Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 8BE87200CFE for ; Fri, 8 Sep 2017 10:38:09 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 8AADD1609A7; Fri, 8 Sep 2017 08:38:09 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D0AA71609C0 for ; Fri, 8 Sep 2017 10:38:08 +0200 (CEST) Received: (qmail 10167 invoked by uid 500); 8 Sep 2017 08:38:07 -0000 Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list notifications@ofbiz.apache.org Received: (qmail 10158 invoked by uid 99); 8 Sep 2017 08:38:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Sep 2017 08:38:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7238D1A2308 for ; Fri, 8 Sep 2017 08:38:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id cyLOGWkMWtMB for ; Fri, 8 Sep 2017 08:38:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 271A75FC84 for ; Fri, 8 Sep 2017 08:38:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 920A2E0E6E for ; Fri, 8 Sep 2017 08:38:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 4536924153 for ; Fri, 8 Sep 2017 08:38:00 +0000 (UTC) Date: Fri, 8 Sep 2017 08:38:00 +0000 (UTC) From: "Dennis Balkir (JIRA)" To: notifications@ofbiz.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (OFBIZ-9679) [FB] Package org.apache.ofbiz.base.conversion MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 08 Sep 2017 08:38:09 -0000 [ https://issues.apache.org/jira/browse/OFBIZ-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dennis Balkir updated OFBIZ-9679: --------------------------------- Attachment: OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch > [FB] Package org.apache.ofbiz.base.conversion > --------------------------------------------- > > Key: OFBIZ-9679 > URL: https://issues.apache.org/jira/browse/OFBIZ-9679 > Project: OFBiz > Issue Type: Sub-task > Components: base > Affects Versions: Trunk > Reporter: Dennis Balkir > Priority: Minor > Attachments: OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch, OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch > > > - BooleanConverters.java:72, DM_CONVERT_CASE > Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.base.conversion.BooleanConverters$StringToBoolean.convert(String) > A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the > String.toUpperCase( Locale l ) > String.toLowerCase( Locale l ) > versions instead. > - CollectionConverters.java:46, BC_VACUOUS_INSTANCEOF > BC: instanceof will always return true for all nonnull values in org.apache.ofbiz.base.conversion.CollectionConverters$ArrayCreator.createConverter(Class, Class), since all Class are instances of Object > This instanceof test will always return true (unless the value being tested is null). Although this is safe, make sure it isn't an indication of some misunderstanding or some other logic error. If you really want to test the value for being null, perhaps it would be clearer to do better to do a null test rather than an instanceof test. > - Converters.java:39, MS_MUTABLE_COLLECTION_PKGPROTECT > Field is a mutable collection which should be package protected > A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability. > - Converters.java:40, MS_MUTABLE_COLLECTION_PKGPROTECT > Field is a mutable collection which should be package protected > A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability. > - Converters.java:154, REC_CATCH_EXCEPTION > REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.base.conversion.Converters.loadContainedConverters(Class) > This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs. > A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below: > try { > ... > } catch (RuntimeException e) { > throw e; > } catch (Exception e) { > ... deal with all non-runtime exceptions ... > } > - MiscConverters.java:90, PZLA_PREFER_ZERO_LENGTH_ARRAYS > PZLA: Should org.apache.ofbiz.base.conversion.MiscConverters$ByteBufferToByteArray.convert(ByteBuffer) return a zero length array rather than null? > It is often a better design to return a length zero array rather than a null reference to indicate that there are no results (i.e., an empty list of results). This way, no explicit check for null is needed by clients of the method. > On the other hand, using null to indicate "there is no answer to this question" is probably appropriate. For example, File.listFiles() returns an empty list if given a directory containing no files, and returns null if the file is not a directory. -- This message was sent by Atlassian JIRA (v6.4.14#64029)