[jira] [Created] (OFBIZ-9730) [FB] Package org.apache.ofbiz.order.finaccount

Thu, 21 Sep 2017 03:09:21 -0700 

Julian Leichert created OFBIZ-9730:
--------------------------------------

             Summary: [FB] Package org.apache.ofbiz.order.finaccount
                 Key: OFBIZ-9730
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9730
             Project: OFBiz
          Issue Type: Sub-task
          Components: order
    Affects Versions: Trunk
            Reporter: Julian Leichert
            Priority: Minor


FinAccountHelper.java:49, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.decimals isn't final 
but should be

This static field public but not final, and could be changed by malicious code 
or by accident from another package. The field could be made final to avoid 
this vulnerability.

FinAccountHelper.java:50, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.rounding isn't final 
but should be

This static field public but not final, and could be changed by malicious code 
or by accident from another package. The field could be made final to avoid 
this vulnerability.

FinAccountHelper.java:139, DM_CONVERT_CASE
- Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
org.apache.ofbiz.order.finaccount.FinAccountHelper.getFinAccountFromCode(String,
 Delegator)

A String is being converted to upper or lowercase, using the platform's default 
encoding. This may result in improper conversions when used with international 
characters. Use the

String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
versions instead.

FinAccountHelper.java:278, SBSC_USE_STRINGBUFFER_CONCATENATION
- SBSC: 
org.apache.ofbiz.order.finaccount.FinAccountHelper.generateRandomFinNumber(Delegator,
 int, boolean) concatenates strings using + in a loop

The method seems to be building a String using concatenation in a loop. In each 
iteration, the String is converted to a StringBuffer/StringBuilder, appended 
to, and converted back to a String. This can lead to a cost quadratic in the 
number of iterations, as the growing string is recopied in each iteration.

Better performance can be obtained by using a StringBuffer (or StringBuilder in 
Java 1.5) explicitly.

For example:

  // This is bad
  String s = "";
  for (int i = 0; i < field.length; ++i) {
    s = s + field[i];
  }

  // This is better
  StringBuffer buf = new StringBuffer();
  for (int i = 0; i < field.length; ++i) {
    buf.append(field[i]);
  }
  String s = buf.toString();



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to