-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
issue-4 #5
Conversation
|
||
public static boolean match(final String filter, final OperationData data) | ||
{ | ||
final String[] expression = filter.split("="); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
StringSplitter: String.split(String) has surprising behavior (details)
final String[] expression = filter.split("="); | |
final List<String> expression = Splitter.on('=').splitToList(filter); |
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
} | ||
|
||
final boolean existsOnClassPath = ExtractMojo.class.getClassLoader().getResourceAsStream(source) != null; | ||
final boolean existsOnFilesystem = Files.exists(Paths.get(source)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input (details)
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
||
if (targetFile == null) | ||
{ | ||
targetFile = Paths.get(project.getBuild().getOutputDirectory()).resolve(name + ".yaml").toFile(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input (details)
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
public static boolean match(final OperationFilter filter, final OperationData data) | ||
{ | ||
final String path = filter.getPointer().startsWith("/") ? filter.getPointer() : "/" + filter.getPointer(); | ||
final String regexp = filter.getExpression(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UnusedVariable: The local variable 'regexp' is never read. (details)
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
} | ||
|
||
@Override | ||
public boolean equals(final Object o) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EqualsGetClass: Prefer instanceof to getClass when implementing Object#equals. (details)
public boolean equals(final Object o) | |
if (!(o instanceof OperationFilter)) return false; |
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
|
||
if (outputFile == null) | ||
{ | ||
outputFile = Paths.get(project.getBuild().getOutputDirectory()).resolve(name + ".yaml").toFile(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input (details)
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
} | ||
|
||
final boolean existsOnClassPath = ExtractMojo.class.getClassLoader().getResourceAsStream(source) != null; | ||
final boolean existsOnFilesystem = Files.exists(Paths.get(source)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PATH_TRAVERSAL_IN: This API (java/nio/file/Paths.get(Ljava/lang/String;[Ljava/lang/String;)Ljava/nio/file/Path;) reads a file whose location might be specified by user input (details)
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
</dependency> | ||
<dependency> | ||
<groupId>org.apache.maven.plugin-tools</groupId> | ||
<artifactId>maven-plugin-annotations</artifactId> | ||
<version>3.6.0</version> | ||
<version>3.6.4</version> | ||
<scope>provided</scope> | ||
</dependency> | ||
<dependency> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Severe OSS Vulnerability:
pkg:maven/org.apache.maven/maven-core@3.8.5
0 Critical, 2 Severe, 0 Moderate, 0 Unknown vulnerabilities have been found across 2 dependencies
Components
pkg:maven/com.google.guava/guava@27.0.1-jre
SEVERE Vulnerabilities (1)
[sonatype-2020-0926] CWE-379: Creation of Temporary File in Directory with Incorrect Permissions
guava - Creation of Temporary File in Directory with Insecure Permissions [CVE-2020-8908]
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CVSS Score: 6.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-379
pkg:maven/commons-io/commons-io@2.6
SEVERE Vulnerabilities (1)
[sonatype-2018-0705] CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
commons-io - Path Traversal [CVE-2021-29425]
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVSS Score: 5.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-22
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
No description provided.