ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Brohl (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-9723) [FB] Package org.apache.ofbiz.entity.datasource
Date Fri, 08 Dec 2017 21:14:01 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Brohl closed OFBIZ-9723.
--------------------------------
       Resolution: Implemented
    Fix Version/s: Upcoming Release

Thanks Julian,

your patch is in trunk r1817570. 

> [FB] Package org.apache.ofbiz.entity.datasource
> -----------------------------------------------
>
>                 Key: OFBIZ-9723
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9723
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL APPLICATIONS, ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Assignee: Michael Brohl
>            Priority: Minor
>             Fix For: Upcoming Release
>
>         Attachments: OFBIZ-9723_org.apache.ofbiz.entity.datasource_bugfixes.patch
>
>
> GenericDAO.java:108, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.insert(GenericEntity)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:171, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleInsert(GenericEntity,
ModelEntity, List, SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:187, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.updateAll(GenericEntity)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:197, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.update(GenericEntity)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:277, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleUpdate(GenericEntity,
ModelEntity, List, SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:331, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.updateByCondition(ModelEntity,
Map, EntityCondition, SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:501, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity,
SQLProcessor)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:521, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity,
SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:547, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: Normal
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity,
Set)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:592, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity,
Set)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:763, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectListIteratorByCondition(Delegator,
ModelEntity, EntityCondition, EntityCondition, Collection, List, EntityFindOptions)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:854, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of viewHavingEntityCondition, which is known to be non-null
in org.apache.ofbiz.entity.datasource.GenericDAO.makeConditionHavingString(StringBuilder,
String, ModelEntity, EntityCondition, List, List)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:913, UC_USELESS_OBJECT
> Useless object created
> Our analysis shows that this object is useless. It's created and modified, but its value
never go outside of the method or produce any side-effect. Either there is a mistake and object
was intended to be used or it can be removed.
> This analysis rarely produces false-positives. Common false-positive cases include:
> - This object used to implicitly throw some obscure exception.
> - This object used as a stub to generalize the code.
> - This object used to hold strong references to weak/soft-referenced objects.
> GenericDAO.java:976, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectByMultiRelation(GenericValue,
ModelRelation, ModelEntity, ModelRelation, ModelEntity, List)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:1106, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectCountByCondition(Delegator,
ModelEntity, EntityCondition, EntityCondition, List, EntityFindOptions)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:1161, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: Normal
> - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity,
SQLProcessor)
> This method contains a redundant check of a known non-null value against the constant
null.
> GenericDAO.java:1174, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity,
SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericDAO.java:1212, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING
> - SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.deleteByCondition(ModelEntity,
EntityCondition, SQLProcessor)
> The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted
data from a user is used in building this String, SQL injection could be used to make the
prepared statement do something unexpected and undesirable.
> GenericHelperFactory.java:38, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.entity.datasource.GenericHelperFactory.helperCache isn't final
but should be
> This static field public but not final, and could be changed by malicious code or by
accident from another package. The field could be made final to avoid this vulnerability.
> GenericHelperFactory.java:81, NP_NULL_ON_SOME_PATH
> - NP: Possible null pointer dereference of helperConstructor in org.apache.ofbiz.entity.datasource.GenericHelperFactory.getHelper(GenericHelperInfo)
> There is a branch of statement that, if executed, guarantees that a null value will be
dereferenced, which would generate a NullPointerException when the code is executed. Of course,
the problem might be that the branch or statement is infeasible and that the null pointer
exception can't ever be executed; deciding that is beyond the ability of FindBugs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message