SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
222	36	0	0

Files

Class	Bugs
org.apache.rat.OptionCollection	1
org.apache.rat.ReportConfiguration$NoCloseOutputStream	1
org.apache.rat.Reporter	2
org.apache.rat.analysis.HeaderCheckWorker	3
org.apache.rat.analysis.license.SimplePatternBasedLicense	1
org.apache.rat.analysis.matchers.CopyrightMatcher	2
org.apache.rat.analysis.matchers.SimpleTextMatcher	2
org.apache.rat.commandline.ArgumentContext	2
org.apache.rat.config.exclusion.ExclusionUtils	2
org.apache.rat.config.parameters.Description	2
org.apache.rat.config.results.ClaimValidator	1
org.apache.rat.configuration.MatcherBuilderTracker	1
org.apache.rat.configuration.XMLConfigurationReader	1
org.apache.rat.configuration.XMLConfigurationWriter	1
org.apache.rat.configuration.builders.ChildContainerBuilder	1
org.apache.rat.configuration.builders.MatcherRefBuilder	1
org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy	1
org.apache.rat.document.ArchiveEntryDocument	1
org.apache.rat.document.ArchiveEntryName	1
org.apache.rat.header.HeaderMatcher	1
org.apache.rat.help.Help	2
org.apache.rat.help.Licenses	1
org.apache.rat.report.ConfigurationReport	1
org.apache.rat.report.claim.ClaimReporterMultiplexer	1
org.apache.rat.report.xml.writer.XmlWriter	1
org.apache.rat.utils.DefaultLog	1
org.apache.rat.utils.Log	1

org.apache.rat.OptionCollection

Bug	Category	Details	Line	Priority
Found reliance on default encoding in org.apache.rat.OptionCollection.parseCommands(File, String[], Consumer, boolean): new java.io.PrintWriter(OutputStream)	I18N	DM_DEFAULT_ENCODING	151	High

org.apache.rat.ReportConfiguration$NoCloseOutputStream

Bug	Category	Details	Line	Priority
new org.apache.rat.ReportConfiguration$NoCloseOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ReportConfiguration$NoCloseOutputStream.delegate	MALICIOUS_CODE	EI_EXPOSE_REP2	845	Medium

org.apache.rat.Reporter

Bug	Category	Details	Line	Priority
new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration	MALICIOUS_CODE	EI_EXPOSE_REP2	74	Medium
A malicious XSLT could be provided to trigger remote code execution	SECURITY	MALICIOUS_XSLT	145	Medium

org.apache.rat.analysis.HeaderCheckWorker

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	131	Medium
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	112	Medium
new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses	MALICIOUS_CODE	EI_EXPOSE_REP2	135	Medium

org.apache.rat.analysis.license.SimplePatternBasedLicense

Bug	Category	Details	Line	Priority
org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns	MALICIOUS_CODE	EI_EXPOSE_REP2	48	Medium

org.apache.rat.analysis.matchers.CopyrightMatcher

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	100	Medium
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	126	Medium

org.apache.rat.analysis.matchers.SimpleTextMatcher

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	44	Medium
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	56	Medium

org.apache.rat.commandline.ArgumentContext

Bug	Category	Details	Line	Priority
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.commandLine	MALICIOUS_CODE	EI_EXPOSE_REP2	52	Medium
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.configuration	MALICIOUS_CODE	EI_EXPOSE_REP2	53	Medium

org.apache.rat.config.exclusion.ExclusionUtils

Bug	Category	Details	Line	Priority
Found reliance on default encoding in org.apache.rat.config.exclusion.ExclusionUtils.asIterable(File, Predicate): new java.io.FileReader(File)	I18N	DM_DEFAULT_ENCODING	168	High
Found reliance on default encoding in org.apache.rat.config.exclusion.ExclusionUtils.asIterator(File, Predicate): new java.io.FileReader(File)	I18N	DM_DEFAULT_ENCODING	139	High

org.apache.rat.config.parameters.Description

Bug	Category	Details	Line	Priority
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	85	Medium
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	107	Medium

