| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia Site Renderer 1.11.1 from com.github.spotbugs:spotbugs-maven-plugin:4.8.5.0:spotbugs at 2024-05-27 |
| |
| | Rendered using Apache Maven Default Skin |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" /> |
| <title>Apache Rat™ Core – SpotBugs Bug Detector Report</title> |
| <link rel="stylesheet" href="./css/maven-base.css" /> |
| <link rel="stylesheet" href="./css/maven-theme.css" /> |
| <link rel="stylesheet" href="./css/site.css" /> |
| <link rel="stylesheet" href="./css/print.css" media="print" /> |
| <link href="https://creadur.apache.org/font/matesc.css" type="text/css" rel="stylesheet" /> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="https://www.apache.org/" id="bannerLeft"><img src="https://www.apache.org/img/asf_logo.png" alt="The Apache Software Foundation" title="The Apache Software Foundation"/></a> <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| <div class="xleft"> |
| <span id="publishDate">Last Published: 2024-05-27</span> |
| | <span id="projectVersion">Version: 0.17-SNAPSHOT</span> |
| | <a href="https://www.apache.org/" class="externalLink" title="Apache">Apache</a> > |
| <a href="https://creadur.apache.org/" class="externalLink" title="Creadur">Creadur</a> > |
| <a href="https://creadur.apache.org/rat/" class="externalLink" title="Rat">Rat</a> > |
| <a href="index.html" title="Apache Rat™ Core">Apache Rat™ Core</a> > |
| SpotBugs Bug Detector Report |
| </div> |
| <div class="xright"> </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| <h5>Parent Project</h5> |
| <ul> |
| <li class="none"><a href="../index.html" title="Apache Creadur Rat">Apache Creadur Rat</a></li> |
| </ul> |
| <h5>Project Documentation</h5> |
| <ul> |
| <li class="collapsed"><a href="project-info.html" title="Project Information">Project Information</a></li> |
| <li class="expanded"><a href="project-reports.html" title="Project Reports">Project Reports</a> |
| <ul> |
| <li class="none"><a href="jira-report.html" title="JIRA Report">JIRA Report</a></li> |
| <li class="none"><a href="checkstyle.html" title="Checkstyle">Checkstyle</a></li> |
| <li class="none"><a href="apidocs/index.html" title="Javadoc">Javadoc</a></li> |
| <li class="none"><a href="xref/index.html" title="Source Xref">Source Xref</a></li> |
| <li class="none"><a href="xref-test/index.html" title="Test Source Xref">Test Source Xref</a></li> |
| <li class="none"><a href="pmd.html" title="PMD">PMD</a></li> |
| <li class="none"><a href="rat-report.html" title="Rat Report">Rat Report</a></li> |
| <li class="none"><strong>SpotBugs</strong></li> |
| </ul></li> |
| </ul> |
| <h5>Apache Rat™</h5> |
| <ul> |
| <li class="none"><a href="../index.html" title="Introducing Rat">Introducing Rat</a></li> |
| <li class="none"><a href="../apidocs/index.html" title="Javadocs">Javadocs</a></li> |
| <li class="none"><a href="../download_rat.cgi" title="Downloads">Downloads</a></li> |
| <li class="none"><a href="../RELEASE_NOTES.txt" title="Changes">Changes</a></li> |
| </ul> |
| <h5>Running Rat</h5> |
| <ul> |
| <li class="none"><a href="../apache-rat/index.html" title="From The Command Line">From The Command Line</a></li> |
| <li class="none"><a href="../apache-rat-tasks/index.html" title="With Ant">With Ant</a></li> |
| <li class="none"><a href="../apache-rat-plugin/index.html" title="With Maven">With Maven</a></li> |
| </ul> |
| <h5>Apache Creadur™</h5> |
| <ul> |
| <li class="none"><a href="https://creadur.apache.org" class="externalLink" title="Creadur Project Home">Creadur Project Home</a></li> |
| <li class="none"><a href="https://creadur.apache.org/tentacles" class="externalLink" title="Apache Tentacles">Apache Tentacles</a></li> |
| <li class="none"><a href="https://creadur.apache.org/whisker" class="externalLink" title="Apache Whisker">Apache Whisker</a></li> |
| <li class="none"><a href="https://www.apache.org/security/" class="externalLink" title="Security">Security</a></li> |
| <li class="none"><a href="https://www.apache.org/licenses/" class="externalLink" title="License">License</a></li> |
| <li class="none"><a href="https://privacy.apache.org/policies/privacy-policy-public.html" class="externalLink" title="Privacy">Privacy</a></li> |
| <li class="none"><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsorship">Sponsorship</a></li> |
| <li class="none"><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks">Thanks</a></li> |
| </ul> |
| <h5>The Apache Software Foundation</h5> |
| <ul> |
| <li class="none"><a href="https://www.apache.org/foundation" class="externalLink" title="About the Foundation">About the Foundation</a></li> |
| <li class="none"><a href="https://projects.apache.org" class="externalLink" title="The projects">The projects</a></li> |
| <li class="none"><a href="https://people.apache.org" class="externalLink" title="The people">The people</a></li> |
