Fork me on GitHub
Built by Maven

FindBugs Bug Detector Report

The following document contains the results of FindBugs Report

FindBugs Version is 2.0.2

Threshold is medium

Effort is min

Summary

Classes Bugs Errors Missing Classes
201 10 0 0

Files

Class Bugs
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer 2
org.owasp.dependencycheck.analyzer.JarAnalyzer 2
org.owasp.dependencycheck.analyzer.JavaScriptAnalyzer 1
org.owasp.dependencycheck.data.nvdcve.CveDB 1
org.owasp.dependencycheck.data.update.task.CallableDownloadTask 1
org.owasp.dependencycheck.utils.Downloader 1
org.owasp.dependencycheck.utils.LogUtils 1

org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer

Bug Category Details Line Priority
Possible null pointer dereference of currentVersion in org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency) CORRECTNESS NP_NULL_ON_SOME_PATH 163 Medium
Possible null pointer dereference of nextVersion on branch that might be infeasible in org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency) STYLE NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE 163 Medium

org.owasp.dependencycheck.analyzer.JarAnalyzer

Bug Category Details Line Priority
Possible null pointer dereference of input in org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String, JarFile, Dependency) on exception path CORRECTNESS NP_NULL_ON_SOME_PATH_EXCEPTION 396 Medium
org.owasp.dependencycheck.analyzer.JarAnalyzer.extractPom(String, JarFile, Dependency) may fail to close stream BAD_PRACTICE OS_OPEN_STREAM 384 Medium

org.owasp.dependencycheck.analyzer.JavaScriptAnalyzer

Bug Category Details Line Priority
Found reliance on default encoding in org.owasp.dependencycheck.analyzer.JavaScriptAnalyzer.analyze(Dependency, Engine): new java.io.FileReader(File) I18N DM_DEFAULT_ENCODING 110 High

org.owasp.dependencycheck.data.nvdcve.CveDB

Bug Category Details Line Priority
org.owasp.dependencycheck.data.nvdcve.CveDB.getVendorProductList() may fail to close PreparedStatement BAD_PRACTICE ODR_OPEN_DATABASE_RESOURCE 297 Medium

org.owasp.dependencycheck.data.update.task.CallableDownloadTask

Bug Category Details Line Priority
new org.owasp.dependencycheck.data.update.task.CallableDownloadTask(NvdCveInfo, ExecutorService, CveDB) might ignore java.io.IOException BAD_PRACTICE DE_MIGHT_IGNORE 58 Medium

org.owasp.dependencycheck.utils.Downloader

Bug Category Details Line Priority
Redundant nullcheck of conn which is known to be null in org.owasp.dependencycheck.utils.Downloader.getConnection(URL) STYLE RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE 211 Medium

org.owasp.dependencycheck.utils.LogUtils

Bug Category Details Line Priority
Changes to logger could be lost in org.owasp.dependencycheck.utils.LogUtils.prepareLogger(InputStream, String) EXPERIMENTAL LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE 58 High