Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 8CC4B200CF2 for ; Fri, 18 Aug 2017 21:24:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 8B14616D56E; Fri, 18 Aug 2017 19:24:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D9CBE16D56F for ; Fri, 18 Aug 2017 21:24:06 +0200 (CEST) Received: (qmail 97948 invoked by uid 500); 18 Aug 2017 19:24:04 -0000 Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list notifications@ofbiz.apache.org Received: (qmail 97937 invoked by uid 99); 18 Aug 2017 19:24:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2017 19:24:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 9AD5F1A0862 for ; Fri, 18 Aug 2017 19:24:03 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id cArdy9p4KE2h for ; Fri, 18 Aug 2017 19:24:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id B0A315FAF7 for ; Fri, 18 Aug 2017 19:24:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id D8313E0D33 for ; Fri, 18 Aug 2017 19:24:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 39C9A25381 for ; Fri, 18 Aug 2017 19:24:00 +0000 (UTC) Date: Fri, 18 Aug 2017 19:24:00 +0000 (UTC) From: "Michael Brohl (JIRA)" To: notifications@ofbiz.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 18 Aug 2017 19:24:07 -0000 [ https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Michael Brohl reassigned OFBIZ-9486: ------------------------------------ Assignee: Michael Brohl > [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware > -------------------------------------------------------------- > > Key: OFBIZ-9486 > URL: https://issues.apache.org/jira/browse/OFBIZ-9486 > Project: OFBiz > Issue Type: Sub-task > Components: accounting > Affects Versions: Trunk > Reporter: Kyra Pritzel-Hentley > Assignee: Michael Brohl > Priority: Minor > Attachments: OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch, OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch > > > PcChargeApi.java:81: 82, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut should be package protected > A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability. > PcChargeApi.java:189, DM_DEFAULT_ENCODING > * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new java.io.PrintStream(OutputStream) > Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly. > PcChargeApi.java:198, DM_DEFAULT_ENCODING > * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new String(byte[], int, int) > PcChargeServices.java:94: 180: 246: 306, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > * RCN: Redundant nullcheck of out, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices > This method contains a redundant check of a known non-null value against the constant null. > RitaApi.java:80, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut should be package protected > A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability. > RitaApi.java:84, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn should be package protected > A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability. > RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > * RCN: Redundant nullcheck of api, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices > This method contains a redundant check of a known non-null value against the constant null. -- This message was sent by Atlassian JIRA (v6.4.14#64029)