[
https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16130074#comment-16130074
]
Kyra Pritzel-Hentley commented on OFBIZ-9486:
---------------------------------------------
Hi Jacques,
It was no mistake. I removed the "protected" modifier on purpose. The FindBugs
report is pointing out that subclasses could access this variable wrongfully.
"Package protected" here means no explicit modifier should be used (which is
the same as "package private").
But anyway, "private" is the best :) Thanks for the suggestion!
> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --------------------------------------------------------------
>
> Key: OFBIZ-9486
> URL: https://issues.apache.org/jira/browse/OFBIZ-9486
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Trunk
> Reporter: Kyra Pritzel-Hentley
> Priority: Minor
> Attachments:
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch,
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch
>
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new
> java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new
> String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306,
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the
> constant null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329,
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in
> org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the
> constant null.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
