ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julian Leichert (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9815) [FB] Package org.apache.ofbiz.content.webapp.ftl
Date Thu, 05 Oct 2017 15:45:00 GMT
Julian Leichert created OFBIZ-9815:
--------------------------------------

             Summary: [FB] Package org.apache.ofbiz.content.webapp.ftl
                 Key: OFBIZ-9815
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9815
             Project: OFBiz
          Issue Type: Sub-task
          Components: content
    Affects Versions: Trunk
            Reporter: Julian Leichert
            Priority: Minor


CheckPermissionTransform.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform.saveKeyNames should be
package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

CheckPermissionTransform.java:99, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform$1 could be refactored
into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

EditRenderSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform.saveKeyNames
should be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

EditRenderSubContentCacheTransform.java:131, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1
could be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

EditRenderSubContentCacheTransform.java:163, WMI_WRONG_MAP_ITERATOR
- WMI: org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close() makes
inefficient use of keySet iterator instead of entrySet iterator

This method accesses the value of a Map entry, using a key that was retrieved from a keySet
iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the
Map.get(key) lookup.

EditRenderSubContentCacheTransform.java:171, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close()

The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).

EditRenderSubContentTransform.java:163, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentTransform$1 could
be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

InjectNodeTrailCsvTransform.java:49, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.saveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

InjectNodeTrailCsvTransform.java:50, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.removeKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

InjectNodeTrailCsvTransform.java:87, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform$1 could be
refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

LimitedSubContentCacheTransform.java:59, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.upSaveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

LimitedSubContentCacheTransform.java:60, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.saveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

LimitedSubContentCacheTransform.java:156, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1 could
be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

LimitedSubContentCacheTransform.java:226, DLS_DEAD_LOCAL_STORE
- DLS: Dead store to locale in org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
Map, Environment, GenericValue)

This instruction assigns a value to a local variable, but the value is not read or used in
any subsequent instruction. Often, this indicates an error, because the value computed is
never used.

Note that Sun's javac compiler often generates dead stores for final local variables. Because
FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

LimitedSubContentCacheTransform.java:229, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
Map, Environment, GenericValue)

The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).

LoopSubContentTransform.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.saveKeyNames should be package
protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

LoopSubContentTransform.java:57, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.removeKeyNames should be
package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

LoopSubContentTransform.java:189, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform$1 could be refactored
into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderContentAndSubContent.java:61, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentAndSubContent$1 could be
refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderContentAsText.java:55, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.upSaveKeyNames should be package
protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

RenderContentAsText.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.saveKeyNames should be package
protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

RenderContentAsText.java:84, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentAsText$1 could be refactored
into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderContentTransform.java:66, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentTransform$1 could be refactored
into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderSubContentAsText.java:51, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.upSaveKeyNames should be
package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

RenderSubContentAsText.java:52, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.saveKeyNames should be package
protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

RenderSubContentAsText.java:83, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText$1 could be refactored
into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderSubContentCacheTransform.java:55, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform.upSaveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

RenderSubContentCacheTransform.java:113, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1 could
be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderSubContentCacheTransform.java:198, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1.closeEditWrap(Writer,
String)

The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).

RenderSubContentTransform.java:107, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1 could be
refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

RenderSubContentTransform.java:141, UCF_USELESS_CONTROL_FLOW
- UCF: Useless control flow in org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1.renderSubContent()

This method contains a useless control flow statement, where control flow continues onto the
same place regardless of whether or not the branch is taken. For example, this is caused by
having an empty statement block for an if statement:

    if (argv.length == 0) {
    // TODO: handle this case
    }

TraverseSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.upSaveKeyNames
should be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

TraverseSubContentCacheTransform.java:53, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.saveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

TraverseSubContentCacheTransform.java:135, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1 could
be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

TraverseSubContentCacheTransform.java:235, NP_NULL_ON_SOME_PATH
- NP: Possible null pointer dereference of contentIdStart in org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1.populateContext(Map,
Map)

There is a branch of statement that, if executed, guarantees that a null value will be dereferenced,
which would generate a NullPointerException when the code is executed. Of course, the problem
might be that the branch or statement is infeasible and that the null pointer exception can't
ever be executed; deciding that is beyond the ability of FindBugs.

TraverseSubContentTransform.java:55, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.saveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

TraverseSubContentTransform.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.removeKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

TraverseSubContentTransform.java:143, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform$1 could be
refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

WrapSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.upSaveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

WrapSubContentCacheTransform.java:53, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.saveKeyNames should
be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

WrapSubContentCacheTransform.java:142, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1 could
be refactored into a named _static_ inner class

This class is an inner class, but does not use its embedded reference to the object which
created it.  This reference makes the instances of the class larger, and may keep the reference
to the creator object alive longer than necessary.  If possible, the class should be made
into a static inner class. Since anonymous inner classes cannot be marked as static, doing
this will require refactoring the inner class so that it is a named inner class.

WrapSubContentCacheTransform.java:176, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1.close()

The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null). 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message