[ https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16130095#comment-16130095 ]
Jacques Le Roux edited comment on OFBIZ-9486 at 8/17/17 8:31 AM: ----------------------------------------------------------------- Hi Kyra, Right: https://docs.oracle.com/javase/tutorial/java/javaOO/accesscontrol.html class private is better in this case :) was (Author: jacques.le.roux): Hi Kyra, Right: https://docs.oracle.com/javase/tutorial/java/javaOO/accesscontrol.html class private is better :) > [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware > -------------------------------------------------------------- > > Key: OFBIZ-9486 > URL: https://issues.apache.org/jira/browse/OFBIZ-9486 > Project: OFBiz > Issue Type: Sub-task > Components: accounting > Affects Versions: Trunk > Reporter: Kyra Pritzel-Hentley > Priority: Minor > Attachments: > OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch, > OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch > > > PcChargeApi.java:81: 82, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > PcChargeApi.java:189, DM_DEFAULT_ENCODING > * Dm: Found reliance on default encoding in > org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new > java.io.PrintStream(OutputStream) > Found a call to a method which will perform a byte to String (or String to > byte) conversion, and will assume that the default platform encoding is > suitable. This will cause the application behaviour to vary between > platforms. Use an alternative API and specify a charset name or Charset > object explicitly. > PcChargeApi.java:198, DM_DEFAULT_ENCODING > * Dm: Found reliance on default encoding in > org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new > String(byte[], int, int) > PcChargeServices.java:94: 180: 246: 306, > RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > * RCN: Redundant nullcheck of out, which is known to be non-null in > org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices > This method contains a redundant check of a known non-null value against the > constant null. > RitaApi.java:80, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RitaApi.java:84, MS_PKGPROTECT > * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, > RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > * RCN: Redundant nullcheck of api, which is known to be non-null in > org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices > This method contains a redundant check of a known non-null value against the > constant null. -- This message was sent by Atlassian JIRA (v6.4.14#64029)