SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 308 |
31 |
0 |
0 |
org.owasp.dependencycheck.Engine
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.Engine at new org.owasp.dependencycheck.Engine(ClassLoader, Engine$Mode, Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
194 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.Engine at new org.owasp.dependencycheck.Engine(ClassLoader, Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
178 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.Engine at new org.owasp.dependencycheck.Engine(Engine$Mode, Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
168 |
Medium |
org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile(SuppressionParser, String) due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
381 |
Medium |
org.owasp.dependencycheck.analyzer.CentralAnalyzer
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer
| Bug |
Category |
Details |
Line |
Priority |
| Do not catch NullPointerException like in org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.npmVersionsMatch(String, String) |
STYLE |
DCN_NULLPOINTER_EXCEPTION |
655 |
Medium |
org.owasp.dependencycheck.analyzer.GolangModAnalyzer
org.owasp.dependencycheck.analyzer.HintAnalyzer
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference in org.owasp.dependencycheck.analyzer.HintAnalyzer.loadHintRules() due to return value of called method |
STYLE |
NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE |
295 |
Medium |
org.owasp.dependencycheck.data.cache.DataCacheFactory
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.data.cache.DataCacheFactory at new org.owasp.dependencycheck.data.cache.DataCacheFactory(Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
92 |
Medium |
org.owasp.dependencycheck.data.central.CentralSearch
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.data.central.CentralSearch at new org.owasp.dependencycheck.data.central.CentralSearch(Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
101 |
Medium |
org.owasp.dependencycheck.data.knownexploited.json.Vulnerability
| Bug |
Category |
Details |
Line |
Priority |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
| Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object) |
BAD_PRACTICE |
ES_COMPARING_STRINGS_WITH_EQ |
367 |
Medium |
org.owasp.dependencycheck.data.update.NvdApiDataSource
| Bug |
Category |
Details |
Line |
Priority |
| Exception is caught when Exception is not thrown in org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi() |
STYLE |
REC_CATCH_EXCEPTION |
382 |
Medium |
org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource at new org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
64 |
Medium |
org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource at new org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
63 |
Medium |
org.owasp.dependencycheck.dependency.Dependency
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.dependency.Dependency at new org.owasp.dependencycheck.dependency.Dependency(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
194 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.dependency.Dependency at new org.owasp.dependencycheck.dependency.Dependency(File, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
212 |
Medium |
org.owasp.dependencycheck.dependency.Vulnerability
| Bug |
Category |
Details |
Line |
Priority |
| Class org.owasp.dependencycheck.dependency.Vulnerability defines non-transient non-serializable instance field knownExploitedVulnerability |
BAD_PRACTICE |
SE_BAD_FIELD |
Not available |
High |
org.owasp.dependencycheck.dependency.naming.CpeIdentifier
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.dependency.naming.CpeIdentifier at new org.owasp.dependencycheck.dependency.naming.CpeIdentifier(String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
100 |
Medium |
org.owasp.dependencycheck.dependency.naming.PurlIdentifier
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.dependency.naming.PurlIdentifier at new org.owasp.dependencycheck.dependency.naming.PurlIdentifier(String, String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
117 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.dependency.naming.PurlIdentifier at new org.owasp.dependencycheck.dependency.naming.PurlIdentifier(String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
99 |
Medium |
org.owasp.dependencycheck.utils.WriteLock
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.utils.WriteLock at new org.owasp.dependencycheck.utils.WriteLock(Settings, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
112 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.utils.WriteLock at new org.owasp.dependencycheck.utils.WriteLock(Settings, boolean, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
134 |
Medium |
org.owasp.dependencycheck.xml.pom.PomProjectInputStream
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.xml.pom.PomProjectInputStream at new org.owasp.dependencycheck.xml.pom.PomProjectInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
54 |
Medium |
