Google Git
Sign in
apache / creadur-site / HEAD / . / rat017 / apache-rat-plugin / spotbugs.html
blob: 7c6492425a4941a9f7d194a7ef10f877e27a35df [file] [log] [blame]
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 2.0.0 from com.github.spotbugs:spotbugs-maven-plugin:4.8.6.6:spotbugs at 2025-09-13
| Rendered using Apache Maven Fluido Skin 2.1.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="generator" content="Apache Maven Doxia Site Renderer 2.0.0" />
<title>SpotBugs Bug Detector Report – Apache RAT™ Plugin for Apache Maven</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-2.1.0.min.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<script src="./js/apache-maven-fluido-2.1.0.min.js"></script>
<link href="https://creadur.apache.org/font/matesc.css" type="text/css" rel="stylesheet" />
</head>
<body>
<a class="github-fork-ribbon right-top" href="https://github.com/apache/creadur-rat" data-ribbon="Fork me on GitHub">Fork me on GitHub</a>
<div class="container-fluid container-fluid-top">
<header>
<div id="banner">
<div class="pull-left"><div id="bannerLeft"><h1><a href="https://www.apache.org/"><img src="https://www.apache.org/img/asf_logo.png" alt="The Apache Software Foundation" /> Apache RAT</a></h1></div></div>
<div class="pull-right"></div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li id="publishDate">Last Published: 2025-09-13<span class="divider">|</span>
</li>
<li id="projectVersion">Version: 0.17-SNAPSHOT<span class="divider">|</span></li>
<li><a href="https://www.apache.org/">Apache</a><span class="divider">/</span></li>
<li><a href="../../">Creadur</a><span class="divider">/</span></li>
<li><a href="../">RAT</a><span class="divider">/</span></li>
<li><a href="index.html">Apache RAT™ Plugin for Apache Maven</a><span class="divider">/</span></li>
<li class="active">SpotBugs Bug Detector Report</li>
</ul>
</div>
</header>
<div class="row-fluid">
<header id="leftColumn" class="span2">
<nav class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Parent Project</li>
<li><a href="../index.html">Apache Creadur RAT</a></li>
<li class="nav-header">Overview</li>
<li><a href="index.html">Introduction</a></li>
<li><a href="plugin-info.html">Goals</a></li>
<li><a href="usage.html">Usage</a></li>
<li><a href="mvn_options.html">Maven Options</a></li>
<li><a href="faq.html">FAQ</a></li>
<li class="nav-header">Examples</li>
<li><a href="examples/basic.html">Basic use</a></li>
<li><a href="examples/verify.html">Running the plugin automatically</a></li>
<li><a href="examples/site.html">Adding a report to the site</a></li>
<li><a href="examples/custom-license.html">Custom license</a></li>
<li class="nav-header">Project Documentation</li>
<li><a href="project-info.html"><span class="icon-chevron-right"></span>Project Information</a></li>
<li><a href="project-reports.html"><span class="icon-chevron-down"></span>Project Reports</a>
<ul class="nav nav-list">
<li><a href="changes.html">Changes</a></li>
<li><a href="jira-changes.html">JIRA Report</a></li>
<li><a href="taglist.html">Tag List</a></li>
<li><a href="checkstyle.html">Checkstyle</a></li>
<li><a href="apidocs/index.html">Javadoc</a></li>
<li><a href="xref/index.html">Source Xref</a></li>
<li><a href="xref-test/index.html">Test Source Xref</a></li>
<li><a href="pmd.html">PMD</a></li>
<li><a href="rat-report.html">Rat Report</a></li>
<li class="active"><a>SpotBugs</a></li>
<li><a href="plugin-info.html">Plugin Documentation</a></li>
</ul></li>
<li class="nav-header">Apache RAT™</li>
<li><a href="../index.html">Introducing RAT</a></li>
<li><a href="../download_rat.cgi">Downloads</a></li>
<li><a href="../changes.html">Changes</a></li>
<li class="nav-header">RAT from the Command Line</li>
<li><a href="../apache-rat/index.html">Command Line Introduction</a></li>
<li><a href="../apache-rat/cli_options.html">Command Line Options</a></li>
<li><a href="../apache-rat-core/exclusion_expression.html">Exclusion Expressions</a></li>
<li><a href="../apache-rat/standard_collections.html">Standard Collections</a></li>
<li class="nav-header">RAT from Ant</li>
<li><a href="../apache-rat-tasks/index.html">Ant Task Introduction</a></li>
<li><a href="../apache-rat-tasks/ant_options.html">Ant Elements and Attributes</a></li>
<li class="nav-header">RAT from Maven</li>
<li><a href="../apache-rat-plugin/index.html">Maven Plugin Introduction</a></li>
