Google Git
Sign in
apache / creadur-site / refs/heads/asf-site / . / rat017 / apache-rat-core / spotbugs.html
blob: 5074c65cea961a50e36c134afc17876ef46204c0 [file] [log] [blame]
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.11.1 from com.github.spotbugs:spotbugs-maven-plugin:4.8.5.0:spotbugs at 2024-05-27
| Rendered using Apache Maven Default Skin
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
<title>Apache Rat™ Core &#x2013; SpotBugs Bug Detector Report</title>
<link rel="stylesheet" href="./css/maven-base.css" />
<link rel="stylesheet" href="./css/maven-theme.css" />
<link rel="stylesheet" href="./css/site.css" />
<link rel="stylesheet" href="./css/print.css" media="print" />
<link href="https://creadur.apache.org/font/matesc.css" type="text/css" rel="stylesheet" />
</head>
<body class="composite">
<div id="banner">
<a href="https://www.apache.org/" id="bannerLeft"><img src="https://www.apache.org/img/asf_logo.png" alt="The Apache Software Foundation" title="The Apache Software Foundation"/></a> <div class="clear">
<hr/>
</div>
</div>
<div id="breadcrumbs">
<div class="xleft">
<span id="publishDate">Last Published: 2024-05-27</span>
| <span id="projectVersion">Version: 0.17-SNAPSHOT</span>
| <a href="https://www.apache.org/" class="externalLink" title="Apache">Apache</a> &gt;
<a href="https://creadur.apache.org/" class="externalLink" title="Creadur">Creadur</a> &gt;
<a href="https://creadur.apache.org/rat/" class="externalLink" title="Rat">Rat</a> &gt;
<a href="index.html" title="Apache Rat™ Core">Apache Rat™ Core</a> &gt;
SpotBugs Bug Detector Report
</div>
<div class="xright"> </div>
<div class="clear">
<hr/>
</div>
</div>
<div id="leftColumn">
<div id="navcolumn">
<h5>Parent Project</h5>
<ul>
<li class="none"><a href="../index.html" title="Apache Creadur Rat">Apache Creadur Rat</a></li>
</ul>
<h5>Project Documentation</h5>
<ul>
<li class="collapsed"><a href="project-info.html" title="Project Information">Project Information</a></li>
<li class="expanded"><a href="project-reports.html" title="Project Reports">Project Reports</a>
<ul>
<li class="none"><a href="jira-report.html" title="JIRA Report">JIRA Report</a></li>
<li class="none"><a href="checkstyle.html" title="Checkstyle">Checkstyle</a></li>
<li class="none"><a href="apidocs/index.html" title="Javadoc">Javadoc</a></li>
<li class="none"><a href="xref/index.html" title="Source Xref">Source Xref</a></li>
<li class="none"><a href="xref-test/index.html" title="Test Source Xref">Test Source Xref</a></li>
<li class="none"><a href="pmd.html" title="PMD">PMD</a></li>
<li class="none"><a href="rat-report.html" title="Rat Report">Rat Report</a></li>
<li class="none"><strong>SpotBugs</strong></li>
</ul></li>
</ul>
<h5>Apache Rat™</h5>
<ul>
<li class="none"><a href="../index.html" title="Introducing Rat">Introducing Rat</a></li>
<li class="none"><a href="../apidocs/index.html" title="Javadocs">Javadocs</a></li>
<li class="none"><a href="../download_rat.cgi" title="Downloads">Downloads</a></li>
<li class="none"><a href="../RELEASE_NOTES.txt" title="Changes">Changes</a></li>
</ul>
<h5>Running Rat</h5>
<ul>
<li class="none"><a href="../apache-rat/index.html" title="From The Command Line">From The Command Line</a></li>
<li class="none"><a href="../apache-rat-tasks/index.html" title="With Ant">With Ant</a></li>
<li class="none"><a href="../apache-rat-plugin/index.html" title="With Maven">With Maven</a></li>
</ul>
<h5>Apache Creadur™</h5>
<ul>
<li class="none"><a href="https://creadur.apache.org" class="externalLink" title="Creadur Project Home">Creadur Project Home</a></li>
<li class="none"><a href="https://creadur.apache.org/tentacles" class="externalLink" title="Apache Tentacles">Apache Tentacles</a></li>
<li class="none"><a href="https://creadur.apache.org/whisker" class="externalLink" title="Apache Whisker">Apache Whisker</a></li>
<li class="none"><a href="https://www.apache.org/security/" class="externalLink" title="Security">Security</a></li>
<li class="none"><a href="https://www.apache.org/licenses/" class="externalLink" title="License">License</a></li>
<li class="none"><a href="https://privacy.apache.org/policies/privacy-policy-public.html" class="externalLink" title="Privacy">Privacy</a></li>
<li class="none"><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsorship">Sponsorship</a></li>
<li class="none"><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks">Thanks</a></li>
</ul>
<h5>The Apache Software Foundation</h5>
<ul>
<li class="none"><a href="https://www.apache.org/foundation" class="externalLink" title="About the Foundation">About the Foundation</a></li>
<li class="none"><a href="https://projects.apache.org" class="externalLink" title="The projects">The projects</a></li>
