FindBugs Bug Detector Report
The following document contains the results of FindBugs Report
FindBugs Version is 2.0.1
Threshold is medium
Effort is min
Summary
| Classes |
Bugs |
Errors |
Missing Classes |
| 194 |
8 |
0 |
0 |
org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer
| Bug |
Category |
Details |
Line |
Priority |
| Possible null pointer dereference of currentVersion in org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency) |
CORRECTNESS |
NP_NULL_ON_SOME_PATH |
166 |
Medium |
| Possible null pointer dereference of nextVersion on branch that might be infeasible in org.owasp.dependencycheck.analyzer.FalsePositiveAnalyzer.removeSpuriousCPE(Dependency) |
STYLE |
NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE |
166 |
Medium |
org.owasp.dependencycheck.analyzer.JavaScriptAnalyzer
| Bug |
Category |
Details |
Line |
Priority |
| Dead store to extractComments in org.owasp.dependencycheck.analyzer.JavaScriptAnalyzer.analyze(Dependency, Engine) |
STYLE |
DLS_DEAD_LOCAL_STORE |
99 |
Medium |
org.owasp.dependencycheck.concurrency.DirectorySpinLock
| Bug |
Category |
Details |
Line |
Priority |
| exceptional return value of java.io.File.delete() ignored in org.owasp.dependencycheck.concurrency.DirectorySpinLock.close() |
BAD_PRACTICE |
RV_RETURN_VALUE_IGNORED_BAD_PRACTICE |
247 |
Medium |
org.owasp.dependencycheck.data.nvdcve.CveDB
| Bug |
Category |
Details |
Line |
Priority |
| org.owasp.dependencycheck.data.nvdcve.CveDB.getVendorProductList() may fail to close PreparedStatement |
BAD_PRACTICE |
ODR_OPEN_DATABASE_RESOURCE |
177 |
Medium |
org.owasp.dependencycheck.utils.Downloader
| Bug |
Category |
Details |
Line |
Priority |
| Redundant nullcheck of conn which is known to be null in org.owasp.dependencycheck.utils.Downloader.getConnection(URL) |
STYLE |
RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE |
216 |
Medium |
org.owasp.dependencycheck.utils.LogUtils
| Bug |
Category |
Details |
Line |
Priority |
| Changes to logger could be lost in org.owasp.dependencycheck.utils.LogUtils.prepareLogger(InputStream, String) |
EXPERIMENTAL |
LG_LOST_LOGGER_DUE_TO_WEAK_REFERENCE |
59 |
High |
