The following document contains the results of SpotBugs
SpotBugs Version is 4.6.0
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 20 |
9 |
0 |
0 |
io.wcm.qa.glnm.maven.freemarker.GalenSpecsMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
290 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
312 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
316 |
Medium |
io.wcm.qa.glnm.maven.freemarker.HelpMojo
| Bug |
Category |
Details |
Line |
Priority |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
75 |
Medium |
io.wcm.qa.glnm.maven.freemarker.util.FreemarkerUtil
| Bug |
Category |
Details |
Line |
Priority |
| Found reliance on default encoding in io.wcm.qa.glnm.maven.freemarker.util.FreemarkerUtil.process(Template, Map, File): new java.io.FileWriter(File) |
I18N |
DM_DEFAULT_ENCODING |
191 |
High |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
157 |
Medium |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
159 |
Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in io.wcm.qa.glnm.maven.freemarker.util.FreemarkerUtil.getOutputFile(File, String, String) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
158 |
Medium |
| Potential template injection with Freemarker template |
SECURITY |
TEMPLATE_INJECTION_FREEMARKER |
193 |
Medium |
wcm.io QA