<li class="none"><a href="https://people.apache.org" class="externalLink" title="The people">The people</a></li>
<li class="none"><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How we work">How we work</a></li>
<li class="none"><a href="https://www.apache.org/foundation/how-it-works.html#history" class="externalLink" title="Our history">Our history</a></li>
<li class="none"><a href="https://blogs.apache.org/foundation/" class="externalLink" title="News">News</a></li>
</ul>
<h5>Contribute</h5>
<ul>
<li class="none"><a href="https://www.apache.org/foundation/getinvolved.html" class="externalLink" title="Get Involved">Get Involved</a></li>
</ul>
<h5>Committer Info</h5>
<ul>
<li class="none"><a href="https://www.apache.org/dev/committers.html" class="externalLink" title="ASF Committers' FAQ">ASF Committers' FAQ</a></li>
<li class="none"><a href="https://www.apache.org/dev/new-committers-guide.html" class="externalLink" title="New Committers Guide">New Committers Guide</a></li>
<li class="none"><a href="../site-publish.html" title="Howto publish this site">Howto publish this site</a></li>
<li class="none"><a href="https://community.apache.org/" class="externalLink" title="Community">Community</a></li>
<li class="none"><a href="https://www.apache.org/legal/" class="externalLink" title="Legal">Legal</a></li>
<li class="none"><a href="https://www.apache.org/foundation/marks/" class="externalLink" title="Branding">Branding</a></li>
<li class="none"><a href="https://www.apache.org/press/" class="externalLink" title="Media Relations">Media Relations</a></li>
</ul>
<a href="https://maven.apache.org/" title="Maven" class="poweredBy">
<img class="poweredBy" alt="Maven" src="https://maven.apache.org/images/logos/maven-feather.png" />
</a>
</div>
</div>
<div id="bodyColumn">
<div id="contentBox">
<section>
<h2><a name="SpotBugs_Bug_Detector_Report"></a>SpotBugs Bug Detector Report</h2>
<p>The following document contains the results of <a class="externalLink" href="https://spotbugs.github.io/">SpotBugs</a></p>
<p>SpotBugs Version is <i>4.8.5</i></p>
<p>Threshold is <i>medium</i></p>
<p>Effort is <i>default</i></p></section><section>
<h2><a name="Summary"></a>Summary</h2>
<table border="0" class="bodyTable">
<tr class="a">
<th>Classes</th>
<th>Bugs</th>
<th>Errors</th>
<th>Missing Classes</th></tr>
<tr class="b">
<td>139</td>
<td>53</td>
<td>0</td>
<td>5</td></tr></table></section><section>
<h2><a name="Files"></a>Files</h2>
<table border="0" class="bodyTable">
<tr class="a">
<th>Class</th>
<th>Bugs</th></tr>
<tr class="b">
<td><a href="#org.apache.rat.Defaults">org.apache.rat.Defaults</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.Defaults$Builder">org.apache.rat.Defaults$Builder</a></td>
<td>3</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.Report">org.apache.rat.Report</a></td>
<td>3</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.ReportConfiguration">org.apache.rat.ReportConfiguration</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.ReportConfiguration$NoCloseOutputStream">org.apache.rat.ReportConfiguration$NoCloseOutputStream</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.Reporter">org.apache.rat.Reporter</a></td>
<td>6</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.analysis.HeaderCheckWorker">org.apache.rat.analysis.HeaderCheckWorker</a></td>
<td>3</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.analysis.license.SimplePatternBasedLicense">org.apache.rat.analysis.license.SimplePatternBasedLicense</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.analysis.matchers.CopyrightMatcher">org.apache.rat.analysis.matchers.CopyrightMatcher</a></td>
<td>2</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.analysis.matchers.SimpleTextMatcher">org.apache.rat.analysis.matchers.SimpleTextMatcher</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.annotation.AbstractLicenseAppender">org.apache.rat.annotation.AbstractLicenseAppender</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.api.Document">org.apache.rat.api.Document</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.config.parameters.Description">org.apache.rat.config.parameters.Description</a></td>
<td>3</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.configuration.MatcherBuilderTracker">org.apache.rat.configuration.MatcherBuilderTracker</a></td>
<td>2</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.configuration.XMLConfigurationReader">org.apache.rat.configuration.XMLConfigurationReader</a></td>
