Fork me on GitHub

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
3117 54 0 57

Files

Class Bugs
org.apache.rat.OptionCollection 1
org.apache.rat.ReportConfiguration$NoCloseOutputStream 1
org.apache.rat.Reporter 2
org.apache.rat.analysis.HeaderCheckWorker 3
org.apache.rat.analysis.license.SimplePatternBasedLicense 1
org.apache.rat.analysis.matchers.CopyrightMatcher 2
org.apache.rat.analysis.matchers.SimpleTextMatcher 2
org.apache.rat.commandline.Arg 1
org.apache.rat.commandline.ArgumentContext 2
org.apache.rat.config.exclusion.ExclusionUtils 2
org.apache.rat.config.parameters.Description 2
org.apache.rat.config.results.ClaimValidator 1
org.apache.rat.configuration.MatcherBuilderTracker 1
org.apache.rat.configuration.XMLConfigurationReader 1
org.apache.rat.configuration.XMLConfigurationWriter 1
org.apache.rat.configuration.builders.ChildContainerBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy 1
org.apache.rat.document.ArchiveEntryDocument 1
org.apache.rat.document.ArchiveEntryName 1
org.apache.rat.header.HeaderMatcher 1
org.apache.rat.help.Help 1
org.apache.rat.help.Licenses 1
org.apache.rat.license.SimpleLicense$Builder 1
org.apache.rat.report.ConfigurationReport 1
org.apache.rat.report.claim.ClaimReporterMultiplexer 1
org.apache.rat.report.xml.writer.XmlWriter 1
org.apache.rat.tools.AbstractOption 1
org.apache.rat.tools.AntGenerator 4
org.apache.rat.tools.ArgumentTypes 3
org.apache.rat.tools.MavenGenerator 2
org.apache.rat.tools.Naming 2
org.apache.rat.tools.xsd.XsdGenerator 4
org.apache.rat.utils.DefaultLog 1
org.apache.rat.utils.Log 1
org.apache.rat.utils.ReportingSet 1

org.apache.rat.OptionCollection

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.OptionCollection.parseCommands(File, String[], Consumer, boolean): new java.io.PrintWriter(OutputStream) I18N DM_DEFAULT_ENCODING 179 High

org.apache.rat.ReportConfiguration$NoCloseOutputStream

Bug Category Details Line Priority
new org.apache.rat.ReportConfiguration$NoCloseOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ReportConfiguration$NoCloseOutputStream.delegate MALICIOUS_CODE EI_EXPOSE_REP2 845 Medium

org.apache.rat.Reporter

Bug Category Details Line Priority
new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 74 Medium
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 144 Medium

org.apache.rat.analysis.HeaderCheckWorker

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 131 Medium
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 112 Medium
new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses MALICIOUS_CODE EI_EXPOSE_REP2 135 Medium

org.apache.rat.analysis.license.SimplePatternBasedLicense

Bug Category Details Line Priority
org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns MALICIOUS_CODE EI_EXPOSE_REP2 50 Medium

org.apache.rat.analysis.matchers.CopyrightMatcher

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 95 Medium
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 120 Medium

org.apache.rat.analysis.matchers.SimpleTextMatcher

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 44 Medium
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 56 Medium

org.apache.rat.commandline.Arg

Bug Category Details Line Priority
Exception is caught when Exception is not thrown in org.apache.rat.commandline.Arg.processConfigurationArgs(ArgumentContext) STYLE REC_CATCH_EXCEPTION 678 Medium

org.apache.rat.commandline.ArgumentContext

Bug Category Details Line Priority
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.commandLine MALICIOUS_CODE EI_EXPOSE_REP2 52 Medium
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.configuration MALICIOUS_CODE EI_EXPOSE_REP2 53 Medium

org.apache.rat.config.exclusion.ExclusionUtils

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.config.exclusion.ExclusionUtils.asIterable(File, Predicate): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 178 High
Found reliance on default encoding in org.apache.rat.config.exclusion.ExclusionUtils.asIterator(File, Predicate): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 149 High

org.apache.rat.config.parameters.Description

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 85 Medium
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 107 Medium

org.apache.rat.config.results.ClaimValidator

Bug Category Details Line Priority
Boxed value is unboxed and then immediately reboxed in org.apache.rat.config.results.ClaimValidator.lambda$setMin$1(int, ClaimStatistic$Counter, Integer) PERFORMANCE BX_UNBOXING_IMMEDIATELY_REBOXED 88 Medium

org.apache.rat.configuration.MatcherBuilderTracker

Bug Category Details Line Priority
Public static org.apache.rat.configuration.MatcherBuilderTracker.instance() may expose internal representation by returning MatcherBuilderTracker.instance MALICIOUS_CODE MS_EXPOSE_REP 55 Medium

org.apache.rat.configuration.XMLConfigurationReader

Bug Category Details Line Priority
This web server request could be used by an attacker to expose internal services and filesystem. SECURITY URLCONNECTION_SSRF_FD 180 Medium

org.apache.rat.configuration.XMLConfigurationWriter

Bug Category Details Line Priority
new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 63 Medium

org.apache.rat.configuration.builders.ChildContainerBuilder

Bug Category Details Line Priority
Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended BAD_PRACTICE UI_INHERITANCE_UNSAFE_GETRESOURCE 62 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder

Bug Category Details Line Priority
org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers MALICIOUS_CODE EI_EXPOSE_REP2 67 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy

Bug Category Details Line Priority
new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers MALICIOUS_CODE EI_EXPOSE_REP2 114 Medium

org.apache.rat.document.ArchiveEntryDocument

Bug Category Details Line Priority
new org.apache.rat.document.ArchiveEntryDocument(ArchiveEntryName, byte[], DocumentNameMatcher) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents MALICIOUS_CODE EI_EXPOSE_REP2 45 Medium

org.apache.rat.document.ArchiveEntryName

Bug Category Details Line Priority
org.apache.rat.document.ArchiveEntryName doesn't override DocumentName.equals(Object) STYLE EQ_DOESNT_OVERRIDE_EQUALS 1 Medium

org.apache.rat.header.HeaderMatcher

Bug Category Details Line Priority
new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers MALICIOUS_CODE EI_EXPOSE_REP2 55 Medium

org.apache.rat.help.Help

Bug Category Details Line Priority
Found reliance on default encoding in new org.apache.rat.help.Help(PrintStream): new java.io.PrintWriter(OutputStream) I18N DM_DEFAULT_ENCODING 65 High

org.apache.rat.help.Licenses

Bug Category Details Line Priority
new org.apache.rat.help.Licenses(ReportConfiguration, Writer) may expose internal representation by storing an externally mutable object into Licenses.config MALICIOUS_CODE EI_EXPOSE_REP2 68 Medium

org.apache.rat.license.SimpleLicense$Builder

Bug Category Details Line Priority
org.apache.rat.license.SimpleLicense$Builder.setLicenseFamilies(SortedSet) may expose internal representation by storing an externally mutable object into SimpleLicense$Builder.licenseFamilies MALICIOUS_CODE EI_EXPOSE_REP2 211 Medium

org.apache.rat.report.ConfigurationReport

Bug Category Details Line Priority
new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration MALICIOUS_CODE EI_EXPOSE_REP2 43 Medium

org.apache.rat.report.claim.ClaimReporterMultiplexer

Bug Category Details Line Priority
new org.apache.rat.report.claim.ClaimReporterMultiplexer(IXmlWriter, boolean, DocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters MALICIOUS_CODE EI_EXPOSE_REP2 54 Medium

org.apache.rat.report.xml.writer.XmlWriter

Bug Category Details Line Priority
new org.apache.rat.report.xml.writer.XmlWriter(Writer) may expose internal representation by storing an externally mutable object into XmlWriter.writer MALICIOUS_CODE EI_EXPOSE_REP2 417 Medium

org.apache.rat.tools.AbstractOption

Bug Category Details Line Priority
The regular expression "-(-[a-z0-9]+)+" is vulnerable to a denial of service attack (ReDOS) SECURITY REDOS 35 Medium

org.apache.rat.tools.AntGenerator

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.tools.AntGenerator.main(String[]): java.io.ByteArrayOutputStream.toString() I18N DM_DEFAULT_ENCODING 148 High
Found reliance on default encoding in org.apache.rat.tools.AntGenerator.main(String[]): new java.io.FileWriter(File) I18N DM_DEFAULT_ENCODING 115 High
Found reliance on default encoding in org.apache.rat.tools.AntGenerator.main(String[]): new java.io.OutputStreamWriter(OutputStream) I18N DM_DEFAULT_ENCODING 117 High
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.AntGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 113 Medium

org.apache.rat.tools.ArgumentTypes

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.tools.ArgumentTypes.main(String[]): new java.io.FileWriter(String) I18N DM_DEFAULT_ENCODING 44 High
Found reliance on default encoding in org.apache.rat.tools.ArgumentTypes.main(String[]): new java.io.OutputStreamWriter(OutputStream) I18N DM_DEFAULT_ENCODING 44 High
This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 44 High

org.apache.rat.tools.MavenGenerator

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.tools.MavenGenerator.main(String[]): new java.io.FileWriter(File) I18N DM_DEFAULT_ENCODING 112 High
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.MavenGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 110 Medium

org.apache.rat.tools.Naming

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.tools.Naming.main(String[]): new java.io.FileWriter(String) I18N DM_DEFAULT_ENCODING 154 High
This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 154 Medium

org.apache.rat.tools.xsd.XsdGenerator

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.tools.xsd.XsdGenerator.getInputStream(): new java.io.OutputStreamWriter(OutputStream) I18N DM_DEFAULT_ENCODING 96 High
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 78 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 74 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 74 Medium

org.apache.rat.utils.DefaultLog

Bug Category Details Line Priority
Public static org.apache.rat.utils.DefaultLog.getInstance() may expose internal representation by returning DefaultLog.instance MALICIOUS_CODE MS_EXPOSE_REP 44 Medium

org.apache.rat.utils.Log

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 131 Medium

org.apache.rat.utils.ReportingSet

Bug Category Details Line Priority
new org.apache.rat.utils.ReportingSet(SortedSet) may expose internal representation by storing an externally mutable object into ReportingSet.delegate MALICIOUS_CODE EI_EXPOSE_REP2 52 Medium