| <li class="none"><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How we work">How we work</a></li> |
| <li class="none"><a href="https://www.apache.org/foundation/how-it-works.html#history" class="externalLink" title="Our history">Our history</a></li> |
| <li class="none"><a href="https://blogs.apache.org/foundation/" class="externalLink" title="News">News</a></li> |
| </ul> |
| <h5>Contribute</h5> |
| <ul> |
| <li class="none"><a href="https://www.apache.org/foundation/getinvolved.html" class="externalLink" title="Get Involved">Get Involved</a></li> |
| </ul> |
| <h5>Committer Info</h5> |
| <ul> |
| <li class="none"><a href="https://www.apache.org/dev/committers.html" class="externalLink" title="ASF Committers' FAQ">ASF Committers' FAQ</a></li> |
| <li class="none"><a href="https://www.apache.org/dev/new-committers-guide.html" class="externalLink" title="New Committers Guide">New Committers Guide</a></li> |
| <li class="none"><a href="../site-publish.html" title="Howto publish this site">Howto publish this site</a></li> |
| <li class="none"><a href="https://community.apache.org/" class="externalLink" title="Community">Community</a></li> |
| <li class="none"><a href="https://www.apache.org/legal/" class="externalLink" title="Legal">Legal</a></li> |
| <li class="none"><a href="https://www.apache.org/foundation/marks/" class="externalLink" title="Branding">Branding</a></li> |
| <li class="none"><a href="https://www.apache.org/press/" class="externalLink" title="Media Relations">Media Relations</a></li> |
| </ul> |
| <a href="https://maven.apache.org/" title="Maven" class="poweredBy"> |
| <img class="poweredBy" alt="Maven" src="https://maven.apache.org/images/logos/maven-feather.png" /> |
| </a> |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| <section> |
| <h2><a name="SpotBugs_Bug_Detector_Report"></a>SpotBugs Bug Detector Report</h2> |
| <p>The following document contains the results of <a class="externalLink" href="https://spotbugs.github.io/">SpotBugs</a></p> |
| <p>SpotBugs Version is <i>4.8.5</i></p> |
| <p>Threshold is <i>medium</i></p> |
| <p>Effort is <i>default</i></p></section><section> |
| <h2><a name="Summary"></a>Summary</h2> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Classes</th> |
| <th>Bugs</th> |
| <th>Errors</th> |
| <th>Missing Classes</th></tr> |
| <tr class="b"> |
| <td>139</td> |
| <td>53</td> |
| <td>0</td> |
| <td>5</td></tr></table></section><section> |
| <h2><a name="Files"></a>Files</h2> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Class</th> |
| <th>Bugs</th></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.Defaults">org.apache.rat.Defaults</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.Defaults$Builder">org.apache.rat.Defaults$Builder</a></td> |
| <td>3</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.Report">org.apache.rat.Report</a></td> |
| <td>3</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.ReportConfiguration">org.apache.rat.ReportConfiguration</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.ReportConfiguration$NoCloseOutputStream">org.apache.rat.ReportConfiguration$NoCloseOutputStream</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.Reporter">org.apache.rat.Reporter</a></td> |
| <td>6</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.analysis.HeaderCheckWorker">org.apache.rat.analysis.HeaderCheckWorker</a></td> |
| <td>3</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.analysis.license.SimplePatternBasedLicense">org.apache.rat.analysis.license.SimplePatternBasedLicense</a></td> |
| <td>2</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.analysis.matchers.CopyrightMatcher">org.apache.rat.analysis.matchers.CopyrightMatcher</a></td> |
| <td>2</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.analysis.matchers.SimpleTextMatcher">org.apache.rat.analysis.matchers.SimpleTextMatcher</a></td> |
| <td>2</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.annotation.AbstractLicenseAppender">org.apache.rat.annotation.AbstractLicenseAppender</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.api.Document">org.apache.rat.api.Document</a></td> |
| <td>2</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.config.parameters.Description">org.apache.rat.config.parameters.Description</a></td> |
| <td>3</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.configuration.MatcherBuilderTracker">org.apache.rat.configuration.MatcherBuilderTracker</a></td> |
| <td>2</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.configuration.XMLConfigurationReader">org.apache.rat.configuration.XMLConfigurationReader</a></td> |