<td>3</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.configuration.XMLConfigurationWriter">org.apache.rat.configuration.XMLConfigurationWriter</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.configuration.builders.ChildContainerBuilder">org.apache.rat.configuration.builders.ChildContainerBuilder</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.configuration.builders.MatcherRefBuilder">org.apache.rat.configuration.builders.MatcherRefBuilder</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy">org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.document.impl.ArchiveEntryDocument">org.apache.rat.document.impl.ArchiveEntryDocument</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer">org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.header.HeaderMatcher">org.apache.rat.header.HeaderMatcher</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.license.LicenseFamilySetFactory">org.apache.rat.license.LicenseFamilySetFactory</a></td>
<td>3</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.license.LicenseSetFactory">org.apache.rat.license.LicenseSetFactory</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.report.ConfigurationReport">org.apache.rat.report.ConfigurationReport</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.report.claim.util.ClaimReporterMultiplexer">org.apache.rat.report.claim.util.ClaimReporterMultiplexer</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.report.claim.util.LicenseAddingReport">org.apache.rat.report.claim.util.LicenseAddingReport</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.report.xml.writer.impl.base.XmlWriter">org.apache.rat.report.xml.writer.impl.base.XmlWriter</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.utils.Log">org.apache.rat.utils.Log</a></td>
<td>1</td></tr>
<tr class="a">
<td><a href="#org.apache.rat.walker.DirectoryWalker">org.apache.rat.walker.DirectoryWalker</a></td>
<td>1</td></tr>
<tr class="b">
<td><a href="#org.apache.rat.walker.Walker">org.apache.rat.walker.Walker</a></td>
<td>1</td></tr></table></section><a name="org.apache.rat.Defaults"></a><section>
<h3><a name="org.apache.rat.Defaults"></a>org.apache.rat.Defaults</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.Defaults(Log, Set) is or uses a map or set of URLs, which can be a performance hog</td>
<td>PERFORMANCE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DMI_COLLECTION_OF_URLS">DMI_COLLECTION_OF_URLS</a></td>
<td><a href="./xref/org/apache/rat/Defaults.html#L93">93-95</a></td>
<td>High</td></tr></table></section><a name="org.apache.rat.Defaults$Builder"></a><section>
<h3><a name="org.apache.rat.Defaults.24Builder"></a>org.apache.rat.Defaults$Builder</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.Defaults$Builder.fileNames is or uses a map or set of URLs, which can be a performance hog</td>
<td>PERFORMANCE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DMI_COLLECTION_OF_URLS">DMI_COLLECTION_OF_URLS</a></td>
<td>Not available</td>
<td>High</td></tr>
<tr class="a">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/Defaults.html#L207">207</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/Defaults.html#L240">240</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.Report"></a><section>
<h3><a name="org.apache.rat.Report"></a>org.apache.rat.Report</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/Report.html#L467">467</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/Report.html#L624">624</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/Report.html#L487">487</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.ReportConfiguration"></a><section>
<h3><a name="org.apache.rat.ReportConfiguration"></a>org.apache.rat.ReportConfiguration</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Switch statement found in org.apache.rat.ReportConfiguration.setAddLicenseHeaders(AddLicenseHeaders) where one case falls through to the next case</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#SF_SWITCH_FALLTHROUGH">SF_SWITCH_FALLTHROUGH</a></td>
<td><a href="./xref/org/apache/rat/ReportConfiguration.html#L625">625-628</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.ReportConfiguration$NoCloseOutputStream"></a><section>
<h3><a name="org.apache.rat.ReportConfiguration.24NoCloseOutputStream"></a>org.apache.rat.ReportConfiguration$NoCloseOutputStream</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.ReportConfiguration$NoCloseOutputStream(OutputStream) may expose internal representation by storing an externally mutable object into ReportConfiguration$NoCloseOutputStream.delegate</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/ReportConfiguration.html#L699">699</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.Reporter"></a><section>
<h3><a name="org.apache.rat.Reporter"></a>org.apache.rat.Reporter</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Exception thrown in class org.apache.rat.Reporter at new org.apache.rat.Reporter(ReportConfiguration) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L96">96</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>new org.apache.rat.Reporter(ReportConfiguration) may expose internal representation by storing an externally mutable object into Reporter.configuration</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L76">76</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>A malicious XSLT could be provided to trigger remote code execution</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#MALICIOUS_XSLT">MALICIOUS_XSLT</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L133">133</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L89">89</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>The use of TransformerFactory.newInstance(...) (TransformerFactory) is vulnerable to XML External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DTD_TRANSFORM_FACTORY">XXE_DTD_TRANSFORM_FACTORY</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L128">128</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>The use of TransformerFactory.newInstance(...) is vulnerable to XSLT External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_XSLT_TRANSFORM_FACTORY">XXE_XSLT_TRANSFORM_FACTORY</a></td>
<td><a href="./xref/org/apache/rat/Reporter.html#L128">128</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.HeaderCheckWorker"></a><section>
<h3><a name="org.apache.rat.analysis.HeaderCheckWorker"></a>org.apache.rat.analysis.HeaderCheckWorker</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(Reader, int, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L123">123</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Exception thrown in class org.apache.rat.analysis.HeaderCheckWorker at new org.apache.rat.analysis.HeaderCheckWorker(Reader, Collection, Document) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L106">106</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>new org.apache.rat.analysis.HeaderCheckWorker(Reader, int, Collection, Document) may expose internal representation by storing an externally mutable object into HeaderCheckWorker.licenses</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/analysis/HeaderCheckWorker.html#L127">127</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.license.SimplePatternBasedLicense"></a><section>
<h3><a name="org.apache.rat.analysis.license.SimplePatternBasedLicense"></a>org.apache.rat.analysis.license.SimplePatternBasedLicense</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.analysis.license.SimplePatternBasedLicense.getPatterns() may expose internal representation by returning SimplePatternBasedLicense.patterns</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td>
<td><a href="./xref/org/apache/rat/analysis/license/SimplePatternBasedLicense.html#L44">44</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>org.apache.rat.analysis.license.SimplePatternBasedLicense.setPatterns(String[]) may expose internal representation by storing an externally mutable object into SimplePatternBasedLicense.patterns</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/analysis/license/SimplePatternBasedLicense.html#L48">48</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.matchers.CopyrightMatcher"></a><section>
<h3><a name="org.apache.rat.analysis.matchers.CopyrightMatcher"></a>org.apache.rat.analysis.matchers.CopyrightMatcher</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/matchers/CopyrightMatcher.html#L83">83</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Exception thrown in class org.apache.rat.analysis.matchers.CopyrightMatcher at new org.apache.rat.analysis.matchers.CopyrightMatcher(String, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/matchers/CopyrightMatcher.html#L108">108</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.analysis.matchers.SimpleTextMatcher"></a><section>
<h3><a name="org.apache.rat.analysis.matchers.SimpleTextMatcher"></a>org.apache.rat.analysis.matchers.SimpleTextMatcher</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/matchers/SimpleTextMatcher.html#L42">42</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Exception thrown in class org.apache.rat.analysis.matchers.SimpleTextMatcher at new org.apache.rat.analysis.matchers.SimpleTextMatcher(String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/analysis/matchers/SimpleTextMatcher.html#L55">55</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.annotation.AbstractLicenseAppender"></a><section>
