Fork me on GitHub

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
4585 38 0 68

Files

Class Bugs
org.apache.rat.Reporter 2
org.apache.rat.analysis.HeaderCheckWorker 1
org.apache.rat.analysis.license.SimplePatternBasedLicense 1
org.apache.rat.analysis.matchers.SimpleTextMatcher 1
org.apache.rat.annotation.AbstractLicenseAppender 1
org.apache.rat.commandline.ArgumentContext 2
org.apache.rat.config.parameters.Description 2
org.apache.rat.config.results.ClaimValidator 1
org.apache.rat.configuration.MatcherBuilderTracker 1
org.apache.rat.configuration.XMLConfigurationReader 1
org.apache.rat.configuration.XMLConfigurationWriter 1
org.apache.rat.configuration.builders.ChildContainerBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder 1
org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy 1
org.apache.rat.document.ArchiveEntryDocument 1
org.apache.rat.header.HeaderMatcher 1
org.apache.rat.help.Licenses 1
org.apache.rat.license.SimpleLicense$Builder 1
org.apache.rat.report.ConfigurationReport 1
org.apache.rat.report.claim.ClaimReporterMultiplexer 1
org.apache.rat.report.xml.writer.XmlWriter 1
org.apache.rat.tools.AntGenerator 3
org.apache.rat.tools.AntGenerator$1 1
org.apache.rat.tools.AntGenerator$GenerateType 2
org.apache.rat.tools.MavenGenerator 2
org.apache.rat.ui.UIOption 1
org.apache.rat.utils.CasedString 1
org.apache.rat.utils.DefaultLog 1
org.apache.rat.utils.Log 1
org.apache.rat.utils.ReportingSet 1
org.apache.rat.utils.StandardXmlFactory 1

org.apache.rat.Reporter

Bug Category Details Line Priority
new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 74 Medium
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 144 Medium

org.apache.rat.analysis.HeaderCheckWorker

Bug Category Details Line Priority
new org.apache.rat.analysis.HeaderCheckWorker(IHeaderMatcher, Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses MALICIOUS_CODE EI_EXPOSE_REP2 135 Medium

org.apache.rat.analysis.license.SimplePatternBasedLicense

Bug Category Details Line Priority
org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns MALICIOUS_CODE EI_EXPOSE_REP2 48 Medium

org.apache.rat.analysis.matchers.SimpleTextMatcher

Bug Category Details Line Priority
org.apache.rat.analysis.matchers.SimpleTextMatcher.finalize() does nothing except call super.finalize(); delete it BAD_PRACTICE FI_USELESS 50-52 Medium

org.apache.rat.annotation.AbstractLicenseAppender

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.annotation.AbstractLicenseAppender.append(File): new java.io.FileWriter(File) I18N DM_DEFAULT_ENCODING 311 High

org.apache.rat.commandline.ArgumentContext

Bug Category Details Line Priority
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.commandLine MALICIOUS_CODE EI_EXPOSE_REP2 53 Medium
new org.apache.rat.commandline.ArgumentContext(File, ReportConfiguration, CommandLine) may expose internal representation by storing an externally mutable object into ArgumentContext.configuration MALICIOUS_CODE EI_EXPOSE_REP2 54 Medium

org.apache.rat.config.parameters.Description

Bug Category Details Line Priority
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 85 Medium
Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. BAD_PRACTICE CT_CONSTRUCTOR_THROW 107 Medium

org.apache.rat.config.results.ClaimValidator

Bug Category Details Line Priority
Boxed value is unboxed and then immediately reboxed in org.apache.rat.config.results.ClaimValidator.lambda$setMin$0(int, ClaimStatistic$Counter, Integer) PERFORMANCE BX_UNBOXING_IMMEDIATELY_REBOXED 88 Medium

org.apache.rat.configuration.MatcherBuilderTracker

Bug Category Details Line Priority
Public static org.apache.rat.configuration.MatcherBuilderTracker.instance() may expose internal representation by returning MatcherBuilderTracker.instance MALICIOUS_CODE MS_EXPOSE_REP 55 Medium

org.apache.rat.configuration.XMLConfigurationReader

Bug Category Details Line Priority
This web server request could be used by an attacker to expose internal services and filesystem. SECURITY URLCONNECTION_SSRF_FD 180 Medium

org.apache.rat.configuration.XMLConfigurationWriter

Bug Category Details Line Priority
new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration MALICIOUS_CODE EI_EXPOSE_REP2 63 Medium

org.apache.rat.configuration.builders.ChildContainerBuilder

Bug Category Details Line Priority
Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended BAD_PRACTICE UI_INHERITANCE_UNSAFE_GETRESOURCE 62 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder

Bug Category Details Line Priority
org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers MALICIOUS_CODE EI_EXPOSE_REP2 67 Medium

org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy

Bug Category Details Line Priority
new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers MALICIOUS_CODE EI_EXPOSE_REP2 114 Medium

org.apache.rat.document.ArchiveEntryDocument

Bug Category Details Line Priority
new org.apache.rat.document.ArchiveEntryDocument(ArchiveEntryName, byte[], DocumentNameMatcher) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents MALICIOUS_CODE EI_EXPOSE_REP2 45 Medium

org.apache.rat.header.HeaderMatcher

Bug Category Details Line Priority
new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers MALICIOUS_CODE EI_EXPOSE_REP2 55 Medium

org.apache.rat.help.Licenses

Bug Category Details Line Priority
new org.apache.rat.help.Licenses(ReportConfiguration, Writer) may expose internal representation by storing an externally mutable object into Licenses.config MALICIOUS_CODE EI_EXPOSE_REP2 68 Medium

org.apache.rat.license.SimpleLicense$Builder

Bug Category Details Line Priority
org.apache.rat.license.SimpleLicense$Builder.setLicenseFamilies(SortedSet) may expose internal representation by storing an externally mutable object into SimpleLicense$Builder.licenseFamilies MALICIOUS_CODE EI_EXPOSE_REP2 211 Medium

org.apache.rat.report.ConfigurationReport

Bug Category Details Line Priority
new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration MALICIOUS_CODE EI_EXPOSE_REP2 43 Medium

org.apache.rat.report.claim.ClaimReporterMultiplexer

Bug Category Details Line Priority
new org.apache.rat.report.claim.ClaimReporterMultiplexer(IXmlWriter, boolean, DocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters MALICIOUS_CODE EI_EXPOSE_REP2 54 Medium

org.apache.rat.report.xml.writer.XmlWriter

Bug Category Details Line Priority
Found reliance on default encoding in org.apache.rat.report.xml.writer.XmlWriter.append(Document): java.io.ByteArrayOutputStream.toString() I18N DM_DEFAULT_ENCODING 330 High

org.apache.rat.tools.AntGenerator

Bug Category Details Line Priority
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.AntGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 136 Medium
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.getElementClass(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 228 Medium
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator.main(String[]) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 170 Medium

org.apache.rat.tools.AntGenerator$1

Bug Category Details Line Priority
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator$1.getMethod(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 70 Medium

org.apache.rat.tools.AntGenerator$GenerateType

Bug Category Details Line Priority
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator$GenerateType.getMethod(AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 248 Medium
Format string should use %n rather than \n in org.apache.rat.tools.AntGenerator$GenerateType.getPattern(AntOption, AntOption) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 266 Medium

org.apache.rat.tools.MavenGenerator

Bug Category Details Line Priority
Exceptional return value of java.io.File.mkdirs() ignored in org.apache.rat.tools.MavenGenerator.main(String[]) BAD_PRACTICE RV_RETURN_VALUE_IGNORED_BAD_PRACTICE 80 Medium
Format string should use %n rather than \n in org.apache.rat.tools.MavenGenerator.main(String[]) BAD_PRACTICE VA_FORMAT_STRING_USES_NEWLINE 109 Medium

org.apache.rat.ui.UIOption

Bug Category Details Line Priority
The regular expression "-?-([A-Za-z0-9]+-?)+" is vulnerable to a denial of service attack (ReDOS) SECURITY REDOS 42 Medium

org.apache.rat.utils.CasedString

Bug Category Details Line Priority
new org.apache.rat.utils.CasedString(CasedString$StringCase, String[]) may expose internal representation by storing an externally mutable object into CasedString.segments MALICIOUS_CODE EI_EXPOSE_REP2 65 Medium

org.apache.rat.utils.DefaultLog

Bug Category Details Line Priority
Public static org.apache.rat.utils.DefaultLog.getInstance() may expose internal representation by returning DefaultLog.instance MALICIOUS_CODE MS_EXPOSE_REP 37 Medium

org.apache.rat.utils.Log

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 52 Medium

org.apache.rat.utils.ReportingSet

Bug Category Details Line Priority
new org.apache.rat.utils.ReportingSet(SortedSet) may expose internal representation by storing an externally mutable object into ReportingSet.delegate MALICIOUS_CODE EI_EXPOSE_REP2 55 Medium

org.apache.rat.utils.StandardXmlFactory

Bug Category Details Line Priority
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 59 Medium