| <td>3</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.configuration.XMLConfigurationWriter">org.apache.rat.configuration.XMLConfigurationWriter</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.configuration.builders.ChildContainerBuilder">org.apache.rat.configuration.builders.ChildContainerBuilder</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.configuration.builders.MatcherRefBuilder">org.apache.rat.configuration.builders.MatcherRefBuilder</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy">org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.document.impl.ArchiveEntryDocument">org.apache.rat.document.impl.ArchiveEntryDocument</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer">org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.header.HeaderMatcher">org.apache.rat.header.HeaderMatcher</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.license.LicenseFamilySetFactory">org.apache.rat.license.LicenseFamilySetFactory</a></td> |
| <td>3</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.license.LicenseSetFactory">org.apache.rat.license.LicenseSetFactory</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.report.ConfigurationReport">org.apache.rat.report.ConfigurationReport</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.report.claim.util.ClaimReporterMultiplexer">org.apache.rat.report.claim.util.ClaimReporterMultiplexer</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.report.claim.util.LicenseAddingReport">org.apache.rat.report.claim.util.LicenseAddingReport</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.report.xml.writer.impl.base.XmlWriter">org.apache.rat.report.xml.writer.impl.base.XmlWriter</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.utils.Log">org.apache.rat.utils.Log</a></td> |
| <td>1</td></tr> |
| <tr class="a"> |
| <td><a href="#org.apache.rat.walker.DirectoryWalker">org.apache.rat.walker.DirectoryWalker</a></td> |
| <td>1</td></tr> |
| <tr class="b"> |
| <td><a href="#org.apache.rat.walker.Walker">org.apache.rat.walker.Walker</a></td> |
| <td>1</td></tr></table></section><a name="org.apache.rat.Defaults"></a><section> |
| <h3><a name="org.apache.rat.Defaults"></a>org.apache.rat.Defaults</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.Defaults(Log, Set) is or uses a map or set of URLs, which can be a performance hog</td> |
| <td>PERFORMANCE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DMI_COLLECTION_OF_URLS">DMI_COLLECTION_OF_URLS</a></td> |
| <td><a href="./xref/org/apache/rat/Defaults.html#L93">93-95</a></td> |
| <td>High</td></tr></table></section><a name="org.apache.rat.Defaults$Builder"></a><section> |
| <h3><a name="org.apache.rat.Defaults.24Builder"></a>org.apache.rat.Defaults$Builder</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>org.apache.rat.Defaults$Builder.fileNames is or uses a map or set of URLs, which can be a performance hog</td> |
| <td>PERFORMANCE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DMI_COLLECTION_OF_URLS">DMI_COLLECTION_OF_URLS</a></td> |
| <td>Not available</td> |
| <td>High</td></tr> |
| <tr class="a"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/Defaults.html#L207">207</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/Defaults.html#L240">240</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.Report"></a><section> |
| <h3><a name="org.apache.rat.Report"></a>org.apache.rat.Report</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/Report.html#L467">467</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/Report.html#L624">624</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/Report.html#L487">487</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.ReportConfiguration"></a><section> |
| <h3><a name="org.apache.rat.ReportConfiguration"></a>org.apache.rat.ReportConfiguration</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Switch statement found in org.apache.rat.ReportConfiguration.setAddLicenseHeaders(AddLicenseHeaders) where one case falls through to the next case</td> |
| <td>STYLE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#SF_SWITCH_FALLTHROUGH">SF_SWITCH_FALLTHROUGH</a></td> |
| <td><a href="./xref/org/apache/rat/ReportConfiguration.html#L625">625-628</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.ReportConfiguration$NoCloseOutputStream"></a><section> |
| <h3><a name="org.apache.rat.ReportConfiguration.24NoCloseOutputStream"></a>org.apache.rat.ReportConfiguration$NoCloseOutputStream</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.ReportConfiguration$NoCloseOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ReportConfiguration$NoCloseOutputStream.delegate</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/ReportConfiguration.html#L699">699</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.Reporter"></a><section> |