<h3><a name="org.apache.rat.annotation.AbstractLicenseAppender"></a>org.apache.rat.annotation.AbstractLicenseAppender</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/annotation/AbstractLicenseAppender.html#L236">236</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.api.Document"></a><section>
<h3><a name="org.apache.rat.api.Document"></a>org.apache.rat.api.Document</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.api.Document.getMetaData() may expose internal representation by returning Document.metaData</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td>
<td><a href="./xref/org/apache/rat/api/Document.html#L119">119</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/api/Document.html#L93">93</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.config.parameters.Description"></a><section>
<h3><a name="org.apache.rat.config.parameters.Description"></a>org.apache.rat.config.parameters.Description</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ComponentType, String, String, boolean, Class, Collection, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/config/parameters/Description.html#L88">88</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>Exception thrown in class org.apache.rat.config.parameters.Description at new org.apache.rat.config.parameters.Description(ConfigComponent, boolean, Class, Collection) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#CT_CONSTRUCTOR_THROW">CT_CONSTRUCTOR_THROW</a></td>
<td><a href="./xref/org/apache/rat/config/parameters/Description.html#L113">113</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>org.apache.rat.config.parameters.Description.getChildren() may expose internal representation by returning Description.children</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP">EI_EXPOSE_REP</a></td>
<td><a href="./xref/org/apache/rat/config/parameters/Description.html#L206">206</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.MatcherBuilderTracker"></a><section>
<h3><a name="org.apache.rat.configuration.MatcherBuilderTracker"></a>org.apache.rat.configuration.MatcherBuilderTracker</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.configuration.MatcherBuilderTracker.INSTANCE should be package protected</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#MS_PKGPROTECT">MS_PKGPROTECT</a></td>
<td>Not available</td>
<td>Medium</td></tr>
<tr class="a">
<td>Primitive field org.apache.rat.configuration.MatcherBuilderTracker.INSTANCE is public and set from inside the class, which makes it too exposed. Consider making it private to limit external accessibility.</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PA_PUBLIC_PRIMITIVE_ATTRIBUTE">PA_PUBLIC_PRIMITIVE_ATTRIBUTE</a></td>
<td><a href="./xref/org/apache/rat/configuration/MatcherBuilderTracker.html#L46">46</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.XMLConfigurationReader"></a><section>
<h3><a name="org.apache.rat.configuration.XMLConfigurationReader"></a>org.apache.rat.configuration.XMLConfigurationReader</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This web server request could be used by an attacker to expose internal services and filesystem.</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#URLCONNECTION_SSRF_FD">URLCONNECTION_SSRF_FD</a></td>
<td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L177">177</a></td>
<td>Medium</td></tr>
<tr class="a">
<td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td>
<td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L157">157</a></td>
<td>Medium</td></tr>
<tr class="b">
<td>The use of DocumentBuilder.parse(...) (DocumentBuilder) is vulnerable to XML External Entity attacks</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#XXE_DOCUMENT">XXE_DOCUMENT</a></td>
<td><a href="./xref/org/apache/rat/configuration/XMLConfigurationReader.html#L178">178</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.XMLConfigurationWriter"></a><section>
<h3><a name="org.apache.rat.configuration.XMLConfigurationWriter"></a>org.apache.rat.configuration.XMLConfigurationWriter</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.configuration.XMLConfigurationWriter(ReportConfiguration) may expose internal representation by storing an externally mutable object into XMLConfigurationWriter.configuration</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/configuration/XMLConfigurationWriter.html#L60">60</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.ChildContainerBuilder"></a><section>
<h3><a name="org.apache.rat.configuration.builders.ChildContainerBuilder"></a>org.apache.rat.configuration.builders.ChildContainerBuilder</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Usage of GetResource in org.apache.rat.configuration.builders.ChildContainerBuilder.setResource(String) may be unsafe if class is extended</td>
