The following document contains the results of SpotBugs
SpotBugs Version is 4.8.3
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 4 |
7 |
0 |
4 |
io.wcm.caravan.maven.plugins.hal_docs_maven_plugin.HelpMojo
| Bug |
Category |
Details |
Line |
Priority |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |
io.wcm.caravan.maven.plugins.haldocs.AbstractBaseMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
87 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
53 |
Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.caravan.maven.plugins.haldocs.AbstractBaseMojo.getGeneratedResourcesDirectory() |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
89 |
Medium |
io.wcm.caravan.maven.plugins.haldocs.GenerateHalDocsJsonMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
167 |
Medium |
io.wcm.caravan.maven.plugins.haldocs.GenerateJsonSchemaMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
136 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
154 |
Medium |
wcm.io Caravan