karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-5003) Possible bugs in the source code
Date Mon, 27 Mar 2017 04:34:42 GMT

    [ https://issues.apache.org/jira/browse/KARAF-5003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15942626#comment-15942626
] 

ASF subversion and git services commented on KARAF-5003:
--------------------------------------------------------

Commit 6ecbaf4dfe3d905ac1b3161ec474736425e676db in karaf's branch refs/heads/master from [~jbonofre]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=6ecbaf4 ]

[KARAF-5003] Fix test in JDBC lock


> Possible bugs in the source code
> --------------------------------
>
>                 Key: KARAF-5003
>                 URL: https://issues.apache.org/jira/browse/KARAF-5003
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-shell, karaf-tooling, karaf-webcontainer
>            Reporter: AppChecker
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 4.0.9, 4.1.1
>
>
> Hello!
> We've checked your project with [static code analyzer AppChecker|https://cnpo.ru/en/solutions/appchecker.php]
and it found several possible defects:
> 1) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/web/src/main/java/org/apache/karaf/web/internal/WebContainerServiceImpl.java#L85
> {code:java}
> contextPath.trim();
> {code}
> contextPath is not changed. Probably it should be:
> {code:java}
> contextPath = contextPath.trim();
> {code}
> 2) https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/shell/RepoRemoveCommand.java#L120
> {code:java}
> if (repository.equals(repository)) {
> {code}
> repository is compared with itself. Probably it should be:
> {code:java}
> if (this.repository.equals(repository)) {
> {code}
> same place - https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/management/internal/CellarFeaturesMBeanImpl.java#L563
> 3) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/GenerateDescriptorMojo.java#L320
> {code:java}
>                 enableGeneration = !"feature".equals(packaging) && !"feature".equals(packaging);
> {code}
>  !"feature".equals(packaging)  is checked twice
> 4) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/main/src/main/java/org/apache/karaf/main/lock/DefaultJDBCLock.java#L157
> {code:java}
>             return metadata != null && (checkTableExists(tableName.toLowerCase(),
metadata) //
>                 || checkTableExists(tableName.toLowerCase(), metadata));
> {code}
> checkTableExists(tableName.toLowerCase(), metadata) is checked twice
> 5) Not a bug, pedantic remark
> https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/shell/core/src/main/java/org/apache/karaf/shell/support/table/ShellTable.java#L166
> {code:java}
>         if (ps.getClass().getName().equals("org.apache.felix.gogo.runtime.threadio.ThreadPrintStream"))
{
> {code}
> Not recommended to comparising of classes by name. See:
> https://cwe.mitre.org/data/definitions/486.html
> https://www.securecoding.cert.org/confluence/display/java/OBJ09-J.+Compare+classes+and+not+class+names
> We hope this was helpful



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message