ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kyra Pritzel-Hentley (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
Date Mon, 14 Aug 2017 10:47:01 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125523#comment-16125523
] 

Kyra Pritzel-Hentley commented on OFBIZ-9486:
---------------------------------------------

Hello Jacques,
I removed the modifier because FindBugs suggested to make the variables package protected.
But it would make a lot of sense as well to go one step further, as you say, and make them
private. Then nothing can have influence on these variables from the outside.

> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --------------------------------------------------------------
>
>                 Key: OFBIZ-9486
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9486
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Kyra Pritzel-Hentley
>            Priority: Minor
>         Attachments: OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch
>
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut should be
package protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send():
new java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to byte) conversion,
and will assume that the default platform encoding is suitable. This will cause the application
behaviour to vary between platforms. Use an alternative API and specify a charset name or
Charset object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send():
new String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the constant
null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut should be package
protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn should be package
protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the constant
null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message