ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Leichert (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (OFBIZ-9809) [FB] Package org.apache.ofbiz.product.test
Date Thu, 05 Oct 2017 09:51:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Julian Leichert updated OFBIZ-9809:
-----------------------------------
    Attachment: OFBIZ-9809_org.apache.ofbiz.product.test_bugfixes.patch

class InventoryItemTransferTest
 - line 34 : changed to package protected
 - line 76 : added get/setInventoryTransferId(), to fix write to static field

class StockMovesTest
 - line 56 : removed dls 

> [FB] Package org.apache.ofbiz.product.test
> ------------------------------------------
>
>                 Key: OFBIZ-9809
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9809
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: product
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Priority: Minor
>         Attachments: OFBIZ-9809_org.apache.ofbiz.product.test_bugfixes.patch
>
>
> InventoryItemTransferTest.java:34, MS_PKGPROTECT
> - MS: org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId should
be package protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> InventoryItemTransferTest.java:62, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
> - ST: Write to static field org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId
from instance method org.apache.ofbiz.product.test.InventoryItemTransferTest.testCreateInventoryItemsTransfer()
> This instance method writes to a static field. This is tricky to get correct if multiple
instances are being manipulated, and generally bad practice.
> StockMovesTest.java:56, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to warningList in org.apache.ofbiz.product.test.StockMovesTest.testStockMoves()
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message