

Classes	Bugs	Errors	Missing Classes
6	19	0	1

Files

Class	Bugs
com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo	1
com.hazendaz.maven.makeself.MakeselfMojo	16
com.hazendaz.maven.makeself.PortableGit	1
com.hazendaz.maven.makeself.PortableGitTest	1

com.github.hazendaz.maven.makeself_maven_plugin.HelpMojo

Bug	Category	Details	Line	Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks	SECURITY	XXE_DOCUMENT	77	Medium

com.hazendaz.maven.makeself.MakeselfMojo

Bug	Category	Details	Line	Priority
Method com.hazendaz.maven.makeself.MakeselfMojo.loadArgs() is excessively complex, with a cyclomatic complexity of 54	STYLE	CC_CYCLOMATIC_COMPLEXITY	917	Medium
This usage of java/lang/ProcessBuilder.<init>(Ljava/util/List;)V can be vulnerable to Command Injection	SECURITY	COMMAND_INJECTION	693	Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.extractPortableGit() throws alternative exception from catch block without history	CORRECTNESS	LEST_LOST_EXCEPTION_STACK_TRACE	831	Medium
Overly permissive file permission can lead to privilege escalation or information leakage.	SECURITY	OVERLY_PERMISSIVE_FILE_PERMISSION	898	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	589	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	607	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	736	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	747	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	809	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	858	Medium
Exceptional return value of java.io.File.mkdirs() ignored in com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String)	BAD_PRACTICE	RV_RETURN_VALUE_IGNORED_BAD_PRACTICE	864	Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field	STYLE	STT_STRING_PARSING_A_FIELD	607	Medium
This method com.hazendaz.maven.makeself.MakeselfMojo.execute() parses a String that is a field	STYLE	STT_STRING_PARSING_A_FIELD	610	Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object	CORRECTNESS	UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH	859	Medium
Method com.hazendaz.maven.makeself.MakeselfMojo.installGit(Artifact, String) constructs a File object, merely to convert it to a Path object	CORRECTNESS	UAC_UNNECESSARY_API_CONVERSION_FILE_TO_PATH	867	Medium
Unwritten field: com.hazendaz.maven.makeself.MakeselfMojo.extractTargetDir	CORRECTNESS	UWF_UNWRITTEN_FIELD	1202	Medium

com.hazendaz.maven.makeself.PortableGit

Bug	Category	Details	Line	Priority
Exception thrown in class com.hazendaz.maven.makeself.PortableGit at new com.hazendaz.maven.makeself.PortableGit(Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	80	Medium

com.hazendaz.maven.makeself.PortableGitTest

Bug	Category	Details	Line	Priority
Method com.hazendaz.maven.makeself.PortableGitTest.processGitTest() excessively uses methods of another class	STYLE	CE_CLASS_ENVY	38-45	Medium