<li><a href="../apache-rat-plugin/mvn_options.html">Maven Options</a></li>
<li><a href="../apache-rat-plugin/examples/index.html">Maven Examples</a></li>
<li class="nav-header">Configuring RAT</li>
<li><a href="../apache-rat/name_xref.html">Option Name Cross Reference</a></li>
<li><a href="../apache-rat/default_licenses.html">Default Licenses</a></li>
<li><a href="../apache-rat/default_matchers.html">Default Matchers</a></li>
<li><a href="../license_def.html">Defining New Licenses</a></li>
<li><a href="../apache-rat/xsd.html">Configuration XSD</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-rat/blob/master/apache-rat-core/src/main/resources/org/apache/rat/default.xml">Default Configuration</a></li>
<li><a href="../apache-rat/detecting_generated_files.html">Detecting Generated Files</a></li>
<li class="nav-header">RAT Output</li>
<li><a href="../apache-rat/output/example.html">Standard Output Example</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-rat/blob/master/apache-rat-core/src/main/resources/org/apache/rat/rat-report.xsd">Output XSD</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-rat/blob/master/apache-rat-core/src/main/resources/org/apache/rat/plain-rat.xsl">XSLT - Plain text</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-rat/blob/master/apache-rat-core/src/main/resources/org/apache/rat/missing-headers.xsl">XSLT - Missing headers list</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-rat/blob/master/apache-rat-core/src/main/resources/org/apache/rat/unapproved-licenses.xsl">XSLT - Unapproved licenses list</a></li>
<li class="nav-header">Developing RAT</li>
<li><a href="../architecture.html">Architecture</a></li>
<li><a href="../apidocs/index.html">Javadocs</a></li>
<li><a href="../apache-rat-core/development/document_name.html">Document Name concept</a></li>
<li><a href="../development/ui_implementation.html">UI Development</a></li>
<li><a href="../apache-rat-core/development/write_file_processor.html">Writing a File Processor</a></li>
<li class="nav-header">Apache Creadur™</li>
<li><a href="../..">Creadur Project Home</a></li>
<li><a href="../../tentacles">Apache Tentacles</a></li>
<li><a href="../../whisker">Apache Whisker</a></li>
<li><a href="https://www.apache.org/security/">Security</a></li>
<li><a href="https://www.apache.org/licenses/">License</a></li>
<li><a href="https://privacy.apache.org/policies/privacy-policy-public.html">Privacy</a></li>
<li><a href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
<li><a href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
<li class="nav-header">The Apache Software Foundation</li>
<li><a href="https://www.apache.org/foundation">About the Foundation</a></li>
<li><a href="https://projects.apache.org">The projects</a></li>
<li><a href="https://people.apache.org">The people</a></li>
<li><a href="https://www.apache.org/foundation/how-it-works.html">How we work</a></li>
<li><a href="https://www.apache.org/foundation/how-it-works.html#history">Our history</a></li>
<li><a href="https://blogs.apache.org/foundation/">News</a></li>
<li class="nav-header">Contribute</li>
<li><a href="https://www.apache.org/foundation/getinvolved.html">Get Involved</a></li>
<li class="nav-header">Committer Info</li>
<li><a href="https://www.apache.org/dev/committers.html">ASF Committers&apos; FAQ</a></li>
<li><a href="https://www.apache.org/dev/new-committers-guide.html">New Committers Guide</a></li>
<li><a href="https://gitbox.apache.org/repos/asf/creadur-site/blob/asf-site/README.md">How to publish this site</a></li>
<li><a href="https://community.apache.org/">Community</a></li>
<li><a href="https://www.apache.org/legal/">Legal</a></li>
<li><a href="https://www.apache.org/foundation/marks/">Branding</a></li>
<li><a href="https://www.apache.org/press/">Media Relations</a></li>
</ul>
</nav>
<div class="well sidebar-nav">
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<a href="https://maven.apache.org/" class="builtBy"><img class="builtBy" src="https://maven.apache.org/images/logos/maven-feather.png" /> Maven</a>
</div>
</div>
</header>
<main id="bodyColumn" class="span10">
<section>
<h1>SpotBugs Bug Detector Report</h1>
<p>The following document contains the results of <a class="externalLink" href="https://spotbugs.github.io/">SpotBugs</a></p>
