[
https://issues.apache.org/jira/browse/OFBIZ-9573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dennis Balkir updated OFBIZ-9573:
---------------------------------
Attachment: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch
- fixed Diamond Operators
class AdminClient:
- Line 79: added a {{StandardCharset}} to {{OutputStream}} to prevent
conversion problems
- Line 80: added a {{StandardCharset}} to {{InputStream}} to prevent conversion
problems
class AdminServer:
- Line 86: added a {{StandardCharset}} to {{InputStream}} to prevent conversion
problems
- Line 87: added a {{StandardCharset}} to {{OutputStream}} to prevent
conversion problems
- Line 106: method {{determineClientCommand()}}:
- put long if clause in extra method, easier to read
- returned directly to not have to declare more variables
- caught the "fail" with if, so the method ends naturally with the correct
return -> easier to read
- reversed the if-clause -> easier to read
class ClassPath:
- method {{addFilesFromPath}}:
- added nullcheck to check for potential empty lists
- added default Locale to {{toLowerCase}}
class Config:
- added default case with an {{IllegalArgumentException}} to prevent failures
because of empty or to long {{locales[]}}
class Start:
- added default Locale to {{toLowerCase}}
class StartUpCommandUtil:
- initialised new {{OutputStreamWriter}} with a {{StandardCharset}} to properly
read from {{printStream}}
class StartupControlPanel:
- Line 102: did nothing, the method was build to end all processes
- Line 122: did nothing, the method was build to end all processes
- last two bugs fixed as another try-catch was implemented to close streams
which maybe weren't closed before (just in case, as intended by findbugs)
> [FB] Package org.apache.ofbiz.base.start
> ----------------------------------------
>
> Key: OFBIZ-9573
> URL: https://issues.apache.org/jira/browse/OFBIZ-9573
> Project: OFBiz
> Issue Type: Sub-task
> Components: base
> Affects Versions: Trunk
> Reporter: Dennis Balkir
> Priority: Minor
> Attachments: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch
>
>
> - AdminClient.java:77, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
> Config): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> - AdminClient.java:78, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
> Config): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> - AdminServer.java:84, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List,
> AtomicReference): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> - AdminServer.java:85, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List,
> AtomicReference): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> - AdminServer.java:109, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of String.substring(int), which is known to be
> non-null in
> org.apache.ofbiz.base.start.AdminServer.determineClientCommand(String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - Classpath.java:104, NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
> NP: Possible null pointer dereference in
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) due to return
> value of called method
> The return value from a method is dereferenced without a null check, and the
> return value of that method is one that should generally be checked for null.
> This may lead to a NullPointerException when the code is executed.
> - Classpath.java:105, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - Config.java:154, SF_SWITCH_NO_DEFAULT
> SF: Switch statement found in
> org.apache.ofbiz.base.start.Config.getDefaultLocale(Properties, String) where
> default case is missing
> This method contains a switch statement where default case is missing.
> Usually you need to provide a default case.
> Because the analysis only looks at the generated bytecode, this warning can
> be incorrect triggered if the default case is at the end of the switch
> statement and the switch statement doesn't contain break statements for other
> cases.
> - Start.java:121, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.base.start.Start$ServerState.toString()
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - StartupCommandUtil.java:156, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in
> org.apache.ofbiz.base.start.StartupCommandUtil.printOfbizStartupHelp(PrintStream):
> new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> - StartupControlPanel.java:102, DM_EXIT
> Dm: org.apache.ofbiz.base.start.StartupControlPanel.stop(List,
> AtomicReference, Thread) invokes System.exit(...), which shuts down the
> entire virtual machine
> Invoking System.exit shuts down the entire Java virtual machine. This should
> only been done when it is appropriate. Such calls make it hard or impossible
> for your code to be invoked by other code. Consider throwing a
> RuntimeException instead.
> - StartupControlPanel.java:122, DM_EXIT
> Dm:
> org.apache.ofbiz.base.start.StartupControlPanel.fullyTerminateSystem(StartupException)
> invokes System.exit(...), which shuts down the entire virtual machine
> Invoking System.exit shuts down the entire Java virtual machine. This should
> only been done when it is appropriate. Such calls make it hard or impossible
> for your code to be invoked by other code. Consider throwing a
> RuntimeException instead.
> - StartupControlPanel.java:156, OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE
> OBL:
> org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String)
> may fail to clean up java.io.InputStream on checked exception
> This method may fail to clean up (close, dispose of) a stream, database
> object, or other resource requiring an explicit cleanup operation.
> In general, if a method opens a stream or other resource, the method should
> use a try/finally block to ensure that the stream or resource is cleaned up
> before the method returns.
> This bug pattern is essentially the same as the OS_OPEN_STREAM and
> ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and
> hopefully better) static analysis technique. We are interested is getting
> feedback about the usefulness of this bug pattern. To send feedback, either:
> send email to findb...@cs.umd.edu
> file a bug report: http://findbugs.sourceforge.net/reportingBugs.html
> In particular, the false-positive suppression heuristics for this bug pattern
> have not been extensively tuned, so reports about false positives are helpful
> to us.
> See Weimer and Necula, Finding and Preventing Run-Time Error Handling
> Mistakes, for a description of the analysis technique.
> - StartupControlPanel.java:156, OS_OPEN_STREAM_EXCEPTION_PATH
> OS:
> org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String)
> may fail to close stream on exception
> The method creates an IO stream object, does not assign it to any fields,
> pass it to other methods, or return it, and does not appear to close it on
> all possible exception paths out of the method. This may result in a file
> descriptor leak. It is generally a good idea to use a finally block to
> ensure that streams are closed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