| <h3><a name="org.apache.rat.Reporter"></a>org.apache.rat.Reporter</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Exception thrown in class org.apache.rat.Reporter at new org.apache.rat.Reporter(ReportConfiguration) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L96">96</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L76">76</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>A malicious XSLT could be provided to trigger remote code execution</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#MALICIOUS_XSLT">MALICIOUS_XSLT</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L133">133</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L89">89</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DTD_TRANSFORM_FACTORY">XXE_DTD_TRANSFORM_FACTORY</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L128">128</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_XSLT_TRANSFORM_FACTORY">XXE_XSLT_TRANSFORM_FACTORY</a></td> |
| <td><a href="./xref/org/apache/rat/Reporter.html#L128">128</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.HeaderCheckWorker"></a><section> |
| <h3><a name="org.apache.rat.analysis.HeaderCheckWorker"></a>org.apache.rat.analysis.HeaderCheckWorker</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(Reader, int, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L123">123</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(Reader, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L106">106</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.analysis.HeaderCheckWorker(Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L127">127</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.license.SimplePatternBasedLicense"></a><section> |
| <h3><a name="org.apache.rat.analysis.license.SimplePatternBasedLicense"></a>org.apache.rat.analysis.license.SimplePatternBasedLicense</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>org.apache.rat.analysis.license.SimplePatternBasedLicense.getPatterns() may expose internal representation by returning SimplePatternBasedLicense.patterns</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/license/SimplePatternBasedLicense.html#L44">44</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/license/SimplePatternBasedLicense.html#L48">48</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.matchers.CopyrightMatcher"></a><section> |
| <h3><a name="org.apache.rat.analysis.matchers.CopyrightMatcher"></a>org.apache.rat.analysis.matchers.CopyrightMatcher</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/matchers/CopyrightMatcher.html#L83">83</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/matchers/CopyrightMatcher.html#L108">108</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.matchers.SimpleTextMatcher"></a><section> |
| <h3><a name="org.apache.rat.analysis.matchers.SimpleTextMatcher"></a>org.apache.rat.analysis.matchers.SimpleTextMatcher</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/matchers/SimpleTextMatcher.html#L42">42</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/analysis/matchers/SimpleTextMatcher.html#L55">55</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.annotation.AbstractLicenseAppender"></a><section> |
| <h3><a name="org.apache.rat.annotation.AbstractLicenseAppender"></a>org.apache.rat.annotation.AbstractLicenseAppender</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/annotation/AbstractLicenseAppender.html#L236">236</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.api.Document"></a><section> |
| <h3><a name="org.apache.rat.api.Document"></a>org.apache.rat.api.Document</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>org.apache.rat.api.Document.getMetaData() may expose internal representation by returning Document.metaData</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td> |
| <td><a href="./xref/org/apache/rat/api/Document.html#L119">119</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/api/Document.html#L93">93</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.config.parameters.Description"></a><section> |
| <h3><a name="org.apache.rat.config.parameters.Description"></a>org.apache.rat.config.parameters.Description</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/config/parameters/Description.html#L88">88</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td> |
| <td><a href="./xref/org/apache/rat/config/parameters/Description.html#L113">113</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>org.apache.rat.config.parameters.Description.getChildren() may expose internal representation by returning Description.children</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td> |
| <td><a href="./xref/org/apache/rat/config/parameters/Description.html#L206">206</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.MatcherBuilderTracker"></a><section> |
| <h3><a name="org.apache.rat.configuration.MatcherBuilderTracker"></a>org.apache.rat.configuration.MatcherBuilderTracker</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>org.apache.rat.configuration.MatcherBuilderTracker.INSTANCE should be package protected</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#MS_PKGPROTECT">MS_PKGPROTECT</a></td> |
