ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Leichert (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9809) [FB] Package org.apache.ofbiz.product.test
Date Thu, 05 Oct 2017 09:44:00 GMT
Julian Leichert created OFBIZ-9809:

             Summary: [FB] Package org.apache.ofbiz.product.test
                 Key: OFBIZ-9809
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9809
             Project: OFBiz
          Issue Type: Sub-task
          Components: product
    Affects Versions: Trunk
            Reporter: Julian Leichert
            Priority: Minor

InventoryItemTransferTest.java:34, MS_PKGPROTECT
- MS: org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId should be
package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

InventoryItemTransferTest.java:62, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
- ST: Write to static field org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId
from instance method org.apache.ofbiz.product.test.InventoryItemTransferTest.testCreateInventoryItemsTransfer()

This instance method writes to a static field. This is tricky to get correct if multiple instances
are being manipulated, and generally bad practice.

StockMovesTest.java:56, DLS_DEAD_LOCAL_STORE
- DLS: Dead store to warningList in org.apache.ofbiz.product.test.StockMovesTest.testStockMoves()

This instruction assigns a value to a local variable, but the value is not read or used in
any subsequent instruction. Often, this indicates an error, because the value computed is
never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because
FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

This message was sent by Atlassian JIRA

View raw message