Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 7C48C200D06 for ; Mon, 25 Sep 2017 15:57:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 78F8D1609E9; Mon, 25 Sep 2017 13:57:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BE9B91609BB for ; Mon, 25 Sep 2017 15:57:06 +0200 (CEST) Received: (qmail 8841 invoked by uid 500); 25 Sep 2017 13:57:06 -0000 Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list notifications@ofbiz.apache.org Received: (qmail 8832 invoked by uid 99); 25 Sep 2017 13:57:05 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Sep 2017 13:57:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 66FE7D28FA for ; Mon, 25 Sep 2017 13:57:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id Bo-OV6byg35L for ; Mon, 25 Sep 2017 13:57:02 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id EE5365FDBC for ; Mon, 25 Sep 2017 13:57:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 56B9AE0F02 for ; Mon, 25 Sep 2017 13:57:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id BCDBB2423E for ; Mon, 25 Sep 2017 13:57:00 +0000 (UTC) Date: Mon, 25 Sep 2017 13:57:00 +0000 (UTC) From: "Dennis Balkir (JIRA)" To: notifications@ofbiz.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (OFBIZ-9785) [FB] Package org.apache.ofbiz.product.promo MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 25 Sep 2017 13:57:07 -0000 [ https://issues.apache.org/jira/browse/OFBIZ-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Dennis Balkir updated OFBIZ-9785: --------------------------------- Attachment: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch - Line 59: made the field {{cmartChars}} private - Line 114: instead of {{createProductPromoCodeMap}} just used null for the call of the method, since it is known that {{createProductPromoCodeMap}} is null at this point - Line 192: deleted the second check of {{line.length()}} because it was checked one line above - Line 251: added a standardcharset via {{UtilIo}} to the new String > [FB] Package org.apache.ofbiz.product.promo > ------------------------------------------- > > Key: OFBIZ-9785 > URL: https://issues.apache.org/jira/browse/OFBIZ-9785 > Project: OFBiz > Issue Type: Sub-task > Components: product > Affects Versions: Trunk > Reporter: Dennis Balkir > Priority: Minor > Attachments: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch > > > --- PromoServices.java:59, MS_PKGPROTECT > MS: org.apache.ofbiz.product.promo.PromoServices.smartChars should be package protected > A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability. > --- PromoServices.java:114, NP_LOAD_OF_KNOWN_NULL_VALUE > NP: Load of known null value in org.apache.ofbiz.product.promo.PromoServices.createProductPromoCodeSet(DispatchContext, Map) > The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was non-null). > --- PromoServices.java:193, UC_USELESS_CONDITION > Condition has no effect > This condition always produces the same result as the value of the involved variable was narrowed before. Probably something else was meant or condition can be removed. > --- PromoServices.java:249, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in org.apache.ofbiz.product.promo.PromoServices.importPromoCodeEmailsFromFile(DispatchContext, Map): new String(byte[]) > Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly. -- This message was sent by Atlassian JIRA (v6.4.14#64029)