===============================================================================
Spotbugs XML Output
===============================================================================
  <BugInstance type="PATH_TRAVERSAL_IN" priority="2" rank="12" abbrev="SECPTI" category="SECURITY" instanceHash="e87dd947fe0b62234b6621ff18a5f90f" instanceOccurrenceNum="0" instanceOccurrenceMax="0" cweid="22">
    <ShortMessage>Potential Path Traversal (file read)</ShortMessage>
    <LongMessage>java/io/FileInputStream.&lt;init&gt;(Ljava/lang/String;)V reads a file whose location might be specified by user input</LongMessage>
    <Class classname="fitnesse.ComponentFactory" primary="true">
      <SourceLine classname="fitnesse.ComponentFactory" start="24" end="247" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
        <Message>At ComponentFactory.java:[lines 24-247]</Message>
      </SourceLine>
      <Message>In class fitnesse.ComponentFactory</Message>
    </Class>
    <Method classname="fitnesse.ComponentFactory" name="loadProperties" signature="(Ljava/lang/String;)V" isStatic="false" primary="true">
      <SourceLine classname="fitnesse.ComponentFactory" start="70" end="76" startBytecode="0" endBytecode="159" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java"/>
      <Message>In method fitnesse.ComponentFactory.loadProperties(String)</Message>
    </Method>
    <SourceLine classname="fitnesse.ComponentFactory" primary="true" start="71" end="71" startBytecode="30" endBytecode="30" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
      <Message>At ComponentFactory.java:[line 71]</Message>
    </SourceLine>
    <String value="java/io/FileInputStream.&lt;init&gt;(Ljava/lang/String;)V" role="Sink method">
      <Message>Sink method java/io/FileInputStream.&lt;init&gt;(Ljava/lang/String;)V</Message>
    </String>
    <String value="java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;" role="Unknown source">
      <Message>Unknown source java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;</Message>
    </String>
    <String value="java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;" role="Unknown source">
      <Message>Unknown source java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;</Message>
    </String>
    <String value="java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;" role="Unknown source">
      <Message>Unknown source java/lang/StringBuilder.append(Ljava/lang/String;)Ljava/lang/StringBuilder;</Message>
    </String>
    <String value="java/lang/StringBuilder.toString()Ljava/lang/String;" role="Unknown source">
      <Message>Unknown source java/lang/StringBuilder.toString()Ljava/lang/String;</Message>
    </String>
    <String value="java/io/FileInputStream.&lt;init&gt;(Ljava/lang/String;)V" role="Sink method">
      <Message>Sink method java/io/FileInputStream.&lt;init&gt;(Ljava/lang/String;)V</Message>
    </String>
    <SourceLine classname="fitnesse.ComponentFactory" start="47" end="47" startBytecode="12" endBytecode="12" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
      <Message>At ComponentFactory.java:[line 47]</Message>
    </SourceLine>
    <SourceLine classname="fitnesse.ComponentFactory" start="64" end="64" startBytecode="30" endBytecode="30" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
      <Message>At ComponentFactory.java:[line 64]</Message>
    </SourceLine>
    <SourceLine classname="fitnesse.ComponentFactory" start="70" end="70" startBytecode="13" endBytecode="13" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
      <Message>At ComponentFactory.java:[line 70]</Message>
    </SourceLine>
    <SourceLine classname="fitnesse.ComponentFactory" start="80" end="80" startBytecode="12" endBytecode="12" sourcefile="ComponentFactory.java" sourcepath="fitnesse/ComponentFactory.java" relSourcepath="fitnesse/ComponentFactory.java">
      <Message>At ComponentFactory.java:[line 80]</Message>
    </SourceLine>
    <SourceLine classname="fitnesse.junit.FitNesseSuite" start="135" end="135" startBytecode="84" endBytecode="84" sourcefile="FitNesseSuite.java" sourcepath="fitnesse/junit/FitNesseSuite.java" relSourcepath="fitnesse/junit/FitNesseSuite.java">
      <Message>At FitNesseSuite.java:[line 135]</Message>
    </SourceLine>
    <SourceLine classname="fitnesse.junit.FitNesseSuite" start="287" end="287" startBytecode="21" endBytecode="21" sourcefile="FitNesseSuite.java" sourcepath="fitnesse/junit/FitNesseSuite.java" relSourcepath="fitnesse/junit/FitNesseSuite.java">
      <Message>At FitNesseSuite.java:[line 287]</Message>
    </SourceLine>
    <SourceLine classname="fitnesseMain.FitNesseMain" start="108" end="108" startBytecode="24" endBytecode="24" sourcefile="FitNesseMain.java" sourcepath="fitnesseMain/FitNesseMain.java" relSourcepath="fitnesseMain/FitNesseMain.java">
      <Message>At FitNesseMain.java:[line 108]</Message>
    </SourceLine>
  </BugInstance>

