Fork me on GitHub

SpotBugs Bug Detector Report

The following document contains the results of SpotBugs

SpotBugs Version is 4.8.6

Threshold is medium

Effort is default

Summary

Classes	Bugs	Errors	Missing Classes
308	28	0	0

Files

Class	Bugs
org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer	1
org.owasp.dependencycheck.analyzer.CentralAnalyzer	1
org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer	2
org.owasp.dependencycheck.analyzer.GolangModAnalyzer	1
org.owasp.dependencycheck.analyzer.HintAnalyzer	1
org.owasp.dependencycheck.data.cache.DataCacheFactory	1
org.owasp.dependencycheck.data.central.CentralSearch	1
org.owasp.dependencycheck.data.knownexploited.json.Vulnerability	8
org.owasp.dependencycheck.data.update.NvdApiDataSource	1
org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource	1
org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource	1
org.owasp.dependencycheck.dependency.Dependency	2
org.owasp.dependencycheck.dependency.Vulnerability	1
org.owasp.dependencycheck.dependency.naming.CpeIdentifier	1
org.owasp.dependencycheck.dependency.naming.PurlIdentifier	2
org.owasp.dependencycheck.utils.WriteLock	2
org.owasp.dependencycheck.xml.pom.PomProjectInputStream	1

org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer

Bug	Category	Details	Line	Priority
Possible null pointer dereference in org.owasp.dependencycheck.analyzer.AbstractSuppressionAnalyzer.loadSuppressionFile(SuppressionParser, String) due to return value of called method	STYLE	NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE	381	Medium

org.owasp.dependencycheck.analyzer.CentralAnalyzer

Bug	Category	Details	Line	Priority
Static field "numberOfRetries" is modified by an instance level synchronized method.	MT_CORRECTNESS	SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA	119	Medium

org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer

Bug	Category	Details	Line	Priority
Do not catch NullPointerException like in org.owasp.dependencycheck.analyzer.DependencyBundlingAnalyzer.npmVersionsMatch(String, String)	STYLE	DCN_NULLPOINTER_EXCEPTION	655	Medium

org.owasp.dependencycheck.analyzer.GolangModAnalyzer

Bug	Category	Details	Line	Priority
Static field "goPath" is modified by an instance level synchronization lock.	MT_CORRECTNESS	SSD_DO_NOT_USE_INSTANCE_LOCK_ON_SHARED_STATIC_DATA	135	Medium

org.owasp.dependencycheck.analyzer.HintAnalyzer

Bug	Category	Details	Line	Priority
Possible null pointer dereference in org.owasp.dependencycheck.analyzer.HintAnalyzer.loadHintRules() due to return value of called method	STYLE	NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE	295	Medium

org.owasp.dependencycheck.data.cache.DataCacheFactory

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.data.cache.DataCacheFactory at new org.owasp.dependencycheck.data.cache.DataCacheFactory(Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	92	Medium

org.owasp.dependencycheck.data.central.CentralSearch

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.data.central.CentralSearch at new org.owasp.dependencycheck.data.central.CentralSearch(Settings) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	96	Medium

org.owasp.dependencycheck.data.knownexploited.json.Vulnerability

Bug	Category	Details	Line	Priority
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium
Comparison of String objects using == or != in org.owasp.dependencycheck.data.knownexploited.json.Vulnerability.equals(Object)	BAD_PRACTICE	ES_COMPARING_STRINGS_WITH_EQ	367	Medium

org.owasp.dependencycheck.data.update.NvdApiDataSource

Bug	Category	Details	Line	Priority
Exception is caught when Exception is not thrown in org.owasp.dependencycheck.data.update.NvdApiDataSource.processApi()	STYLE	REC_CATCH_EXCEPTION	384	Medium

org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource at new org.owasp.dependencycheck.data.update.nvd.api.CveApiJson20CveItemSource(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	64	Medium

org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource at new org.owasp.dependencycheck.data.update.nvd.api.JsonArrayCveItemSource(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	63	Medium

org.owasp.dependencycheck.dependency.Dependency

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.dependency.Dependency at new org.owasp.dependencycheck.dependency.Dependency(File) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	194	Medium
Exception thrown in class org.owasp.dependencycheck.dependency.Dependency at new org.owasp.dependencycheck.dependency.Dependency(File, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	212	Medium

org.owasp.dependencycheck.dependency.Vulnerability

Bug	Category	Details	Line	Priority
Class org.owasp.dependencycheck.dependency.Vulnerability defines non-transient non-serializable instance field knownExploitedVulnerability	BAD_PRACTICE	SE_BAD_FIELD	Not available	High

org.owasp.dependencycheck.dependency.naming.CpeIdentifier

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.dependency.naming.CpeIdentifier at new org.owasp.dependencycheck.dependency.naming.CpeIdentifier(String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	100	Medium

org.owasp.dependencycheck.dependency.naming.PurlIdentifier

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.dependency.naming.PurlIdentifier at new org.owasp.dependencycheck.dependency.naming.PurlIdentifier(String, String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	117	Medium
Exception thrown in class org.owasp.dependencycheck.dependency.naming.PurlIdentifier at new org.owasp.dependencycheck.dependency.naming.PurlIdentifier(String, String, String, Confidence) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	99	Medium

org.owasp.dependencycheck.utils.WriteLock

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.utils.WriteLock at new org.owasp.dependencycheck.utils.WriteLock(Settings, boolean) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	112	Medium
Exception thrown in class org.owasp.dependencycheck.utils.WriteLock at new org.owasp.dependencycheck.utils.WriteLock(Settings, boolean, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	134	Medium

org.owasp.dependencycheck.xml.pom.PomProjectInputStream

Bug	Category	Details	Line	Priority
Exception thrown in class org.owasp.dependencycheck.xml.pom.PomProjectInputStream at new org.owasp.dependencycheck.xml.pom.PomProjectInputStream(InputStream) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.	BAD_PRACTICE	CT_CONSTRUCTOR_THROW	54	Medium