SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 243 |
47 |
0 |
6 |
de.funfried.netbeans.plugins.external.formatter.FormatterServiceDelegate
| Bug |
Category |
Details |
Line |
Priority |
| Instance-getter method of class using singleton design pattern (de.funfried.netbeans.plugins.external.formatter.FormatterServiceDelegate) is not synchronized. |
CORRECTNESS |
SING_SINGLETON_GETTER_NOT_SYNCHRONIZED |
65-75 |
Medium |
de.funfried.netbeans.plugins.external.formatter.css.cssparser.ui.CssParserFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.css.cssparser.ui.CssParserFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.css.cssparser.ui.CssParserFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
48 |
Medium |
de.funfried.netbeans.plugins.external.formatter.eclipse.mechanic.WorkspaceMechanicConfigParser
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in de.funfried.netbeans.plugins.external.formatter.eclipse.mechanic.WorkspaceMechanicConfigParser.createPropertiesFromFile(File) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
106 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
92 |
Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. |
SECURITY |
URLCONNECTION_SSRF_FD |
84 |
Medium |
de.funfried.netbeans.plugins.external.formatter.eclipse.xml.ConfigReader
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
83 |
High |
| This web server request could be used by an attacker to expose internal services and filesystem. |
SECURITY |
URLCONNECTION_SSRF_FD |
79 |
High |
de.funfried.netbeans.plugins.external.formatter.eclipse.xml.EclipseFormatterUtils
| Bug |
Category |
Details |
Line |
Priority |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
89 |
Medium |
| This API (java/io/FileInputStream.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
235 |
Medium |
| This web server request could be used by an attacker to expose internal services and filesystem. |
SECURITY |
URLCONNECTION_SSRF_FD |
231 |
Medium |
de.funfried.netbeans.plugins.external.formatter.html.jsoup.JsoupHtmlFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.html.jsoup.JsoupHtmlFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
174 |
High |
de.funfried.netbeans.plugins.external.formatter.html.jsoup.ui.JsoupHtmlFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.html.jsoup.ui.JsoupHtmlFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.html.jsoup.ui.JsoupHtmlFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.base.actions.JavaFixImportsAction
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.java.base.actions.JavaFixImportsAction at new de.funfried.netbeans.plugins.external.formatter.java.base.actions.JavaFixImportsAction() will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
39 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.eclipse.EclipseJavaFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.java.eclipse.EclipseJavaFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
234 |
High |
de.funfried.netbeans.plugins.external.formatter.java.eclipse.ui.EclipseJavaFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.java.eclipse.ui.EclipseJavaFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.java.eclipse.ui.EclipseJavaFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
74 |
Medium |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
411 |
High |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
487 |
High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
500 |
High |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
413 |
Medium |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
489 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.google.ui.GoogleJavaFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.java.google.ui.GoogleJavaFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.java.google.ui.GoogleJavaFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.palantir.PalantirJavaFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.java.palantir.PalantirJavaFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
197 |
High |
de.funfried.netbeans.plugins.external.formatter.java.palantir.ui.PalantirJavaFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.java.palantir.ui.PalantirJavaFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.java.palantir.ui.PalantirJavaFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
42 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.spring.SpringJavaFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in de.funfried.netbeans.plugins.external.formatter.java.spring.SpringJavaFormatterService.getSpacesPerTab(Document) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
205 |
Medium |
de.funfried.netbeans.plugins.external.formatter.java.spring.ui.SpringJavaFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.java.spring.ui.SpringJavaFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.java.spring.ui.SpringJavaFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
47 |
Medium |
de.funfried.netbeans.plugins.external.formatter.javascript.eclipse.EclipseJavascriptFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.javascript.eclipse.EclipseJavascriptFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
233 |
High |