===============================================================================
Code Snippet of ComponentFactory.java, FitNesseSuite.java, FitNesseMain.java:
===============================================================================
####### ComponentFactory.java
 46   public ComponentFactory(String propertiesLocation) {
 47     this(propertiesLocation, new Properties(), SymbolProvider.wikiParsingProvider);
 48   }
 49 
 50   public ComponentFactory(Properties properties) {
 51       this(properties, SymbolProvider.wikiParsingProvider);
 52   }
 53 
 54   public ComponentFactory(Properties properties, SymbolProvider symbolProvider) {
 55     this.propertiesLocation = null;
 56     this.loadedProperties = properties;
 57     propertiesAreLoaded = true;
 58     this.symbolProvider = symbolProvider;
 59   }
 60 
 61   public ComponentFactory(String propertiesLocation, Properties properties, SymbolProvider symbolProvider) {
 62     this.propertiesLocation = propertiesLocation;
 63     this.loadedProperties = properties;
 64     loadProperties(propertiesLocation);
 65     this.symbolProvider = symbolProvider;
 66   }
 67 
 68   protected void loadProperties(String propertiesLocation) {
 69     try {
 70       String propertiesPath = propertiesLocation + "/" + PROPERTIES_FILE;
 71       FileInputStream propertiesStream = new FileInputStream(propertiesPath);
 72       loadedProperties.load(propertiesStream);
 73     } catch (IOException e) {
 74       // No properties files means all defaults are loaded
 75     }
 76   }
 77 
 78   Properties getProperties() {
 79     if (!propertiesAreLoaded) {
 80       loadProperties(propertiesLocation);
 81       propertiesAreLoaded = true;
 82     }
 83     return loadedProperties;
 84   }

########## FitNesseSuite.java
123   public FitNesseSuite(Class<?> suiteClass, RunnerBuilder builder) throws InitializationError {
124     super(suiteClass);
125     this.suiteClass = suiteClass;
126     this.suiteName = getSuiteName(suiteClass);
127     this.fitNesseDir = getFitnesseDir(suiteClass);
128     this.outputDir = getOutputDir(suiteClass);
129     this.suiteFilter = getSuiteFilter(suiteClass);
130     this.excludeSuiteFilter = getExcludeSuiteFilter(suiteClass);
131     this.debugMode = useDebugMode(suiteClass);
132     this.port = getPort(suiteClass);
133 
134     try {
135       FitNesseContext context = initContext(this.fitNesseDir, port);
136       this.children = initChildren(context);
137     } catch (Exception e) {
138       throw new IllegalStateException(e);
139     }
140   }

284   private static FitNesseContext initContext(String rootPath, int port) throws Exception {
285     Builder builder = new Builder();
286     WikiPageFactory wikiPageFactory = new WikiPageFactory();
287     ComponentFactory componentFactory = new ComponentFactory(rootPath);
288 
289     builder.port = port;
290     builder.rootPath = rootPath;
291     builder.rootDirectoryName = "FitNesseRoot";
292 
293     builder.pageTheme = componentFactory.getProperty(ComponentFactory.THEME);
294     builder.defaultNewPageContent = componentFactory
295             .getProperty(ComponentFactory.DEFAULT_NEWPAGE_CONTENT);
296 
297     builder.root = wikiPageFactory.makeRootPage(builder.rootPath,
298             builder.rootDirectoryName, componentFactory);
299 
300     builder.logger = null;
301     builder.authenticator = new PromiscuousAuthenticator();
302 
303     FitNesseContext context = builder.createFitNesseContext();
304     return context;
305   }

######## FitNesseMain.java
104   private static FitNesseContext loadContext(Arguments arguments)
105     throws Exception {
106     Builder builder = new Builder();
107     WikiPageFactory wikiPageFactory = new WikiPageFactory();
108     ComponentFactory componentFactory = new ComponentFactory(arguments.getRootPath());
        ...
        ...
        ...