SpotBugs Bug Detector Report
The following document contains the results of SpotBugs
SpotBugs Version is 4.8.6
Threshold is medium
Effort is default
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 29 |
5 |
0 |
0 |
org.owasp.dependencycheck.utils.Downloader
| Bug |
Category |
Details |
Line |
Priority |
| Public static org.owasp.dependencycheck.utils.Downloader.getInstance() may expose internal representation by returning Downloader.INSTANCE |
MALICIOUS_CODE |
MS_EXPOSE_REP |
135 |
Medium |
org.owasp.dependencycheck.utils.SSLSocketFactoryEx
| Bug |
Category |
Details |
Line |
Priority |
| Exception thrown in class org.owasp.dependencycheck.utils.SSLSocketFactoryEx at new org.owasp.dependencycheck.utils.SSLSocketFactoryEx(SSLContext, Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
114 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.utils.SSLSocketFactoryEx at new org.owasp.dependencycheck.utils.SSLSocketFactoryEx(Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
78 |
Medium |
| Exception thrown in class org.owasp.dependencycheck.utils.SSLSocketFactoryEx at new org.owasp.dependencycheck.utils.SSLSocketFactoryEx(KeyManager[], TrustManager[], SecureRandom, Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks. |
BAD_PRACTICE |
CT_CONSTRUCTOR_THROW |
99 |
Medium |
org.owasp.dependencycheck.utils.Settings
| Bug |
Category |
Details |
Line |
Priority |
| Do not catch NullPointerException like in org.owasp.dependencycheck.utils.Settings.initialize(String) |
STYLE |
DCN_NULLPOINTER_EXCEPTION |
895 |
Medium |
OWASP dependency-check-utils
