GMavenPlus
SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes | Bugs | Errors | Missing Classes |
|---|---|---|---|
| 46 | 42 | 0 | 0 |
Files
org.codehaus.gmavenplus.groovyworkarounds.DotGroovyFile
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.groovyworkarounds.DotGroovyFile.getScriptExtensions() may expose internal representation by returning DotGroovyFile.scriptExtensions | MALICIOUS_CODE | EI_EXPOSE_REP | 110 | Medium |
| org.codehaus.gmavenplus.groovyworkarounds.DotGroovyFile.setScriptExtensions(Set) may expose internal representation by storing an externally mutable object into DotGroovyFile.scriptExtensions | MALICIOUS_CODE | EI_EXPOSE_REP2 | 120 | Medium |
| org.codehaus.gmavenplus.groovyworkarounds.DotGroovyFile doesn't override java.io.File.equals(Object) | STYLE | EQ_DOESNT_OVERRIDE_EQUALS | 1 | Medium |
org.codehaus.gmavenplus.model.GroovyCompileConfiguration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.model.GroovyCompileConfiguration.getClasspath() may expose internal representation by returning GroovyCompileConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP | 61 | Medium |
| org.codehaus.gmavenplus.model.GroovyCompileConfiguration.getSources() may expose internal representation by returning GroovyCompileConfiguration.sources | MALICIOUS_CODE | EI_EXPOSE_REP | 57 | Medium |
| new org.codehaus.gmavenplus.model.GroovyCompileConfiguration(Set, List, File) may expose internal representation by storing an externally mutable object into GroovyCompileConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP2 | 52 | Medium |
| new org.codehaus.gmavenplus.model.GroovyCompileConfiguration(Set, List, File) may expose internal representation by storing an externally mutable object into GroovyCompileConfiguration.sources | MALICIOUS_CODE | EI_EXPOSE_REP2 | 51 | Medium |
org.codehaus.gmavenplus.model.GroovyDocConfiguration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getClasspath() may expose internal representation by returning GroovyDocConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP | 70 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getDefaultClassTemplates() may expose internal representation by returning GroovyDocConfiguration.defaultClassTemplates | MALICIOUS_CODE | EI_EXPOSE_REP | 110 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getDefaultDocTemplates() may expose internal representation by returning GroovyDocConfiguration.defaultDocTemplates | MALICIOUS_CODE | EI_EXPOSE_REP | 94 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getDefaultPackageTemplates() may expose internal representation by returning GroovyDocConfiguration.defaultPackageTemplates | MALICIOUS_CODE | EI_EXPOSE_REP | 102 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getDocProperties() may expose internal representation by returning GroovyDocConfiguration.docProperties | MALICIOUS_CODE | EI_EXPOSE_REP | 118 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getLinks() may expose internal representation by returning GroovyDocConfiguration.links | MALICIOUS_CODE | EI_EXPOSE_REP | 86 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.getSourceDirectories() may expose internal representation by returning GroovyDocConfiguration.sourceDirectories | MALICIOUS_CODE | EI_EXPOSE_REP | 66 | Medium |
| new org.codehaus.gmavenplus.model.GroovyDocConfiguration(FileSet[], List, File) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP2 | 61 | Medium |
| new org.codehaus.gmavenplus.model.GroovyDocConfiguration(FileSet[], List, File) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.sourceDirectories | MALICIOUS_CODE | EI_EXPOSE_REP2 | 60 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.setDefaultClassTemplates(String[]) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.defaultClassTemplates | MALICIOUS_CODE | EI_EXPOSE_REP2 | 114 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.setDefaultDocTemplates(String[]) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.defaultDocTemplates | MALICIOUS_CODE | EI_EXPOSE_REP2 | 98 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.setDefaultPackageTemplates(String[]) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.defaultPackageTemplates | MALICIOUS_CODE | EI_EXPOSE_REP2 | 106 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.setDocProperties(Properties) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.docProperties | MALICIOUS_CODE | EI_EXPOSE_REP2 | 122 | Medium |
| org.codehaus.gmavenplus.model.GroovyDocConfiguration.setLinks(List) may expose internal representation by storing an externally mutable object into GroovyDocConfiguration.links | MALICIOUS_CODE | EI_EXPOSE_REP2 | 90 | Medium |
| Class org.codehaus.gmavenplus.model.GroovyDocConfiguration defines non-transient non-serializable instance field links | BAD_PRACTICE | SE_BAD_FIELD | Not available | High |
org.codehaus.gmavenplus.model.GroovyStubConfiguration
