SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes Bugs Errors Missing Classes
7 14 0 0

Files

Class Bugs
de.funfried.maven.plugin.zonky.StartEmbeddedPostgresMojo 11
de.funfried.maven.plugin.zonky.StopEmbeddedPostgresMojo 2
de.funfried.maven.plugins.zonky_maven_plugin.HelpMojo 1

de.funfried.maven.plugin.zonky.StartEmbeddedPostgresMojo

Bug Category Details Line Priority
Hard coded password found SECURITY HARD_CODE_PASSWORD 188 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 123 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 124 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 134 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 135 Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 147 Medium
This API (java/io/File.<init>(Ljava/lang/String;Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 147 Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) SECURITY SQL_INJECTION_JDBC 110 Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) SECURITY SQL_INJECTION_JDBC 113 Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) SECURITY SQL_INJECTION_JDBC 161 Medium
This use of java/sql/Statement.execute(Ljava/lang/String;)Z can be vulnerable to SQL injection (with JDBC) SECURITY SQL_INJECTION_JDBC 162 Medium

de.funfried.maven.plugin.zonky.StopEmbeddedPostgresMojo

Bug Category Details Line Priority
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 54 Medium
This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input SECURITY PATH_TRAVERSAL_IN 55 Medium

de.funfried.maven.plugins.zonky_maven_plugin.HelpMojo

Bug Category Details Line Priority
The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks SECURITY XXE_DOCUMENT 77 Medium