SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
7	14	0	0

Files

Class	Bugs
de.funfried.maven.plugin.zonky.StartEmbeddedPostgresMojo	11
de.funfried.maven.plugin.zonky.StopEmbeddedPostgresMojo	2
de.funfried.maven.plugins.zonky_maven_plugin.HelpMojo	1

de.funfried.maven.plugin.zonky.StartEmbeddedPostgresMojo

Bug	Category	Details	Line	Priority
Hard coded password found	SECURITY	HARD_CODE_PASSWORD	188	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	123	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	124	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	134	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	135	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	147	Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	147	Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC)	SECURITY	SQL_INJECTION_JDBC	110	Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC)	SECURITY	SQL_INJECTION_JDBC	113	Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC)	SECURITY	SQL_INJECTION_JDBC	161	Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC)	SECURITY	SQL_INJECTION_JDBC	162	Medium

de.funfried.maven.plugin.zonky.StopEmbeddedPostgresMojo

Bug	Category	Details	Line	Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	54	Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input	SECURITY	PATH_TRAVERSAL_IN	55	Medium

de.funfried.maven.plugins.zonky_maven_plugin.HelpMojo

Bug	Category	Details	Line	Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks	SECURITY	XXE_DOCUMENT	77	Medium