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.model.GroovyStubConfiguration.getClasspath() may expose internal representation by returning GroovyStubConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP | 55 | Medium |
| org.codehaus.gmavenplus.model.GroovyStubConfiguration.getStubSources() may expose internal representation by returning GroovyStubConfiguration.stubSources | MALICIOUS_CODE | EI_EXPOSE_REP | 51 | Medium |
| new org.codehaus.gmavenplus.model.GroovyStubConfiguration(Set, List, File) may expose internal representation by storing an externally mutable object into GroovyStubConfiguration.classpath | MALICIOUS_CODE | EI_EXPOSE_REP2 | 46 | Medium |
| new org.codehaus.gmavenplus.model.GroovyStubConfiguration(Set, List, File) may expose internal representation by storing an externally mutable object into GroovyStubConfiguration.stubSources | MALICIOUS_CODE | EI_EXPOSE_REP2 | 45 | Medium |
org.codehaus.gmavenplus.model.internal.Version
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.codehaus.gmavenplus.model.internal.Version at new org.codehaus.gmavenplus.model.internal.Version(int, int, int) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 82 | Medium |
| Exception thrown in class org.codehaus.gmavenplus.model.internal.Version at new org.codehaus.gmavenplus.model.internal.Version(int, int, int, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 61 | Medium |
org.codehaus.gmavenplus.mojo.AbstractGenerateStubsMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Field AbstractGenerateStubsMojo.session masks field in superclass org.codehaus.gmavenplus.mojo.AbstractGroovyMojo | CORRECTNESS | MF_CLASS_MASKS_FIELD | Not available | Medium |
org.codehaus.gmavenplus.mojo.AbstractGroovyDocMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.codehaus.gmavenplus.mojo.AbstractGroovyDocMojo.copyStylesheet(File): new java.io.InputStreamReader(InputStream) | I18N | DM_DEFAULT_ENCODING | 456 | High |
| Found reliance on default encoding in org.codehaus.gmavenplus.mojo.AbstractGroovyDocMojo.copyStylesheet(File): new java.io.OutputStreamWriter(OutputStream) | I18N | DM_DEFAULT_ENCODING | 467 | High |
| Field AbstractGroovyDocMojo.session masks field in superclass org.codehaus.gmavenplus.mojo.AbstractGroovyMojo | CORRECTNESS | MF_CLASS_MASKS_FIELD | Not available | Medium |
org.codehaus.gmavenplus.mojo.AbstractGroovyMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception is caught when Exception is not thrown in org.codehaus.gmavenplus.mojo.AbstractGroovyMojo.getJavaExecutable() | STYLE | REC_CATCH_EXCEPTION | 283 | Medium |
org.codehaus.gmavenplus.mojo.ConsoleMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.mojo.ConsoleMojo.setupConsole(Class, Class) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 185 | Medium |
org.codehaus.gmavenplus.mojo.ExecuteMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Found reliance on default encoding in org.codehaus.gmavenplus.mojo.ExecuteMojo.executeScriptFromUrl(Class, Object, String): new java.io.InputStreamReader(InputStream) | I18N | DM_DEFAULT_ENCODING | 303 | High |
| org.codehaus.gmavenplus.mojo.ExecuteMojo.setupShell(Class) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 223 | Medium |
org.codehaus.gmavenplus.mojo.ShellMojo
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| org.codehaus.gmavenplus.mojo.ShellMojo.setupShell(Class, Class, Class, Class, Class) makes inefficient use of keySet iterator instead of entrySet iterator | PERFORMANCE | WMI_WRONG_MAP_ITERATOR | 163 | Medium |
org.codehaus.gmavenplus.util.ClassWrangler
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| Exception thrown in class org.codehaus.gmavenplus.util.ClassWrangler at new org.codehaus.gmavenplus.util.ClassWrangler(List, ClassLoader, Log) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. | BAD_PRACTICE | CT_CONSTRUCTOR_THROW | 72 | Medium |
| org.codehaus.gmavenplus.util.ClassWrangler.createNewClassLoader(List, ClassLoader) creates a java.net.URLClassLoader classloader, which should be performed within a doPrivileged block | MALICIOUS_CODE | DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED | 259 | Medium |
| org.codehaus.gmavenplus.util.ClassWrangler.getClassLoader() may expose internal representation by returning ClassWrangler.classLoader | MALICIOUS_CODE | EI_EXPOSE_REP | 241 | Medium |
| Redundant nullcheck of groovyObjectClassPath, which is known to be non-null in org.codehaus.gmavenplus.util.ClassWrangler.getJarPath() | STYLE | RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE | 291 | Medium |
org.codehaus.gmavenplus.util.NoExitSecurityManager
| Bug | Category | Details | Line | Priority |
|---|---|---|---|---|
| The method 'org.codehaus.gmavenplus.util.NoExitSecurityManager.checkPermission(Permission)' performs security check by using 'SecurityManager.checkPermission(Permission)' method of Security Manager Class, but is overrideable. Declare the method final or private in order to resolve the issue. | MALICIOUS_CODE | VSC_VULNERABLE_SECURITY_CHECK_METHODS | 57 | Medium |