ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Balkir (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9785) [FB] Package org.apache.ofbiz.product.promo
Date Mon, 25 Sep 2017 13:57:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dennis Balkir updated OFBIZ-9785:
---------------------------------
    Attachment: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch

- Line 59: made the field {{cmartChars}} private
- Line 114: instead of {{createProductPromoCodeMap}} just used null for the call of the method,
since it is known that {{createProductPromoCodeMap}} is null at this point
- Line 192: deleted the second check of {{line.length()}} because it was checked one line
above
- Line 251: added a standardcharset via {{UtilIo}} to the new String


> [FB] Package org.apache.ofbiz.product.promo
> -------------------------------------------
>
>                 Key: OFBIZ-9785
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9785
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: product
>    Affects Versions: Trunk
>            Reporter: Dennis Balkir
>            Priority: Minor
>         Attachments: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch
>
>
> --- PromoServices.java:59, MS_PKGPROTECT
> MS: org.apache.ofbiz.product.promo.PromoServices.smartChars should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> --- PromoServices.java:114, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in org.apache.ofbiz.product.promo.PromoServices.createProductPromoCodeSet(DispatchContext,
Map)
> The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).
> --- PromoServices.java:193, UC_USELESS_CONDITION
> Condition has no effect
> This condition always produces the same result as the value of the involved variable
was narrowed before. Probably something else was meant or condition can be removed.
> --- PromoServices.java:249, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in org.apache.ofbiz.product.promo.PromoServices.importPromoCodeEmailsFromFile(DispatchContext,
Map): new String(byte[])
> Found a call to a method which will perform a byte to String (or String to byte) conversion,
and will assume that the default platform encoding is suitable. This will cause the application
behaviour to vary between platforms. Use an alternative API and specify a charset name or
Charset object explicitly.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message