<td>BAD_PRACTICE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#UI_INHERITANCE_UNSAFE_GETRESOURCE">UI_INHERITANCE_UNSAFE_GETRESOURCE</a></td>
<td><a href="./xref/org/apache/rat/configuration/builders/ChildContainerBuilder.html#L61">61</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.MatcherRefBuilder"></a><section>
<h3><a name="org.apache.rat.configuration.builders.MatcherRefBuilder"></a>org.apache.rat.configuration.builders.MatcherRefBuilder</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>org.apache.rat.configuration.builders.MatcherRefBuilder.setMatcherMap(Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder.matchers</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/configuration/builders/MatcherRefBuilder.html#L69">69</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy"></a><section>
<h3><a name="org.apache.rat.configuration.builders.MatcherRefBuilder.24IHeaderMatcherProxy"></a>org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.configuration.builders.MatcherRefBuilder$IHeaderMatcherProxy(String, Map) may expose internal representation by storing an externally mutable object into MatcherRefBuilder$IHeaderMatcherProxy.matchers</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/configuration/builders/MatcherRefBuilder.html#L113">113</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.document.impl.ArchiveEntryDocument"></a><section>
<h3><a name="org.apache.rat.document.impl.ArchiveEntryDocument"></a>org.apache.rat.document.impl.ArchiveEntryDocument</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.document.impl.ArchiveEntryDocument(Path, byte[]) may expose internal representation by storing an externally mutable object into ArchiveEntryDocument.contents</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/document/impl/ArchiveEntryDocument.html#L53">53</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer"></a><section>
<h3><a name="org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer"></a>org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.document.impl.util.DocumentAnalyserMultiplexer(IDocumentAnalyser[]) may expose internal representation by storing an externally mutable object into DocumentAnalyserMultiplexer.analysers</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/document/impl/util/DocumentAnalyserMultiplexer.html#L31">31</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.header.HeaderMatcher"></a><section>
<h3><a name="org.apache.rat.header.HeaderMatcher"></a>org.apache.rat.header.HeaderMatcher</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.header.HeaderMatcher(CharFilter, int, HeaderBean[]) may expose internal representation by storing an externally mutable object into HeaderMatcher.headers</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/header/HeaderMatcher.html#L55">55</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.license.LicenseFamilySetFactory"></a><section>
<h3><a name="org.apache.rat.license.LicenseFamilySetFactory"></a>org.apache.rat.license.LicenseFamilySetFactory</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Dead store to result in org.apache.rat.license.LicenseFamilySetFactory.findFamily(String, SortedSet)</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DLS_DEAD_LOCAL_STORE">DLS_DEAD_LOCAL_STORE</a></td>
<td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L118">118</a></td>
<td>High</td></tr>
<tr class="a">
<td>Dead store to result in org.apache.rat.license.LicenseFamilySetFactory.hasFamily(String, SortedSet)</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#DLS_DEAD_LOCAL_STORE">DLS_DEAD_LOCAL_STORE</a></td>
<td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L106">106</a></td>
<td>High</td></tr>
<tr class="b">
<td>new org.apache.rat.license.LicenseFamilySetFactory(SortedSet, Collection) may expose internal representation by storing an externally mutable object into LicenseFamilySetFactory.approvedLicenses</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/license/LicenseFamilySetFactory.html#L43">43</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.license.LicenseSetFactory"></a><section>
<h3><a name="org.apache.rat.license.LicenseSetFactory"></a>org.apache.rat.license.LicenseSetFactory</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.license.LicenseSetFactory(SortedSet, Collection) may expose internal representation by storing an externally mutable object into LicenseSetFactory.approvedLicenses</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/license/LicenseSetFactory.html#L70">70</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.report.ConfigurationReport"></a><section>
