[jira] [Created] (KARAF-5003) Possible bugs in the source code

Tue, 28 Feb 2017 13:47:57 -0800 

AppChecker created KARAF-5003:
---------------------------------

             Summary: Possible bugs in the source code
                 Key: KARAF-5003
                 URL: https://issues.apache.org/jira/browse/KARAF-5003
             Project: Karaf
          Issue Type: Bug
            Reporter: AppChecker


Hello!

We've checked your project with [static code analyzer 
AppChecker|https://cnpo.ru/en/solutions/appchecker.php] and it found several 
possible defects:
1) 
https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/web/src/main/java/org/apache/karaf/web/internal/WebContainerServiceImpl.java#L85
{code:java}
contextPath.trim();
{code}

contextPath is not changed. Probably it should be:

{code:java}
contextPath = contextPath.trim();
{code}

2) 
https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/shell/RepoRemoveCommand.java#L120
{code:java}
if (repository.equals(repository)) {
{code}

repository is compared with itself. Probably it should be:
{code:java}
if (this.repository.equals(repository)) {
{code}
same place - 
https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/management/internal/CellarFeaturesMBeanImpl.java#L563

3) 
https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/GenerateDescriptorMojo.java#L320
{code:java}
                enableGeneration = !"feature".equals(packaging) && 
!"feature".equals(packaging);
{code}
 !"feature".equals(packaging)  is checked twice

4) 
https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/main/src/main/java/org/apache/karaf/main/lock/DefaultJDBCLock.java#L157
{code:java}
            return metadata != null && 
(checkTableExists(tableName.toLowerCase(), metadata) //
                || checkTableExists(tableName.toLowerCase(), metadata));
{code}
checkTableExists(tableName.toLowerCase(), metadata) is checked twice

5) Not a bug, pedantic remark
https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/shell/core/src/main/java/org/apache/karaf/shell/support/table/ShellTable.java#L166

{code:java}
        if 
(ps.getClass().getName().equals("org.apache.felix.gogo.runtime.threadio.ThreadPrintStream"))
 {
{code}
Not recommended to comparising of classes by name. See:
https://cwe.mitre.org/data/definitions/486.html
https://www.securecoding.cert.org/confluence/display/java/OBJ09-J.+Compare+classes+and+not+class+names

We hope this was helpful



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to