SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 39 |
26 |
0 |
0 |
org.apache.rat.documentation.Exporter
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
84 |
High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
91 |
High |
org.apache.rat.documentation.options.AbstractOption
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.rat.documentation.options.AbstractOption.getOption() may expose internal representation by returning AbstractOption.option |
MALICIOUS_CODE |
EI_EXPOSE_REP |
72 |
Medium |
| The regular expression "-(-[a-z0-9]+)+" is vulnerable to a denial of service attack (ReDOS) |
SECURITY |
REDOS |
44 |
Medium |
org.apache.rat.documentation.options.AntOption$2
| Bug |
Category |
Details |
Line |
Priority |
| Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$2.getMethodFormat(AntOption) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
153 |
Medium |
org.apache.rat.documentation.options.AntOption$BuildType
| Bug |
Category |
Details |
Line |
Priority |
| Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$BuildType.getMethodFormat(AntOption) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
360 |
Medium |
| Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$BuildType.getMultipleFormat(AntOption) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
351 |
Medium |
org.apache.rat.documentation.velocity.Matcher
| Bug |
Category |
Details |
Line |
Priority |
| org.apache.rat.documentation.velocity.Matcher.getAttributes() may expose internal representation by returning Matcher.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
132 |
Medium |
org.apache.rat.tools.AntDocumentation
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
67 |
High |
org.apache.rat.tools.AntGenerator
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
147 |
High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
147 |
High |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
147 |
Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.AntGenerator.main(String[]) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
148 |
Medium |
| Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.getElementClass(AntOption) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
236 |
Medium |
| Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.main(String[]) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
181 |
Medium |
org.apache.rat.tools.AntGenerator$GenerateType
| Bug |
Category |
Details |
Line |
Priority |
| Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator$GenerateType.getMethodFormat(AntOption) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
255 |
Medium |
org.apache.rat.tools.ArgumentTypes
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_OUT |
44 |
High |
org.apache.rat.tools.MavenGenerator
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
79 |
High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
79 |
High |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
79 |
Medium |
| Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.MavenGenerator.main(String[]) |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
81 |
Medium |
| Format string should use %n rather than \n in org.apache.rat.tools.MavenGenerator.main(String[]) |
BAD_PRACTICE |
VA_FORMAT_STRING_USES_NEWLINE |
112 |
Medium |
org.apache.rat.tools.Naming
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_OUT |
159 |
Medium |
org.apache.rat.tools.xsd.XsdGenerator
| Bug |
Category |
Details |
Line |
Priority |
| A malicious XSLT could be provided to trigger remote code execution |
SECURITY |
MALICIOUS_XSLT |
78 |
Medium |
| The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DTD_TRANSFORM_FACTORY |
74 |
Medium |
| The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks |
SECURITY |
XXE_XSLT_TRANSFORM_FACTORY |
74 |
Medium |
Apache RAT
Maven