Kyra Pritzel-Hentley created OFBIZ-9452:
-------------------------------------------
Summary: [FB] Package org.apache.ofbiz.accounting.tax
Key: OFBIZ-9452
URL: https://issues.apache.org/jira/browse/OFBIZ-9452
Project: OFBiz
Issue Type: Sub-task
Components: accounting
Affects Versions: Trunk
Reporter: Kyra Pritzel-Hentley
Priority: Minor
TaxAuthorityServices.java:60, MS_SHOULD_BE_FINAL
* MS:
org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxFinalDecimals
isn't final but should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
TaxAuthorityServices.java:61, MS_SHOULD_BE_FINAL
* MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxCalcDecimals
isn't final but should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
TaxAuthorityServices.java:62, MS_SHOULD_BE_FINAL
* MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxRounding
isn't final but should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
TaxAuthorityServices.java:168, NP_LOAD_OF_KNOWN_NULL_VALUE
* NP: Load of known null value in
org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
Map)
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
TaxAuthorityServices.java:213, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of shippingAddress, which is known to be non-null in
org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
Map)
This method contains a redundant check of a known non-null value against the
constant null.
TaxAuthorityServices.java:388,RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
* RCN: Nullcheck of taxAuthorityRateProduct at line 388 of value previously
dereferenced in
org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator,
GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal,
BigDecimal, BigDecimal, BigDecimal)
A value is checked here to see whether it is null, but this value can't be null
because it was previously dereferenced and if it were null a null pointer
exception would have occurred at the earlier dereference. Essentially, this
code and the previous dereference disagree as to whether this value is allowed
to be null. Either the check is redundant or the previous dereference is
erroneous.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
