ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Leichert (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9681) [FB] Package org.apache.ofbiz.common
Date Thu, 07 Sep 2017 10:23:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Julian Leichert updated OFBIZ-9681:
-----------------------------------
    Attachment: OFBIZ-No_org.apache.ofbiz.common_bugfixes.patch

Fixed FindBug Warnings.

Deleted followerListStr in CommonEvents.java , because it seems not to be used anywhere.

Changed keySet() to entrySet() and adapted the referring code in FindServices.java

> [FB] Package org.apache.ofbiz.common
> ------------------------------------
>
>                 Key: OFBIZ-9681
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9681
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL APPLICATIONS, ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Priority: Minor
>         Attachments: OFBIZ-No_org.apache.ofbiz.common_bugfixes.patch
>
>
> CommonEvents.java:173, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to followerListStr in org.apache.ofbiz.common.CommonEvents.setAppletFollower(HttpServletRequest,
HttpServletResponse)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
> CommonEvents.java:292, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.common.CommonEvents.jsonResponseFromRequestAttributes(HttpServletRequest,
HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> CommonEvents.java:300, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of jsonStr, which is known to be non-null in org.apache.ofbiz.common.CommonEvents.writeJSONtoResponse(JSON,
HttpServletRequest, HttpServletResponse)
> This method contains a redundant check of a known non-null value against the constant
null.
> CommonEvents.java:488, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.common.CommonEvents.getCaptcha(HttpServletRequest,
HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> CommonServices.java:220, DM_GC
> - Dm: org.apache.ofbiz.common.CommonServices.forceGc(DispatchContext, Map) forces garbage
collection; extremely dubious except in benchmarking code
> Code explicitly invokes garbage collection. Except for specific use in benchmarking,
this is very dubious.
> In the past, situations where people have explicitly invoked the garbage collector in
routines such as close or finalize methods has led to huge performance black holes. Garbage
collection can be expensive. Any situation that forces hundreds or thousands of garbage collections
will bring the machine to a crawl.
> CommonServices.java:474, OS_OPEN_STREAM
> - OS: org.apache.ofbiz.common.CommonServices.streamTest(DispatchContext, Map) may fail
to close stream
> The method creates an IO stream object, does not assign it to any fields, pass it to
other methods that might close it, or return it, and does not appear to close the stream on
all paths out of the method.  This may result in a file descriptor leak.  It is generally
a good idea to use a finally block to ensure that streams are closed.
> CommonServices.java:474, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in org.apache.ofbiz.common.CommonServices.streamTest(DispatchContext,
Map): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to byte) conversion,
and will assume that the default platform encoding is suitable. This will cause the application
behaviour to vary between platforms. Use an alternative API and specify a charset name or
Charset object explicitly.
> CommonServices.java:477, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in org.apache.ofbiz.common.CommonServices.streamTest(DispatchContext,
Map): new java.io.OutputStreamWriter(OutputStream)
> Found a call to a method which will perform a byte to String (or String to byte) conversion,
and will assume that the default platform encoding is suitable. This will cause the application
behaviour to vary between platforms. Use an alternative API and specify a charset name or
Charset object explicitly.
> CommonServices.java:500, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to count in org.apache.ofbiz.common.CommonServices.ping(DispatchContext,
Map)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
> FindServices.java:74, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.common.FindServices.entityOperators isn't final but should be
> This static field public but not final, and could be changed by malicious code or by
accident from another package. The field could be made final to avoid this vulnerability.
> FindServices.java:127, WMI_WRONG_MAP_ITERATOR
> - WMI: org.apache.ofbiz.common.FindServices.prepareField(Map, Map, Map) makes inefficient
use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved from a
keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid
the Map.get(key) lookup.
> FindServices.java:345, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.common.FindServices.createSingleCondition(ModelField,
String, Object, boolean, Delegator, Map)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> FindServices.java:444, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.common.FindServices.performFindList(DispatchContext,
Map)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> FindServices.java:705, WMI_WRONG_MAP_ITERATOR
> - WMI: org.apache.ofbiz.common.FindServices.buildReducedQueryString(Map, String, Delegator)
makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved from a
keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid
the Map.get(key) lookup.
> FindServices.java:758, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.common.FindServices.performFindItem(DispatchContext,
Map)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> JsLanguageFileMappingCreator.java:96, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.common.JsLanguageFileMappingCreator.createJsLanguageFileMapping(DispatchContext,
Map)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> JsLanguageFileMappingCreator.java:198, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.common.JsLanguageFileMappingCreator.createJsLanguageFileMapping(DispatchContext,
Map)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> JsLanguageFilesMapping.java:32, NM_CLASS_NAMING_CONVENTION
> - Nm: The class name org.apache.ofbiz.common.JsLanguageFilesMapping$datejs doesn't start
with an upper case letter
> Class names should be nouns, in mixed case with the first letter of each internal word
capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms
and abbreviations (unless the abbreviation is much more widely used than the long form, such
as URL or HTML).
> JsLanguageFilesMapping.java:208, NM_CLASS_NAMING_CONVENTION
> - Nm: The class name org.apache.ofbiz.common.JsLanguageFilesMapping$jquery doesn't start
with an upper case letter
> Class names should be nouns, in mixed case with the first letter of each internal word
capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms
and abbreviations (unless the abbreviation is much more widely used than the long form, such
as URL or HTML).
> JsLanguageFilesMapping.java:383, NM_CLASS_NAMING_CONVENTION
> - Nm: The class name org.apache.ofbiz.common.JsLanguageFilesMapping$validation doesn't
start with an upper case letter
> Class names should be nouns, in mixed case with the first letter of each internal word
capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms
and abbreviations (unless the abbreviation is much more widely used than the long form, such
as URL or HTML).
> JsLanguageFilesMapping.java:557, NM_CLASS_NAMING_CONVENTION
> - Nm: The class name org.apache.ofbiz.common.JsLanguageFilesMapping$dateTime doesn't
start with an upper case letter
> Class names should be nouns, in mixed case with the first letter of each internal word
capitalized. Try to keep your class names simple and descriptive. Use whole words-avoid acronyms
and abbreviations (unless the abbreviation is much more widely used than the long form, such
as URL or HTML).
> KeywordSearchUtil.java:195, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.common.KeywordSearchUtil.makeKeywordSet(String,
String, boolean)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> UrlServletHelper.java:51, BC_UNCONFIRMED_CAST
> - BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest
in org.apache.ofbiz.common.UrlServletHelper.setRequestAttributes(ServletRequest, Delegator,
ServletContext)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.
> UrlServletHelper.java:92, BC_UNCONFIRMED_CAST
> - BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest
in org.apache.ofbiz.common.UrlServletHelper.setViewQueryParameters(ServletRequest, StringBuilder)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.
> UrlServletHelper.java:154, BC_UNCONFIRMED_CAST
> - BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest
in org.apache.ofbiz.common.UrlServletHelper.checkPathAlias(ServletRequest, ServletResponse,
Delegator, String)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.
> UrlServletHelper.java:155, BC_UNCONFIRMED_CAST
> - BC: Unchecked/unconfirmed cast from javax.servlet.ServletResponse to javax.servlet.http.HttpServletResponse
in org.apache.ofbiz.common.UrlServletHelper.checkPathAlias(ServletRequest, ServletResponse,
Delegator, String)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message