[jira] [Comment Edited] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware

Thu, 17 Aug 2017 01:33:01 -0700 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16130095#comment-16130095
 ] 

Jacques Le Roux edited comment on OFBIZ-9486 at 8/17/17 8:31 AM:
-----------------------------------------------------------------

Hi Kyra,

Right: https://docs.oracle.com/javase/tutorial/java/javaOO/accesscontrol.html 
class private is better in this case :)


was (Author: jacques.le.roux):
Hi Kyra,

Right: https://docs.oracle.com/javase/tutorial/java/javaOO/accesscontrol.html 
class private is better :)

> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --------------------------------------------------------------
>
>                 Key: OFBIZ-9486
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9486
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Kyra Pritzel-Hentley
>            Priority: Minor
>         Attachments: 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch, 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch
>
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the 
> constant null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to