<h3><a name="org.apache.rat.report.ConfigurationReport"></a>org.apache.rat.report.ConfigurationReport</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.report.ConfigurationReport(IXmlWriter, ReportConfiguration) may expose internal representation by storing an externally mutable object into ConfigurationReport.configuration</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/report/ConfigurationReport.html#L42">42</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.report.claim.util.ClaimReporterMultiplexer"></a><section>
<h3><a name="org.apache.rat.report.claim.util.ClaimReporterMultiplexer"></a>org.apache.rat.report.claim.util.ClaimReporterMultiplexer</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.report.claim.util.ClaimReporterMultiplexer(IXmlWriter, boolean, IDocumentAnalyser, List) may expose internal representation by storing an externally mutable object into ClaimReporterMultiplexer.reporters</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/report/claim/util/ClaimReporterMultiplexer.html#L51">51</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.report.claim.util.LicenseAddingReport"></a><section>
<h3><a name="org.apache.rat.report.claim.util.LicenseAddingReport"></a>org.apache.rat.report.claim.util.LicenseAddingReport</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>This API (java/io/File.&lt;init&gt;(Ljava/lang/String;)V) reads a file whose location might be specified by user input</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#PATH_TRAVERSAL_IN">PATH_TRAVERSAL_IN</a></td>
<td><a href="./xref/org/apache/rat/report/claim/util/LicenseAddingReport.html#L43">43</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.report.xml.writer.impl.base.XmlWriter"></a><section>
<h3><a name="org.apache.rat.report.xml.writer.impl.base.XmlWriter"></a>org.apache.rat.report.xml.writer.impl.base.XmlWriter</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>new org.apache.rat.report.xml.writer.impl.base.XmlWriter(Writer) may expose internal representation by storing an externally mutable object into XmlWriter.writer</td>
<td>MALICIOUS_CODE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#EI_EXPOSE_REP2">EI_EXPOSE_REP2</a></td>
<td><a href="./xref/org/apache/rat/report/xml/writer/impl/base/XmlWriter.html#L419">419</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.utils.Log"></a><section>
<h3><a name="org.apache.rat.utils.Log"></a>org.apache.rat.utils.Log</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Possible information exposure through an error message</td>
<td>SECURITY</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE">INFORMATION_EXPOSURE_THROUGH_AN_ERROR_MESSAGE</a></td>
<td><a href="./xref/org/apache/rat/utils/Log.html#L114">114</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.walker.DirectoryWalker"></a><section>
<h3><a name="org.apache.rat.walker.DirectoryWalker"></a>org.apache.rat.walker.DirectoryWalker</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Possible null pointer dereference in org.apache.rat.walker.DirectoryWalker.isNotIgnoredDirectory(Path) due to return value of called method</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a></td>
<td><a href="./xref/org/apache/rat/walker/DirectoryWalker.html#L92">92</a></td>
<td>Medium</td></tr></table></section><a name="org.apache.rat.walker.Walker"></a><section>
<h3><a name="org.apache.rat.walker.Walker"></a>org.apache.rat.walker.Walker</h3>
<table border="0" class="bodyTable">
<tr class="a">
<th>Bug</th>
<th>Category</th>
<th>Details</th>
<th>Line</th>
<th>Priority</th></tr>
<tr class="b">
<td>Possible null pointer dereference in org.apache.rat.walker.Walker.isNotIgnored(Path) due to return value of called method</td>
<td>STYLE</td>
<td><a class="externalLink" href="https://spotbugs.readthedocs.io/en/latest/bugDescriptions.html#NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE">NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE</a></td>
<td><a href="./xref/org/apache/rat/walker/Walker.html#L63">63</a></td>
<td>Medium</td></tr></table></section>
</div>
</div>
<div class="clear">
<hr/>
</div>
<div id="footer">
<div class="xright">
Copyright &copy; 2016-2024 The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache Creadur, Creadur, Apache Rat, Apache Tentacles, Apache Whisker, Apache and the Apache feather logo are trademarks
of The Apache Software Foundation.
Oracle and Java are registered trademarks of Oracle and/or its affiliates.
All other marks mentioned may be trademarks or registered trademarks of their respective owners.
</div>
<div class="clear">
<hr/>
</div>
</div>
</body>
</html>