org.apache.rat.config.results.ClaimValidator

Bug	Category	Details	Line	Priority
Boxed value is unboxed and then immediately reboxed in org.apache.rat.config.results.ClaimValidator.lambda$setMin$1(int, ClaimStatistic$Counter, Integer)	PERFORMANCE	BX_UNBOXING_IMMEDIATELY_REBOXED	88	Medium

org.apache.rat.configuration.MatcherBuilderTracker

Bug	Category	Details	Line	Priority
Public static org.apache.rat.configuration.MatcherBuilderTracker.instance() may expose internal representation by returning MatcherBuilderTracker.instance	MALICIOUS_CODE	MS_EXPOSE_REP	55	Medium

org.apache.rat.configuration.XMLConfigurationReader

Bug	Category	Details	Line	Priority
This web server request could be used by an attacker to expose internal services and filesystem.	SECURITY	URLCONNECTION_SSRF_FD	180	Medium

org.apache.rat.configuration.XMLConfigurationWriter

Bug	Category	Details	Line	Priority
new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration	MALICIOUS_CODE	EI_EXPOSE_REP2	63	Medium

org.apache.rat.configuration.builders.ChildContainerBuilder

Bug	Category	Details	Line	Priority
Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended	BAD_PRACTICE	UI_INHERITANCE_UNSAFE_GETRESOURCE	62	Medium

org.apache.rat.configuration.builders.MatcherRefBuilder

Bug	Category	Details	Line	Priority
org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers	MALICIOUS_CODE	EI_EXPOSE_REP2	67	Medium

org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy

Bug	Category	Details	Line	Priority
new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers	MALICIOUS_CODE	EI_EXPOSE_REP2	114	Medium

org.apache.rat.document.ArchiveEntryDocument

Bug	Category	Details	Line	Priority
new org.apache.rat.document.ArchiveEntryDocument(ArchiveEntryName, byte[], DocumentNameMatcher) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents	MALICIOUS_CODE	EI_EXPOSE_REP2	45	Medium

org.apache.rat.document.ArchiveEntryName

Bug	Category	Details	Line	Priority
org.apache.rat.document.ArchiveEntryName doesn't override DocumentName.equals(Object)	STYLE	EQ_DOESNT_OVERRIDE_EQUALS	1	Medium

org.apache.rat.header.HeaderMatcher

Bug	Category	Details	Line	Priority
new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers	MALICIOUS_CODE	EI_EXPOSE_REP2	55	Medium

org.apache.rat.help.Help

Bug	Category	Details	Line	Priority
Found reliance on default encoding in new org.apache.rat.help.Help(PrintStream): new java.io.PrintWriter(OutputStream)	I18N	DM_DEFAULT_ENCODING	63	High
org.apache.rat.help.Help.NOTES should be package protected	MALICIOUS_CODE	MS_PKGPROTECT	39	Medium

org.apache.rat.help.Licenses

Bug	Category	Details	Line	Priority
new org.apache.rat.help.Licenses(ReportConfiguration, Writer) may expose internal representation by storing an externally mutable object into Licenses.config	MALICIOUS_CODE	EI_EXPOSE_REP2	68	Medium

org.apache.rat.report.ConfigurationReport

Bug	Category	Details	Line	Priority
new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration	MALICIOUS_CODE	EI_EXPOSE_REP2	43	Medium

org.apache.rat.report.claim.ClaimReporterMultiplexer

Bug	Category	Details	Line	Priority
new org.apache.rat.report.claim.ClaimReporterMultiplexer(IXmlWriter, boolean, DocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters	MALICIOUS_CODE	EI_EXPOSE_REP2	54	Medium

org.apache.rat.report.xml.writer.XmlWriter

Bug	Category	Details	Line	Priority
new org.apache.rat.report.xml.writer.XmlWriter(Writer) may expose internal representation by storing an externally mutable object into XmlWriter.writer	MALICIOUS_CODE	EI_EXPOSE_REP2	417	Medium

org.apache.rat.utils.DefaultLog

Bug	Category	Details	Line	Priority
Public static org.apache.rat.utils.DefaultLog.getInstance() may expose internal representation by returning DefaultLog.instance	MALICIOUS_CODE	MS_EXPOSE_REP	37	Medium

org.apache.rat.utils.Log

Bug	Category	Details	Line	Priority
Possible information exposure through an error message	SECURITY	INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE	52	Medium