de.funfried.netbeans.plugins.external.formatter.javascript.eclipse.ui.EclipseJavascriptFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.javascript.eclipse.ui.EclipseJavascriptFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.javascript.eclipse.ui.EclipseJavascriptFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
74 |
Medium |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
245 |
High |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
374 |
High |
| This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
455 |
High |
| This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
376 |
Medium |
de.funfried.netbeans.plugins.external.formatter.json.jackson.JacksonJsonFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.json.jackson.JacksonJsonFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
179 |
High |
de.funfried.netbeans.plugins.external.formatter.json.jackson.JacksonJsonFormatterWrapper
| Bug |
Category |
Details |
Line |
Priority |
| Return value of com.fasterxml.jackson.core.util.DefaultPrettyPrinter.withSeparators(Separators) ignored, is this OK in de.funfried.netbeans.plugins.external.formatter.json.jackson.JacksonJsonFormatterWrapper.format(String, String, JacksonJsonFormatterWrapper$Options) |
STYLE |
RV_RETURN_VALUE_IGNORED_INFERRED |
80 |
Medium |
de.funfried.netbeans.plugins.external.formatter.json.jackson.ui.JacksonJsonFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.json.jackson.ui.JacksonJsonFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.json.jackson.ui.JacksonJsonFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
53 |
Medium |
de.funfried.netbeans.plugins.external.formatter.sql.dbeaver.DBeaverFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.sql.dbeaver.DBeaverFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
203 |
High |
de.funfried.netbeans.plugins.external.formatter.sql.dbeaver.ui.DBeaverFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.sql.dbeaver.ui.DBeaverFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.sql.dbeaver.ui.DBeaverFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
37 |
Medium |
de.funfried.netbeans.plugins.external.formatter.sql.jsqlformatter.ui.JSQLFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.sql.jsqlformatter.ui.JSQLFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.sql.jsqlformatter.ui.JSQLFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
46 |
Medium |
de.funfried.netbeans.plugins.external.formatter.sql.sqlformatter.SQLFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.sql.sqlformatter.SQLFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
203 |
High |
de.funfried.netbeans.plugins.external.formatter.sql.sqlformatter.ui.SQLFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.sql.sqlformatter.ui.SQLFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.sql.sqlformatter.ui.SQLFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
41 |
Medium |
de.funfried.netbeans.plugins.external.formatter.ui.customizer.ProjectSpecificSettingsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.ui.customizer.ProjectSpecificSettingsPanel at new de.funfried.netbeans.plugins.external.formatter.ui.customizer.ProjectSpecificSettingsPanel(ExternalFormatterPanel, Preferences) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
65 |
Medium |
de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterPanel at new de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterPanel(Preferences, Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
137 |
Medium |
| new de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterPanel(Preferences, Project) may expose internal representation by storing an externally mutable object into ExternalFormatterPanel.preferences |
MALICIOUS_CODE |
EI_EXPOSE_REP2 |
117 |
Medium |
de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterSupportDialog
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterSupportDialog at new de.funfried.netbeans.plugins.external.formatter.ui.options.ExternalFormatterSupportDialog(Frame, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
54 |
Medium |
de.funfried.netbeans.plugins.external.formatter.xml.jsoup.JsoupXmlFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.xml.jsoup.JsoupXmlFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
173 |
High |
de.funfried.netbeans.plugins.external.formatter.xml.jsoup.ui.JsoupXmlFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.xml.jsoup.ui.JsoupXmlFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.xml.jsoup.ui.JsoupXmlFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
52 |
Medium |
de.funfried.netbeans.plugins.external.formatter.xml.revelc.RevelcXmlFormatterService
| Bug |
Category |
Details |
Line |
Priority |
| de.funfried.netbeans.plugins.external.formatter.xml.revelc.RevelcXmlFormatterService.isExpandTabToSpaces(Document, Preferences) has Boolean return type and returns explicit null |
BAD_PRACTICE |
NP_BOOLEAN_RETURN_NULL |
187 |
High |
de.funfried.netbeans.plugins.external.formatter.xml.revelc.ui.RevelcXmlFormatterOptionsPanel
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class de.funfried.netbeans.plugins.external.formatter.xml.revelc.ui.RevelcXmlFormatterOptionsPanel at new de.funfried.netbeans.plugins.external.formatter.xml.revelc.ui.RevelcXmlFormatterOptionsPanel(Project) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
54 |
Medium |
