SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.9.8
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 26 |
19 |
0 |
2 |
io.github.weblegacy.maven.plugin.taglib.AbstractReportMojoEx
| Bug |
Category |
Details |
Line |
Priority |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
93 |
Medium |
io.github.weblegacy.maven.plugin.taglib.Taglib
| Bug |
Category |
Details |
Line |
Priority |
| io.github.weblegacy.maven.plugin.taglib.Taglib.getFunctionClasses() may expose internal representation by returning Taglib.functionClasses |
MALICIOUS_CODE |
EI_EXPOSE_REP |
84 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.Taglib.setFunctionClasses(String[]) may expose internal representation by storing an externally mutable object into Taglib.functionClasses |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
93 |
Medium |
io.github.weblegacy.maven.plugin.taglib.TaglibdocJar
| Bug |
Category |
Details |
Line |
Priority |
| new io.github.weblegacy.maven.plugin.taglib.TaglibdocJar(MavenProjectHelper) may expose internal representation by storing an externally mutable object into TaglibdocJar.projectHelper |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
92 |
Medium |
io.github.weblegacy.maven.plugin.taglib.TagreferenceRenderer
| Bug |
Category |
Details |
Line |
Priority |
| new io.github.weblegacy.maven.plugin.taglib.TagreferenceRenderer(Sink, Locale, Tld[], boolean, Log) may expose internal representation by storing an externally mutable object into TagreferenceRenderer.tlds |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
89 |
Medium |
io.github.weblegacy.maven.plugin.taglib.TldGenerateMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/io/File;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
211 |
Medium |
io.github.weblegacy.maven.plugin.taglib.ValidateMojo
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
79 |
Medium |
io.github.weblegacy.maven.plugin.taglib.ValidateRenderer
| Bug |
Category |
Details |
Line |
Priority |
| new io.github.weblegacy.maven.plugin.taglib.ValidateRenderer(Sink, Locale, Tld[], Log, ClassLoader) may expose internal representation by storing an externally mutable object into ValidateRenderer.tlds |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
128 |
Medium |
io.github.weblegacy.maven.plugin.taglib.checker.Tag
| Bug |
Category |
Details |
Line |
Priority |
| io.github.weblegacy.maven.plugin.taglib.checker.Tag.getAttributes() may expose internal representation by returning Tag.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP |
71 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tag.getVariables() may expose internal representation by returning Tag.variables |
MALICIOUS_CODE |
EI_EXPOSE_REP |
128 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tag.setAttributes(TagAttribute[]) may expose internal representation by storing an externally mutable object into Tag.attributes |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
80 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tag.setVariables(TagVariable[]) may expose internal representation by storing an externally mutable object into Tag.variables |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
132 |
Medium |
io.github.weblegacy.maven.plugin.taglib.checker.Tld
| Bug |
Category |
Details |
Line |
Priority |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.getFunctions() may expose internal representation by returning Tld.functions |
MALICIOUS_CODE |
EI_EXPOSE_REP |
222 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.getTagfiles() may expose internal representation by returning Tld.tagfiles |
MALICIOUS_CODE |
EI_EXPOSE_REP |
240 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.getTags() may expose internal representation by returning Tld.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP |
124 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.setFunctions(ElFunction[]) may expose internal representation by storing an externally mutable object into Tld.functions |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
231 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.setTagfiles(TagFile[]) may expose internal representation by storing an externally mutable object into Tld.tagfiles |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
249 |
Medium |
| io.github.weblegacy.maven.plugin.taglib.checker.Tld.setTags(Tag[]) may expose internal representation by storing an externally mutable object into Tld.tags |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
151 |
Medium |
io.github.weblegacy.taglib_maven_plugin.HelpMojo
| Bug |
Category |
Details |
Line |
Priority |
| The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |
