Fork me on GitHub

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
257 91 0 0

Files

Class Bugs
org.apache.rat.Defaults 1
org.apache.rat.Defaults$Builder 2
org.apache.rat.OptionCollection 1
org.apache.rat.ReportConfiguration 2
org.apache.rat.ReportConfiguration$NoCloseOutputStream 1
org.apache.rat.Reporter 5
org.apache.rat.analysis.HeaderCheckWorker 3
org.apache.rat.analysis.license.SimplePatternBasedLicense 2
org.apache.rat.analysis.matchers.CopyrightMatcher 2
org.apache.rat.analysis.matchers.SimpleTextMatcher 2
org.apache.rat.annotation.AbstractLicenseAppender 1
org.apache.rat.api.Document 1
org.apache.rat.commandline.Arg 2
org.apache.rat.commandline.ArgumentContext 4
org.apache.rat.commandline.Converters$FileConverter 2
org.apache.rat.commandline.StyleSheets 1
org.apache.rat.config.exclusion.fileProcessors.CVSIgnoreBuilder 1
org.apache.rat.config.exclusion.fileProcessors.GitIgnoreBuilder 1
org.apache.rat.config.exclusion.plexus.MatchPattern 2
org.apache.rat.config.parameters.Description 3
org.apache.rat.config.results.ClaimValidator 1
org.apache.rat.configuration.MatcherBuilderTracker 1
org.apache.rat.configuration.XMLConfigurationReader 3
org.apache.rat.configuration.XMLConfigurationWriter 1
org.apache.rat.configuration.builders.ChildContainerBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy 1
org.apache.rat.document.ArchiveEntryDocument 1
org.apache.rat.document.ArchiveEntryName 2
org.apache.rat.document.DocumentName 2
org.apache.rat.document.DocumentNameMatcher$FileFilterPredicate 1
org.apache.rat.documentation.Exporter 2
org.apache.rat.documentation.options.AbstractOption 2
org.apache.rat.documentation.options.AntOption$2 1
org.apache.rat.documentation.options.AntOption$BuildType 2
org.apache.rat.documentation.velocity.Matcher 1
org.apache.rat.header.HeaderMatcher 1
org.apache.rat.help.Help 1
org.apache.rat.help.Licenses 1
org.apache.rat.license.SimpleLicense$Builder 1
org.apache.rat.report.ConfigurationReport 1
org.apache.rat.report.claim.ClaimReporterMultiplexer 1
org.apache.rat.report.claim.LicenseAddingReport 1
org.apache.rat.report.xml.writer.XmlWriter 1
org.apache.rat.tools.AntDocumentation 1
org.apache.rat.tools.AntGenerator 6
org.apache.rat.tools.AntGenerator$GenerateType 1
org.apache.rat.tools.ArgumentTypes 1
org.apache.rat.tools.MavenGenerator 5
org.apache.rat.tools.Naming 1
org.apache.rat.tools.xsd.XsdGenerator 3
org.apache.rat.utils.DefaultLog 1
org.apache.rat.utils.Log 1
org.apache.rat.utils.ReportingSet 1

org.apache.rat.Defaults

Bug Category Details Line Priority
org.apache.rat.Defaults.getLicenseSetFactory() may expose internal representation by returning Defaults.setFactory MALICIOUS_CODE EI_EXPOSE_REP 146 Medium

org.apache.rat.Defaults$Builder

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 189 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 217 Medium

org.apache.rat.OptionCollection

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 195 Medium

org.apache.rat.ReportConfiguration

Bug Category Details Line Priority
org.apache.rat.ReportConfiguration.getClaimValidator() may expose internal representation by returning ReportConfiguration.claimValidator MALICIOUS_CODE EI_EXPOSE_REP 804 Medium
org.apache.rat.ReportConfiguration.getLicenseSetFactory() may expose internal representation by returning ReportConfiguration.licenseSetFactory MALICIOUS_CODE EI_EXPOSE_REP 812 Medium

org.apache.rat.ReportConfiguration$NoCloseOutputStream

Bug Category Details Line Priority
new org.apache.rat.ReportConfiguration$NoCloseOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ReportConfiguration$NoCloseOutputStream.delegate MALICIOUS_CODE EI_EXPOSE_REP2 845 Medium

org.apache.rat.Reporter

Bug Category Details Line Priority
new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 74 Medium
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 144 Medium
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 99 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 140 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 140 Medium

org.apache.rat.analysis.HeaderCheckWorker

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 131 Medium
Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 112 Medium
new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses MALICIOUS_CODE EI_EXPOSE_REP2 135 Medium

org.apache.rat.analysis.license.SimplePatternBasedLicense

Bug Category Details Line Priority
org.apache.rat.analysis.license.SimplePatternBasedLicense.getPatterns() may expose internal representation by returning SimplePatternBasedLicense.patterns MALICIOUS_CODE EI_EXPOSE_REP 44 Medium
org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns MALICIOUS_CODE EI_EXPOSE_REP2 48 Medium

org.apache.rat.analysis.matchers.CopyrightMatcher

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 100 Medium
Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 126 Medium

org.apache.rat.analysis.matchers.SimpleTextMatcher

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 44 Medium
Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 56 Medium

org.apache.rat.annotation.AbstractLicenseAppender

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 301 Medium

org.apache.rat.api.Document

Bug Category Details Line Priority
org.apache.rat.api.Document.getMetaData() may expose internal representation by returning Document.metaData MALICIOUS_CODE EI_EXPOSE_REP 127 Medium

org.apache.rat.commandline.Arg

Bug Category Details Line Priority
org.apache.rat.commandline.Arg.group() may expose internal representation by returning Arg.group MALICIOUS_CODE EI_EXPOSE_REP 555 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 739 Medium

org.apache.rat.commandline.ArgumentContext

Bug Category Details Line Priority
org.apache.rat.commandline.ArgumentContext.getCommandLine() may expose internal representation by returning ArgumentContext.commandLine MALICIOUS_CODE EI_EXPOSE_REP 85 Medium
org.apache.rat.commandline.ArgumentContext.getConfiguration() may expose internal representation by returning ArgumentContext.configuration MALICIOUS_CODE EI_EXPOSE_REP 77 Medium
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.commandLine MALICIOUS_CODE EI_EXPOSE_REP2 52 Medium
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.configuration MALICIOUS_CODE EI_EXPOSE_REP2 53 Medium

org.apache.rat.commandline.Converters$FileConverter

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 102 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 108 Medium

org.apache.rat.commandline.StyleSheets

Bug Category Details Line Priority
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 91 Medium

org.apache.rat.config.exclusion.fileProcessors.CVSIgnoreBuilder

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 49 Medium

org.apache.rat.config.exclusion.fileProcessors.GitIgnoreBuilder

Bug Category Details Line Priority
It is preferable to use portable Java property 'user.home' instead of environment variable 'HOME' in method org.apache.rat.config.exclusion.fileProcessors.GitIgnoreBuilder.globalGitIgnore(). BAD_PRACTICE ENV_USE_PROPERTY_INSTEAD_OF_ENV 161 Medium

org.apache.rat.config.exclusion.plexus.MatchPattern

Bug Category Details Line Priority
org.apache.rat.config.exclusion.plexus.MatchPattern.getTokenizedPathChars() may expose internal representation by returning MatchPattern.tokenizedChar MALICIOUS_CODE EI_EXPOSE_REP 111 Medium
org.apache.rat.config.exclusion.plexus.MatchPattern.getTokenizedPathString() may expose internal representation by returning MatchPattern.tokenized MALICIOUS_CODE EI_EXPOSE_REP 107 Medium

org.apache.rat.config.parameters.Description

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 85 Medium
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 107 Medium
org.apache.rat.config.parameters.Description.getChildren() may expose internal representation by returning Description.children MALICIOUS_CODE EI_EXPOSE_REP 190 Medium

org.apache.rat.config.results.ClaimValidator

Bug Category Details Line Priority
Boxed value is unboxed and then immediately reboxed in org.apache.rat.config.results.ClaimValidator.lambda$setMin$1(int, ClaimStatistic$Counter, Integer) PERFORMANCE BX_UNBOXING_IMMEDIATELY_REBOXED 88 Medium

org.apache.rat.configuration.MatcherBuilderTracker

Bug Category Details Line Priority
Public static org.apache.rat.configuration.MatcherBuilderTracker.instance() may expose internal representation by returning MatcherBuilderTracker.instance MALICIOUS_CODE MS_EXPOSE_REP 55 Medium

org.apache.rat.configuration.XMLConfigurationReader

Bug Category Details Line Priority
This web server request could be used by an attacker to expose internal services and filesystem. SECURITY URLCONNECTION_SSRF_FD 180 Medium
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 162 Medium
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 181 Medium

org.apache.rat.configuration.XMLConfigurationWriter

Bug Category Details Line Priority
new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 63 Medium

org.apache.rat.configuration.builders.ChildContainerBuilder

Bug Category Details Line Priority
Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended BAD_PRACTICE UI_INHERITANCE_UNSAFE_GETRESOURCE 62 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder

Bug Category Details Line Priority
org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers MALICIOUS_CODE EI_EXPOSE_REP2 67 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy

Bug Category Details Line Priority
new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers MALICIOUS_CODE EI_EXPOSE_REP2 114 Medium

org.apache.rat.document.ArchiveEntryDocument

Bug Category Details Line Priority
new org.apache.rat.document.ArchiveEntryDocument(ArchiveEntryName, byte[], DocumentNameMatcher) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents MALICIOUS_CODE EI_EXPOSE_REP2 45 Medium

org.apache.rat.document.ArchiveEntryName

Bug Category Details Line Priority
org.apache.rat.document.ArchiveEntryName doesn't override DocumentName.equals(Object) STYLE EQ_DOESNT_OVERRIDE_EQUALS 1 Medium
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 50 Medium

org.apache.rat.document.DocumentName

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 131 Medium
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 139 Medium

org.apache.rat.document.DocumentNameMatcher$FileFilterPredicate

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 394 Medium

org.apache.rat.documentation.Exporter

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 84 High
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 91 High

org.apache.rat.documentation.options.AbstractOption

Bug Category Details Line Priority
org.apache.rat.documentation.options.AbstractOption.getOption() may expose internal representation by returning AbstractOption.option MALICIOUS_CODE EI_EXPOSE_REP 72 Medium
The regular expression "-(-[a-z0-9]+)+" is vulnerable to a denial of service attack (ReDOS) SECURITY REDOS 44 Medium

org.apache.rat.documentation.options.AntOption$2

Bug Category Details Line Priority
Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$2.getMethodFormat(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 153 Medium

org.apache.rat.documentation.options.AntOption$BuildType

Bug Category Details Line Priority
Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$BuildType.getMethodFormat(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 360 Medium
Format string should use %n rather than \n in org.apache.rat.documentation.options.AntOption$BuildType.getMultipleFormat(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 351 Medium

org.apache.rat.documentation.velocity.Matcher

Bug Category Details Line Priority
org.apache.rat.documentation.velocity.Matcher.getAttributes() may expose internal representation by returning Matcher.attributes MALICIOUS_CODE EI_EXPOSE_REP 132 Medium

org.apache.rat.header.HeaderMatcher

Bug Category Details Line Priority
new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers MALICIOUS_CODE EI_EXPOSE_REP2 55 Medium

org.apache.rat.help.Help

Bug Category Details Line Priority
org.apache.rat.help.Help.NOTES should be package protected MALICIOUS_CODE MS_PKGPROTECT 39 Medium

org.apache.rat.help.Licenses

Bug Category Details Line Priority
new org.apache.rat.help.Licenses(ReportConfiguration, Writer) may expose internal representation by storing an externally mutable object into Licenses.config MALICIOUS_CODE EI_EXPOSE_REP2 68 Medium

org.apache.rat.license.SimpleLicense$Builder

Bug Category Details Line Priority
org.apache.rat.license.SimpleLicense$Builder.setLicenseFamilies(SortedSet) may expose internal representation by storing an externally mutable object into SimpleLicense$Builder.licenseFamilies MALICIOUS_CODE EI_EXPOSE_REP2 211 Medium

org.apache.rat.report.ConfigurationReport

Bug Category Details Line Priority
new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration MALICIOUS_CODE EI_EXPOSE_REP2 43 Medium

org.apache.rat.report.claim.ClaimReporterMultiplexer

Bug Category Details Line Priority
new org.apache.rat.report.claim.ClaimReporterMultiplexer(IXmlWriter, boolean, DocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters MALICIOUS_CODE EI_EXPOSE_REP2 54 Medium

org.apache.rat.report.claim.LicenseAddingReport

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 52 Medium

org.apache.rat.report.xml.writer.XmlWriter

Bug Category Details Line Priority
new org.apache.rat.report.xml.writer.XmlWriter(Writer) may expose internal representation by storing an externally mutable object into XmlWriter.writer MALICIOUS_CODE EI_EXPOSE_REP2 417 Medium

org.apache.rat.tools.AntDocumentation

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 67 High

org.apache.rat.tools.AntGenerator

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 147 High
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 147 High
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 147 Medium
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.AntGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 148 Medium
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.getElementClass(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 236 Medium
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.main(String[]) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 181 Medium

org.apache.rat.tools.AntGenerator$GenerateType

Bug Category Details Line Priority
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator$GenerateType.getMethodFormat(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 255 Medium

org.apache.rat.tools.ArgumentTypes

Bug Category Details Line Priority
This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 44 High

org.apache.rat.tools.MavenGenerator

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 79 High
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 79 High
This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 79 Medium
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.MavenGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 81 Medium
Format string should use %n rather than \n in org.apache.rat.tools.MavenGenerator.main(String[]) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 112 Medium

org.apache.rat.tools.Naming

Bug Category Details Line Priority
This API (java/io/FileWriter.<init>(Ljava/lang/String;)V) writes to a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_OUT 159 Medium

org.apache.rat.tools.xsd.XsdGenerator

Bug Category Details Line Priority
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 78 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 74 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 74 Medium

org.apache.rat.utils.DefaultLog

Bug Category Details Line Priority
Public static org.apache.rat.utils.DefaultLog.getInstance() may expose internal representation by returning DefaultLog.instance MALICIOUS_CODE MS_EXPOSE_REP 44 Medium

org.apache.rat.utils.Log

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 52 Medium

org.apache.rat.utils.ReportingSet

Bug Category Details Line Priority
new org.apache.rat.utils.ReportingSet(SortedSet) may expose internal representation by storing an externally mutable object into ReportingSet.delegate MALICIOUS_CODE EI_EXPOSE_REP2 52 Medium