ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Brohl (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (OFBIZ-9859) [FB] Package org.apache.ofbiz.content.content
Date Mon, 11 Dec 2017 06:10:00 GMT

    [ https://issues.apache.org/jira/browse/OFBIZ-9859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16285548#comment-16285548
] 

Michael Brohl commented on OFBIZ-9859:
--------------------------------------

Thanks Dennis, 

most changes of your patch are in trunk r1817742.

I did not take the changes in ContentWorker. The changes in ContentWorker#checkConditions
would have changed the logic and have to be reworked, please have a look.

> [FB] Package org.apache.ofbiz.content.content
> ---------------------------------------------
>
>                 Key: OFBIZ-9859
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9859
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: content
>    Affects Versions: Trunk
>            Reporter: Dennis Balkir
>            Assignee: Michael Brohl
>            Priority: Minor
>         Attachments: OFBIZ-9859_org.apache.ofbiz.content.content_bugfixes.patch
>
>
> --- ContentKeywordIndex.java:59, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of delegator, which is known to be non-null in org.apache.ofbiz.content.content.ContentKeywordIndex.indexKeywords(GenericValue,
boolean)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentKeywordIndex.java:73, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.ContentKeywordIndex.indexKeywords(GenericValue,
boolean)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentMapFacade.java:54, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can be changed
by malicious code or by accident from another package. The field could be made package protected
to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc.
to avoid this vulnerability.
> --- ContentMapFacade.java:418, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.ContentMapFacade$Content.get(Object)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentMapFacade.java:451, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.ContentMapFacade$SubContent.get(Object)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentPermissionServices.java:181, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of entityAction, which is known to be non-null in org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
Map)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentPermissionServices.java:238, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of auxGetter, which is known to be non-null in org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
Map)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentPermissionServices.java:243, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of roleGetter, which is known to be non-null in org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
Map)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentSearch.java:451, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentSearch.java:564, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint defines equals
and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and inherits the
implementation of hashCode() from java.lang.Object (which returns the identity hash code,
an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely
to violate the invariant that equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrary constant will do
>   }
> --- ContentSearch.java:564, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint
assumes the argument is of type ContentSearch$ContentAssocConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of o. It should
simply return false if o is not the same type as this.
> --- ContentSearch.java:604, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentSearch.java:685, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint
assumes the argument is of type ContentSearch$KeywordConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of o. It should
simply return false if o is not the same type as this.
> --- ContentSearch.java:685, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint defines equals and
uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and inherits the
implementation of hashCode() from java.lang.Object (which returns the identity hash code,
an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely
to violate the invariant that equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrary constant will do
>   }
> --- ContentSearch.java:722, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentSearch.java:723, EI_EXPOSE_REP2
> EI2: new org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint(Timestamp,
Timestamp) may expose internal representation by storing an externally mutable object into
ContentSearch$LastUpdatedRangeConstraint.fromDate
> This code stores a reference to an externally mutable object into the internal representation
of the object.  If instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties, you will need to do
something different. Storing a copy of the object is better approach in many situations.
> --- ContentSearch.java:724, EI_EXPOSE_REP2
> EI2: new org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint(Timestamp,
Timestamp) may expose internal representation by storing an externally mutable object into
ContentSearch$LastUpdatedRangeConstraint.thruDate
> This code stores a reference to an externally mutable object into the internal representation
of the object.  If instances are accessed by untrusted code, and unchecked changes to the
mutable object would compromise security or other important properties, you will need to do
something different. Storing a copy of the object is better approach in many situations.
> --- ContentSearch.java:773, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint defines
equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and inherits the
implementation of hashCode() from java.lang.Object (which returns the identity hash code,
an arbitrary value assigned to the object by the VM).  Therefore, the class is very likely
to violate the invariant that equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a HashMap/HashTable,
the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrary constant will do
>   }
> --- ContentSearch.java:773, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint
assumes the argument is of type ContentSearch$LastUpdatedRangeConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of o. It should
simply return false if o is not the same type as this.
> --- ContentSearch.java:818, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$SortKeywordRelevancy is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentSearch.java:858, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$SortContentField is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentSearchSession.java:46, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearchSession$ContentSearchOptions is Serializable;
consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a serialVersionUID
field.  A change as simple as adding a reference to a .class object will add synthetic fields
to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding
a reference to String.class will generate a static field class$java$lang$String). Also, different
source code to bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure interoperability of
Serializable across versions, consider adding an explicit serialVersionUID.
> --- ContentServices.java:78, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.ContentServices.findRelatedContent(DispatchContext,
Map)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentServices.java:837, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to subContentDataResourceView in org.apache.ofbiz.content.content.ContentServices.renderSubContentAsText(DispatchContext,
Map)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