| <td>Not available</td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>Primitive field org.apache.rat.configuration.MatcherBuilderTracker.INSTANCE is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility.</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PA_PUBLIC_PRIMITIVE_ATTRIBUTE">PA_PUBLIC_PRIMITIVE_ATTRIBUTE</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/MatcherBuilderTracker.html#L46">46</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.XMLConfigurationReader"></a><section> |
| <h3><a name="org.apache.rat.configuration.XMLConfigurationReader"></a>org.apache.rat.configuration.XMLConfigurationReader</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>This web server request could be used by an attacker to expose internal services and filesystem.</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#URLCONNECTION_SSRF_FD">URLCONNECTION_SSRF_FD</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L177">177</a></td> |
| <td>Medium</td></tr> |
| <tr class="a"> |
| <td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L157">157</a></td> |
| <td>Medium</td></tr> |
| <tr class="b"> |
| <td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L178">178</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.XMLConfigurationWriter"></a><section> |
| <h3><a name="org.apache.rat.configuration.XMLConfigurationWriter"></a>org.apache.rat.configuration.XMLConfigurationWriter</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/XMLConfigurationWriter.html#L60">60</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.ChildContainerBuilder"></a><section> |
| <h3><a name="org.apache.rat.configuration.builders.ChildContainerBuilder"></a>org.apache.rat.configuration.builders.ChildContainerBuilder</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended</td> |
| <td>BAD_PRACTICE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#UI_INHERITANCE_UNSAFE_GETRESOURCE">UI_INHERITANCE_UNSAFE_GETRESOURCE</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/builders/ChildContainerBuilder.html#L61">61</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.MatcherRefBuilder"></a><section> |
| <h3><a name="org.apache.rat.configuration.builders.MatcherRefBuilder"></a>org.apache.rat.configuration.builders.MatcherRefBuilder</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/builders/MatcherRefBuilder.html#L69">69</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy"></a><section> |
| <h3><a name="org.apache.rat.configuration.builders.MatcherRefBuilder.24IHeaderMatcherProxy"></a>org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/configuration/builders/MatcherRefBuilder.html#L113">113</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.document.impl.ArchiveEntryDocument"></a><section> |
| <h3><a name="org.apache.rat.document.impl.ArchiveEntryDocument"></a>org.apache.rat.document.impl.ArchiveEntryDocument</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.document.impl.ArchiveEntryDocument(Path, byte[]) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/document/impl/ArchiveEntryDocument.html#L53">53</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer"></a><section> |
| <h3><a name="org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer"></a>org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer(IDocumentAnalyser[]) may expose internal representation by storing an externally mutable object into DocumentAnalyserMultiplexer.analysers</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/document/impl/util/DocumentAnalyserMultiplexer.html#L31">31</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.header.HeaderMatcher"></a><section> |
| <h3><a name="org.apache.rat.header.HeaderMatcher"></a>org.apache.rat.header.HeaderMatcher</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/header/HeaderMatcher.html#L55">55</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.license.LicenseFamilySetFactory"></a><section> |
| <h3><a name="org.apache.rat.license.LicenseFamilySetFactory"></a>org.apache.rat.license.LicenseFamilySetFactory</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Dead store to result in org.apache.rat.license.LicenseFamilySetFactory.findFamily(String, SortedSet)</td> |
| <td>STYLE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DLS_DEAD_LOCAL_STORE">DLS_DEAD_LOCAL_STORE</a></td> |
| <td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L118">118</a></td> |
| <td>High</td></tr> |
| <tr class="a"> |
| <td>Dead store to result in org.apache.rat.license.LicenseFamilySetFactory.hasFamily(String, SortedSet)</td> |
| <td>STYLE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DLS_DEAD_LOCAL_STORE">DLS_DEAD_LOCAL_STORE</a></td> |
| <td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L106">106</a></td> |
