Fork me on GitHub
Built by Maven

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.9.8

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
30 16 0 0

Files

Class Bugs
io.github.weblegacy.tlddoc.TagDirImplicitTagLibrary 3
io.github.weblegacy.tlddoc.TldFileTagLibrary 1
io.github.weblegacy.tlddoc.WarJarTagLibrary 1
io.github.weblegacy.tlddoc.main.TldDoc 5
io.github.weblegacy.tlddoc.main.TldDocGenerator 6

io.github.weblegacy.tlddoc.TagDirImplicitTagLibrary

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 270 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 267 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 267 Medium

io.github.weblegacy.tlddoc.TldFileTagLibrary

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 84 Medium

io.github.weblegacy.tlddoc.WarJarTagLibrary

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 108 Medium

io.github.weblegacy.tlddoc.main.TldDoc

Bug Category Details Line Priority
Possible information exposure through an error message SECURITY INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE 105 Medium
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 224 High
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 123 High
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 127 High
This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 156 High

io.github.weblegacy.tlddoc.main.TldDocGenerator

Bug Category Details Line Priority
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 707 Medium
A malicious XSLT could be provided to trigger remote code execution SECURITY MALICIOUS_XSLT 1288 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 707 Medium
The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks SECURITY XXE_DTD_TRANSFORM_FACTORY 1288 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 707 Medium
The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks SECURITY XXE_XSLT_TRANSFORM_FACTORY 1288 Medium