ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Leichert (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9723) [FB] Package org.apache.ofbiz.entity.datasource
Date Thu, 14 Sep 2017 11:22:00 GMT
Julian Leichert created OFBIZ-9723:
--------------------------------------

             Summary: [FB] Package org.apache.ofbiz.entity.datasource
                 Key: OFBIZ-9723
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9723
             Project: OFBiz
          Issue Type: Sub-task
    Affects Versions: Trunk
            Reporter: Julian Leichert
            Priority: Minor


GenericDAO.java:108, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.insert(GenericEntity)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:171, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleInsert(GenericEntity,
ModelEntity, List, SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:187, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.updateAll(GenericEntity)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:197, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.update(GenericEntity)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:277, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleUpdate(GenericEntity,
ModelEntity, List, SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:331, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.updateByCondition(ModelEntity,
Map, EntityCondition, SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:501, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity,
SQLProcessor)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:521, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity,
SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:547, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorit├Ąt: Normal
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity,
Set)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:592, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity,
Set)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:763, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectListIteratorByCondition(Delegator,
ModelEntity, EntityCondition, EntityCondition, Collection, List, EntityFindOptions)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:854, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of viewHavingEntityCondition, which is known to be non-null in
org.apache.ofbiz.entity.datasource.GenericDAO.makeConditionHavingString(StringBuilder, String,
ModelEntity, EntityCondition, List, List)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:913, UC_USELESS_OBJECT
Useless object created

Our analysis shows that this object is useless. It's created and modified, but its value never
go outside of the method or produce any side-effect. Either there is a mistake and object
was intended to be used or it can be removed.

This analysis rarely produces false-positives. Common false-positive cases include:

- This object used to implicitly throw some obscure exception.

- This object used as a stub to generalize the code.

- This object used to hold strong references to weak/soft-referenced objects.

GenericDAO.java:976, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectByMultiRelation(GenericValue,
ModelRelation, ModelEntity, ModelRelation, ModelEntity, List)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:1106, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectCountByCondition(Delegator,
ModelEntity, EntityCondition, EntityCondition, List, EntityFindOptions)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:1161, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorit├Ąt: Normal
- RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity,
SQLProcessor)

This method contains a redundant check of a known non-null value against the constant null.

GenericDAO.java:1174, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity,
SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericDAO.java:1212, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
- SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.deleteByCondition(ModelEntity,
EntityCondition, SQLProcessor)

The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.

GenericHelperFactory.java:38, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.entity.datasource.GenericHelperFactory.helperCache isn't final but
should be

This static field public but not final, and could be changed by malicious code or by accident
from another package. The field could be made final to avoid this vulnerability.

GenericHelperFactory.java:81, NP_NULL_ON_SOME_PATH
- NP: Possible null pointer dereference of helperConstructor in org.apache.ofbiz.entity.datasource.GenericHelperFactory.getHelper(GenericHelperInfo)

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced,
which would generate a NullPointerException when the code is executed. Of course, the problem
might be that the branch or statement is infeasible and that the null pointer exception can't
ever be executed; deciding that is beyond the ability of FindBugs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message