<p>SpotBugs Version is <i>4.8.6</i></p>
<p>Threshold is <i>medium</i></p>
<p>Effort is <i>default</i></p></section><section>
<h1>Summary</h1>
<table class="table table-striped">
<tr class="a">
<th>Classes</th>
<th>Bugs</th>
<th>Errors</th>
<th>Missing Classes</th></tr>
<tr class="b">
<td>20</td>
<td>10</td>
<td>0</td>
<td>0</td></tr></table></section><section>
<h1>Files</h1>
<table class="table table-striped">
<tr class="a">
<th>Class</th>
<th>Bugs</th></tr>
<tr class="b">
<td><a href="#org.apache.rat.mp.AbstractRatMojo">org.apache.rat.mp.AbstractRatMojo</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.mp.RatCheckMojo">org.apache.rat.mp.RatCheckMojo</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.mp.RatReportMojo">org.apache.rat.mp.RatReportMojo</a></td>
<td>4</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.mp.Regex">org.apache.rat.mp.Regex</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.plugin.HelpMojo">org.apache.rat.plugin.HelpMojo</a></td>
<td>1</td></tr></table></section><a name="org.apache.rat.mp.AbstractRatMojo"></a><section>
<h2>org.apache.rat.mp.AbstractRatMojo</h2>
<table class="table table-striped">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/mp/AbstractRatMojo.html#L486">486</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.mp.RatCheckMojo"></a><section>
<h2>org.apache.rat.mp.RatCheckMojo</h2>
<table class="table table-striped">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/mp/RatCheckMojo.html#L238">238</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Exception is caught when Exception is not thrown in org.apache.rat.mp.RatCheckMojo.check(ReportConfiguration)</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#REC_CATCH_EXCEPTION">REC_CATCH_EXCEPTION</a></td>
<td><a href="./xref/org/apache/rat/mp/RatCheckMojo.html#L209">209</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.mp.RatReportMojo"></a><section>
<h2>org.apache.rat.mp.RatReportMojo</h2>
<table class="table table-striped">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.mp.RatReportMojo.getSink() may expose internal representation by returning RatReportMojo.sink</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td>
<td><a href="./xref/org/apache/rat/mp/RatReportMojo.html#L331">331</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>org.apache.rat.mp.RatReportMojo.generate(Sink, SinkFactory, Locale) may expose internal representation by storing an externally mutable object into RatReportMojo.sink</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/mp/RatReportMojo.html#L261">261</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/mp/RatReportMojo.html#L142">142</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/mp/RatReportMojo.html#L281">281</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.mp.Regex"></a><section>
<h2>org.apache.rat.mp.Regex</h2>
<table class="table table-striped">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Format string should use %n rather than \n in org.apache.rat.mp.Regex.set(String)</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#VA_FORMAT_STRING_USES_NEWLINE">VA_FORMAT_STRING_USES_NEWLINE</a></td>
<td><a href="./xref/org/apache/rat/mp/Regex.html#L37">37</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Format string should use %n rather than \n in org.apache.rat.mp.Regex.setExpression(String)</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#VA_FORMAT_STRING_USES_NEWLINE">VA_FORMAT_STRING_USES_NEWLINE</a></td>
<td><a href="./xref/org/apache/rat/mp/Regex.html#L33">33</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.plugin.HelpMojo"></a><section>
<h2>org.apache.rat.plugin.HelpMojo</h2>
<table class="table table-striped">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td>
<td><a href="./xref/org/apache/rat/plugin/HelpMojo.html#L77">77</a></td>
<td>Medium</td></tr></table></section> </main>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
Copyright &copy; 2016-2025 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache Creadur, Creadur, Apache RAT, Apache Tentacles, Apache Whisker, Apache and the ASF logo are trademarks
of The Apache Software Foundation.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
All other marks mentioned may be trademarks or registered trademarks of their respective owners.
</div>
</div>
</footer>
</body>
</html>