> --- ContentServicesComplex.java:232, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to fromDate in org.apache.ofbiz.content.content.ContentServicesComplex.getAssocAndContentAndDataResourceCacheMethod(Delegator,
String, String, String, Timestamp, String, List, List, Boolean, String, String)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
> --- ContentUrlFilter.java:55, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to javax.servlet.http.HttpServletRequest
in org.apache.ofbiz.content.content.ContentUrlFilter.doFilter(ServletRequest, ServletResponse,
FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.
> --- ContentUrlFilter.java:56, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletResponse to javax.servlet.http.HttpServletResponse
in org.apache.ofbiz.content.content.ContentUrlFilter.doFilter(ServletRequest, ServletResponse,
FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be cast to
the type it is being cast to. Check that your program logic ensures that this cast will not
fail.
> --- ContentWorker.java:155, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of targetLocaleString, which is known to be non-null in org.apache.ofbiz.content.content.ContentWorker.findContentForRendering(Delegator,
String, Locale, String, String, boolean)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentWorker.java:191, RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> RCN: Nullcheck of dispatcher at line 198 of value previously dereferenced in org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
GenericValue, Appendable, Map, Locale, String, boolean, List)
> A value is checked here to see whether it is null, but this value can't be null because
it was previously dereferenced and if it were null a null pointer exception would have occurred
at the earlier dereference. Essentially, this code and the previous dereference disagree as
to whether this value is allowed to be null. Either the check is redundant or the previous
dereference is erroneous.
> --- ContentWorker.java:201, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of service, which is known to be non-null in org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
GenericValue, Appendable, Map, Locale, String, boolean, List)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentWorker.java:292, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of textData, which is known to be non-null in org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
GenericValue, Appendable, Map, Locale, String, boolean, List)
> This method contains a redundant check of a known non-null value against the constant
null.
> --- ContentWorker.java:305, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
GenericValue, Appendable, Map, Locale, String, boolean, List)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentWorker.java:718, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in org.apache.ofbiz.content.content.ContentWorker.selectKids(Map,
Map)
> The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).
> --- ContentWorker.java:1119, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in org.apache.ofbiz.content.content.ContentWorker.getSubContentCache(Delegator,
String, String, GenericValue, List, Timestamp, Boolean, String)
> The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).
> --- ContentWorker.java:1176, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in org.apache.ofbiz.content.content.ContentWorker.getCurrentContent(Delegator,
List, GenericValue, Map, Boolean, String)
> The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).
> --- ContentWorker.java:1253, NP_NULL_PARAM_DEREF
> NP: Null passed for nonnull parameter of getPurposes(GenericValue) in org.apache.ofbiz.content.content.ContentWorker.checkConditions(Delegator,
Map, Map, Map)
> This method call passes a null value for a non-null method parameter. Either the parameter
is annotated as a parameter that should always be non-null, or analysis has shown that it
will always be dereferenced.
> --- ContentWorker.java:1578, WMI_WRONG_MAP_ITERATOR
> WMI: org.apache.ofbiz.content.content.ContentWorker.logMap(StringBuilder, String, Map,
StringBuilder) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved from a
keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid
the Map.get(key) lookup.
> --- PermissionRecorder.java:53, MS_PKGPROTECT
> MS: org.apache.ofbiz.content.content.PermissionRecorder.opFields should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> --- PermissionRecorder.java:54, MS_PKGPROTECT
> MS: org.apache.ofbiz.content.content.PermissionRecorder.fieldTitles should be package
protected
> A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.
> --- PermissionRecorder.java:93, EI_EXPOSE_REP
> EI: org.apache.ofbiz.content.content.PermissionRecorder.getContentPurposeOperations()
may expose internal representation by returning PermissionRecorder.contentPurposeOperations
> Returning a reference to a mutable object value stored in one of the object's fields
exposes the internal representation of the object.  If instances are accessed by untrusted
code, and unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
> --- PermissionRecorder.java:109, EI_EXPOSE_REP
> EI: org.apache.ofbiz.content.content.PermissionRecorder.getStatusTargets() may expose
internal representation by returning PermissionRecorder.statusTargets
> Returning a reference to a mutable object value stored in one of the object's fields
exposes the internal representation of the object.  If instances are accessed by untrusted
code, and unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
> --- PermissionRecorder.java:117, EI_EXPOSE_REP
> EI: org.apache.ofbiz.content.content.PermissionRecorder.getTargetOperations() may expose
internal representation by returning PermissionRecorder.targetOperations
> Returning a reference to a mutable object value stored in one of the object's fields
exposes the internal representation of the object.  If instances are accessed by untrusted
code, and unchecked changes to the mutable object would compromise security or other important
properties, you will need to do something different. Returning a new copy of the object is
better approach in many situations.
> --- PermissionRecorder.java:287, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.content.content.PermissionRecorder.renderResultRowHtml(Map,
Map)
> A String is being converted to upper or lowercase, using the platform's default encoding.
This may result in improper conversions when used with international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- UploadContentAndImage.java:315, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentAndImage(HttpServletRequest,
HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> --- UploadContentAndImage.java:353, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to imageBytes in org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentStuff(HttpServletRequest,
HttpServletResponse)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
> --- UploadContentAndImage.java:401, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentStuff(HttpServletRequest,
HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but Exception is not
thrown within the try block, and RuntimeException is not explicitly caught. It is a common
bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching
a number of types of exception each of whose catch blocks is identical, but this construct
also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown,
or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> --- UploadContentAndImage.java:531, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to ftlResults in org.apache.ofbiz.content.content.UploadContentAndImage.processContentUpload(Map,
String, HttpServletRequest)
> This instruction assigns a value to a local variable, but the value is not read or used
in any subsequent instruction. Often, this indicates an error, because the value computed
is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables.
Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message