Dennis Balkir created OFBIZ-9573:
------------------------------------
Summary: [FB] Package org.apache.ofbiz.base.start
Key: OFBIZ-9573
URL: https://issues.apache.org/jira/browse/OFBIZ-9573
Project: OFBiz
Issue Type: Sub-task
Components: base
Affects Versions: Trunk
Reporter: Dennis Balkir
Priority: Minor
- AdminClient.java:77, DM_DEFAULT_ENCODING
Dm: Found reliance on default encoding in
org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
Config): new java.io.PrintWriter(OutputStream, boolean)
Found a call to a method which will perform a byte to String (or String to
byte) conversion, and will assume that the default platform encoding is
suitable. This will cause the application behaviour to vary between platforms.
Use an alternative API and specify a charset name or Charset object explicitly.
- AdminClient.java:78, DM_DEFAULT_ENCODING
Dm: Found reliance on default encoding in
org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
Config): new java.io.InputStreamReader(InputStream)
Found a call to a method which will perform a byte to String (or String to
byte) conversion, and will assume that the default platform encoding is
suitable. This will cause the application behaviour to vary between platforms.
Use an alternative API and specify a charset name or Charset object explicitly.
- AdminServer.java:84, DM_DEFAULT_ENCODING
Dm: Found reliance on default encoding in
org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List,
AtomicReference): new java.io.InputStreamReader(InputStream)
Found a call to a method which will perform a byte to String (or String to
byte) conversion, and will assume that the default platform encoding is
suitable. This will cause the application behaviour to vary between platforms.
Use an alternative API and specify a charset name or Charset object explicitly.
- AdminServer.java:85, DM_DEFAULT_ENCODING
Dm: Found reliance on default encoding in
org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List,
AtomicReference): new java.io.PrintWriter(OutputStream, boolean)
Found a call to a method which will perform a byte to String (or String to
byte) conversion, and will assume that the default platform encoding is
suitable. This will cause the application behaviour to vary between platforms.
Use an alternative API and specify a charset name or Charset object explicitly.
- AdminServer.java:109, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of String.substring(int), which is known to be
non-null in
org.apache.ofbiz.base.start.AdminServer.determineClientCommand(String)
This method contains a redundant check of a known non-null value against the
constant null.
- Classpath.java:104, NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
NP: Possible null pointer dereference in
org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) due to return
value of called method
The return value from a method is dereferenced without a null check, and the
return value of that method is one that should generally be checked for null.
This may lead to a NullPointerException when the code is executed.
- Classpath.java:105, DM_CONVERT_CASE
Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File)
A String is being converted to upper or lowercase, using the platform's default
encoding. This may result in improper conversions when used with international
characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
versions instead.
- Config.java:154, SF_SWITCH_NO_DEFAULT
SF: Switch statement found in
org.apache.ofbiz.base.start.Config.getDefaultLocale(Properties, String) where
default case is missing
This method contains a switch statement where default case is missing. Usually
you need to provide a default case.
Because the analysis only looks at the generated bytecode, this warning can be
incorrect triggered if the default case is at the end of the switch statement
and the switch statement doesn't contain break statements for other cases.
- Start.java:121, DM_CONVERT_CASE
Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
org.apache.ofbiz.base.start.Start$ServerState.toString()
A String is being converted to upper or lowercase, using the platform's default
encoding. This may result in improper conversions when used with international
characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
versions instead.
- StartupCommandUtil.java:156, DM_DEFAULT_ENCODING
Dm: Found reliance on default encoding in
org.apache.ofbiz.base.start.StartupCommandUtil.printOfbizStartupHelp(PrintStream):
new java.io.PrintWriter(OutputStream, boolean)
Found a call to a method which will perform a byte to String (or String to
byte) conversion, and will assume that the default platform encoding is
suitable. This will cause the application behaviour to vary between platforms.
Use an alternative API and specify a charset name or Charset object explicitly.
- StartupControlPanel.java:102, DM_EXIT
Dm: org.apache.ofbiz.base.start.StartupControlPanel.stop(List, AtomicReference,
Thread) invokes System.exit(...), which shuts down the entire virtual machine
Invoking System.exit shuts down the entire Java virtual machine. This should
only been done when it is appropriate. Such calls make it hard or impossible
for your code to be invoked by other code. Consider throwing a RuntimeException
instead.
- StartupControlPanel.java:122, DM_EXIT
Dm:
org.apache.ofbiz.base.start.StartupControlPanel.fullyTerminateSystem(StartupException)
invokes System.exit(...), which shuts down the entire virtual machine
Invoking System.exit shuts down the entire Java virtual machine. This should
only been done when it is appropriate. Such calls make it hard or impossible
for your code to be invoked by other code. Consider throwing a RuntimeException
instead.
- StartupControlPanel.java:156, OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
OBL:
org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String)
may fail to clean up java.io.InputStream on checked exception
This method may fail to clean up (close, dispose of) a stream, database object,
or other resource requiring an explicit cleanup operation.
In general, if a method opens a stream or other resource, the method should use
a try/finally block to ensure that the stream or resource is cleaned up before
the method returns.
This bug pattern is essentially the same as the OS_OPEN_STREAM and
ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and
hopefully better) static analysis technique. We are interested is getting
feedback about the usefulness of this bug pattern. To send feedback, either:
send email to findb...@cs.umd.edu
file a bug report: http://findbugs.sourceforge.net/reportingBugs.html
In particular, the false-positive suppression heuristics for this bug pattern
have not been extensively tuned, so reports about false positives are helpful
to us.
See Weimer and Necula, Finding and Preventing Run-Time Error Handling Mistakes,
for a description of the analysis technique.
- StartupControlPanel.java:156, OS_OPEN_STREAM_EXCEPTION_PATH
OS:
org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String)
may fail to close stream on exception
The method creates an IO stream object, does not assign it to any fields, pass
it to other methods, or return it, and does not appear to close it on all
possible exception paths out of the method. This may result in a file
descriptor leak. It is generally a good idea to use a finally block to ensure
that streams are closed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
