SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
Classes |
Bugs |
Errors |
Missing Classes |
7 |
14 |
0 |
0 |
de.funfried.maven.plugin.zonky.StartEmbeddedPostgresMojo
Bug |
Category |
Details |
Line |
Priority |
Hard coded password found |
SECURITY |
HARD_CODE_PASSWORD |
188 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
123 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
124 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
134 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
135 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
147 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
147 |
Medium |
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) |
SECURITY |
SQL_INJECTION_JDBC |
110 |
Medium |
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) |
SECURITY |
SQL_INJECTION_JDBC |
113 |
Medium |
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) |
SECURITY |
SQL_INJECTION_JDBC |
161 |
Medium |
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) |
SECURITY |
SQL_INJECTION_JDBC |
162 |
Medium |
de.funfried.maven.plugin.zonky.StopEmbeddedPostgresMojo
Bug |
Category |
Details |
Line |
Priority |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
54 |
Medium |
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input |
SECURITY |
PATH_TRAVERSAL_IN |
55 |
Medium |
de.funfried.maven.plugins.zonky_maven_plugin.HelpMojo
Bug |
Category |
Details |
Line |
Priority |
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks |
SECURITY |
XXE_DOCUMENT |
77 |
Medium |