| <td>High</td></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.license.LicenseFamilySetFactory(SortedSet, Collection) may expose internal representation by storing an externally mutable object into LicenseFamilySetFactory.approvedLicenses</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L43">43</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.license.LicenseSetFactory"></a><section> |
| <h3><a name="org.apache.rat.license.LicenseSetFactory"></a>org.apache.rat.license.LicenseSetFactory</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.license.LicenseSetFactory(SortedSet, Collection) may expose internal representation by storing an externally mutable object into LicenseSetFactory.approvedLicenses</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/license/LicenseSetFactory.html#L70">70</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.report.ConfigurationReport"></a><section> |
| <h3><a name="org.apache.rat.report.ConfigurationReport"></a>org.apache.rat.report.ConfigurationReport</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/report/ConfigurationReport.html#L42">42</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.report.claim.util.ClaimReporterMultiplexer"></a><section> |
| <h3><a name="org.apache.rat.report.claim.util.ClaimReporterMultiplexer"></a>org.apache.rat.report.claim.util.ClaimReporterMultiplexer</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.report.claim.util.ClaimReporterMultiplexer(IXmlWriter, boolean, IDocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/report/claim/util/ClaimReporterMultiplexer.html#L51">51</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.report.claim.util.LicenseAddingReport"></a><section> |
| <h3><a name="org.apache.rat.report.claim.util.LicenseAddingReport"></a>org.apache.rat.report.claim.util.LicenseAddingReport</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>This API (java/io/File.<init>(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td> |
| <td><a href="./xref/org/apache/rat/report/claim/util/LicenseAddingReport.html#L43">43</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.report.xml.writer.impl.base.XmlWriter"></a><section> |
| <h3><a name="org.apache.rat.report.xml.writer.impl.base.XmlWriter"></a>org.apache.rat.report.xml.writer.impl.base.XmlWriter</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>new org.apache.rat.report.xml.writer.impl.base.XmlWriter(Writer) may expose internal representation by storing an externally mutable object into XmlWriter.writer</td> |
| <td>MALICIOUS_CODE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td> |
| <td><a href="./xref/org/apache/rat/report/xml/writer/impl/base/XmlWriter.html#L419">419</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.utils.Log"></a><section> |
| <h3><a name="org.apache.rat.utils.Log"></a>org.apache.rat.utils.Log</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Possible information exposure through an error message</td> |
| <td>SECURITY</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE">INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE</a></td> |
| <td><a href="./xref/org/apache/rat/utils/Log.html#L114">114</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.walker.DirectoryWalker"></a><section> |
| <h3><a name="org.apache.rat.walker.DirectoryWalker"></a>org.apache.rat.walker.DirectoryWalker</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Possible null pointer dereference in org.apache.rat.walker.DirectoryWalker.isNotIgnoredDirectory(Path) due to return value of called method</td> |
| <td>STYLE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a></td> |
| <td><a href="./xref/org/apache/rat/walker/DirectoryWalker.html#L92">92</a></td> |
| <td>Medium</td></tr></table></section><a name="org.apache.rat.walker.Walker"></a><section> |
| <h3><a name="org.apache.rat.walker.Walker"></a>org.apache.rat.walker.Walker</h3> |
| <table border="0" class="bodyTable"> |
| <tr class="a"> |
| <th>Bug</th> |
| <th>Category</th> |
| <th>Details</th> |
| <th>Line</th> |
| <th>Priority</th></tr> |
| <tr class="b"> |
| <td>Possible null pointer dereference in org.apache.rat.walker.Walker.isNotIgnored(Path) due to return value of called method</td> |
| <td>STYLE</td> |
| <td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a></td> |
| <td><a href="./xref/org/apache/rat/walker/Walker.html#L63">63</a></td> |
| <td>Medium</td></tr></table></section> |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright"> |
| Copyright © 2016-2024 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. |
| Apache Creadur, Creadur, Apache Rat, Apache Tentacles, Apache Whisker, Apache and the Apache feather logo are trademarks |
| of The Apache Software Foundation. |
| Oracle and Java are registered trademarks of Oracle and/or its affiliates. |
| All other marks mentioned may be trademarks or registered trademarks of their respective owners. |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| </body> |
| </html> |