ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Brohl (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-9730) [FB] Package org.apache.ofbiz.order.finaccount
Date Fri, 08 Dec 2017 21:25:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-9730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Brohl closed OFBIZ-9730.
--------------------------------
       Resolution: Implemented
    Fix Version/s: Upcoming Release

Thanks Julian,

your patch is in trunk r1817573. 

> [FB] Package org.apache.ofbiz.order.finaccount
> ----------------------------------------------
>
>                 Key: OFBIZ-9730
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9730
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: order
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Assignee: Michael Brohl
>            Priority: Minor
>             Fix For: Upcoming Release
>
>         Attachments: OFBIZ-9730_org.apache.ofbiz.order.finaccount_bugfixes.patch
>
>
> FinAccountHelper.java:49, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.decimals isn't final but should
be
> This static field public but not final, and could be changed by malicious code or by
accident from another package. The field could be made final to avoid this vulnerability.
> FinAccountHelper.java:50, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.rounding isn't final but should
be
> This static field public but not final, and could be changed by malicious code or by
accident from another package. The field could be made final to avoid this vulnerability.
> FinAccountHelper.java:139, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.order.finaccount.FinAccountHelper.getFinAccountFromCode(String,
Delegator)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> FinAccountHelper.java:278, SBSC_USE_STRINGBUFFER_CONCATENATION
> - SBSC: org.apache.ofbiz.order.finaccount.FinAccountHelper.generateRandomFinNumber(Delegator,
int, boolean) concatenates strings using + in a loop
> The method seems to be building a String using concatenation in a loop. In each iteration,
the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to
a String. This can lead to a cost quadratic in the number of iterations, as the growing string
is recopied in each iteration.
> Better performance can be obtained by using a StringBuffer (or StringBuilder in Java
1.5) explicitly.
> For example:
>   // This is bad
>   String s = "";
>   for (int i = 0; i < field.length; ++i) {
>     s = s + field[i];
>   }
>   // This is better
>   StringBuffer buf = new StringBuffer();
>   for (int i = 0; i < field.length; ++i) {
>     buf.append(field[i]);
>   }
>   String s = buf.toString();



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message