[ https://issues.apache.org/jira/browse/OFBIZ-9573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dennis Balkir updated OFBIZ-9573: --------------------------------- Attachment: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch - fixed Diamond Operators class AdminClient: - Line 79: added a {{StandardCharset}} to {{OutputStream}} to prevent conversion problems - Line 80: added a {{StandardCharset}} to {{InputStream}} to prevent conversion problems class AdminServer: - Line 86: added a {{StandardCharset}} to {{InputStream}} to prevent conversion problems - Line 87: added a {{StandardCharset}} to {{OutputStream}} to prevent conversion problems - Line 106: method {{determineClientCommand()}}: - put long if clause in extra method, easier to read - returned directly to not have to declare more variables - caught the "fail" with if, so the method ends naturally with the correct return -> easier to read - reversed the if-clause -> easier to read class ClassPath: - method {{addFilesFromPath}}: - added nullcheck to check for potential empty lists - added default Locale to {{toLowerCase}} class Config: - added default case with an {{IllegalArgumentException}} to prevent failures because of empty or to long {{locales[]}} class Start: - added default Locale to {{toLowerCase}} class StartUpCommandUtil: - initialised new {{OutputStreamWriter}} with a {{StandardCharset}} to properly read from {{printStream}} class StartupControlPanel: - Line 102: did nothing, the method was build to end all processes - Line 122: did nothing, the method was build to end all processes - last two bugs fixed as another try-catch was implemented to close streams which maybe weren't closed before (just in case, as intended by findbugs) > [FB] Package org.apache.ofbiz.base.start > ---------------------------------------- > > Key: OFBIZ-9573 > URL: https://issues.apache.org/jira/browse/OFBIZ-9573 > Project: OFBiz > Issue Type: Sub-task > Components: base > Affects Versions: Trunk > Reporter: Dennis Balkir > Priority: Minor > Attachments: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch > > > - AdminClient.java:77, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in > org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand, > Config): new java.io.PrintWriter(OutputStream, boolean) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > - AdminClient.java:78, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in > org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand, > Config): new java.io.InputStreamReader(InputStream) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > - AdminServer.java:84, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in > org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, > AtomicReference): new java.io.InputStreamReader(InputStream) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > - AdminServer.java:85, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in > org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, > AtomicReference): new java.io.PrintWriter(OutputStream, boolean) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > - AdminServer.java:109, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > RCN: Redundant nullcheck of String.substring(int), which is known to be > non-null in > org.apache.ofbiz.base.start.AdminServer.determineClientCommand(String) > This method contains a redundant check of a known non-null value against the > constant null. > - Classpath.java:104, NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE > NP: Possible null pointer dereference in > org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) due to return > value of called method > The return value from a method is dereferenced without a null check, and the > return value of that method is one that should generally be checked for null. > This may lead to a NullPointerException when the code is executed. > - Classpath.java:105, DM_CONVERT_CASE > Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in > org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) > A String is being converted to upper or lowercase, using the platform's > default encoding. This may result in improper conversions when used with > international characters. Use the > String.toUpperCase( Locale l ) > String.toLowerCase( Locale l ) > versions instead. > - Config.java:154, SF_SWITCH_NO_DEFAULT > SF: Switch statement found in > org.apache.ofbiz.base.start.Config.getDefaultLocale(Properties, String) where > default case is missing > This method contains a switch statement where default case is missing. > Usually you need to provide a default case. > Because the analysis only looks at the generated bytecode, this warning can > be incorrect triggered if the default case is at the end of the switch > statement and the switch statement doesn't contain break statements for other > cases. > - Start.java:121, DM_CONVERT_CASE > Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in > org.apache.ofbiz.base.start.Start$ServerState.toString() > A String is being converted to upper or lowercase, using the platform's > default encoding. This may result in improper conversions when used with > international characters. Use the > String.toUpperCase( Locale l ) > String.toLowerCase( Locale l ) > versions instead. > - StartupCommandUtil.java:156, DM_DEFAULT_ENCODING > Dm: Found reliance on default encoding in > org.apache.ofbiz.base.start.StartupCommandUtil.printOfbizStartupHelp(PrintStream): > new java.io.PrintWriter(OutputStream, boolean) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > - StartupControlPanel.java:102, DM_EXIT > Dm: org.apache.ofbiz.base.start.StartupControlPanel.stop(List, > AtomicReference, Thread) invokes System.exit(...), which shuts down the > entire virtual machine > Invoking System.exit shuts down the entire Java virtual machine. This should > only been done when it is appropriate. Such calls make it hard or impossible > for your code to be invoked by other code. Consider throwing a > RuntimeException instead. > - StartupControlPanel.java:122, DM_EXIT > Dm: > org.apache.ofbiz.base.start.StartupControlPanel.fullyTerminateSystem(StartupException) > invokes System.exit(...), which shuts down the entire virtual machine > Invoking System.exit shuts down the entire Java virtual machine. This should > only been done when it is appropriate. Such calls make it hard or impossible > for your code to be invoked by other code. Consider throwing a > RuntimeException instead. > - StartupControlPanel.java:156, OBL_UNSATISFIED_OBLIGATION_EXCEPTION_EDGE > OBL: > org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String) > may fail to clean up java.io.InputStream on checked exception > This method may fail to clean up (close, dispose of) a stream, database > object, or other resource requiring an explicit cleanup operation. > In general, if a method opens a stream or other resource, the method should > use a try/finally block to ensure that the stream or resource is cleaned up > before the method returns. > This bug pattern is essentially the same as the OS_OPEN_STREAM and > ODR_OPEN_DATABASE_RESOURCE bug patterns, but is based on a different (and > hopefully better) static analysis technique. We are interested is getting > feedback about the usefulness of this bug pattern. To send feedback, either: > send email to findb...@cs.umd.edu > file a bug report: http://findbugs.sourceforge.net/reportingBugs.html > In particular, the false-positive suppression heuristics for this bug pattern > have not been extensively tuned, so reports about false positives are helpful > to us. > See Weimer and Necula, Finding and Preventing Run-Time Error Handling > Mistakes, for a description of the analysis technique. > - StartupControlPanel.java:156, OS_OPEN_STREAM_EXCEPTION_PATH > OS: > org.apache.ofbiz.base.start.StartupControlPanel.loadGlobalOfbizSystemProperties(String) > may fail to close stream on exception > The method creates an IO stream object, does not assign it to any fields, > pass it to other methods, or return it, and does not appear to close it on > all possible exception paths out of the method. This may result in a file > descriptor leak. It is generally a good idea to use a finally block to > ensure that streams are closed. -- This message was sent by Atlassian JIRA (v6.4.14#64029)