[jira] [Updated] (OFBIZ-9785) [FB] Package org.apache.ofbiz.product.promo

Mon, 25 Sep 2017 06:57:24 -0700 

     [ 
https://issues.apache.org/jira/browse/OFBIZ-9785?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dennis Balkir updated OFBIZ-9785:
---------------------------------
    Attachment: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch

- Line 59: made the field {{cmartChars}} private
- Line 114: instead of {{createProductPromoCodeMap}} just used null for the 
call of the method, since it is known that {{createProductPromoCodeMap}} is 
null at this point
- Line 192: deleted the second check of {{line.length()}} because it was 
checked one line above
- Line 251: added a standardcharset via {{UtilIo}} to the new String


> [FB] Package org.apache.ofbiz.product.promo
> -------------------------------------------
>
>                 Key: OFBIZ-9785
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9785
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: product
>    Affects Versions: Trunk
>            Reporter: Dennis Balkir
>            Priority: Minor
>         Attachments: OFBIZ-9785_org.apache.ofbiz.product.promo_bugfixes.patch
>
>
> --- PromoServices.java:59, MS_PKGPROTECT
> MS: org.apache.ofbiz.product.promo.PromoServices.smartChars should be package 
> protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> --- PromoServices.java:114, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.product.promo.PromoServices.createProductPromoCodeSet(DispatchContext,
>  Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> --- PromoServices.java:193, UC_USELESS_CONDITION
> Condition has no effect
> This condition always produces the same result as the value of the involved 
> variable was narrowed before. Probably something else was meant or condition 
> can be removed.
> --- PromoServices.java:249, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.product.promo.PromoServices.importPromoCodeEmailsFromFile(DispatchContext,
>  Map): new String(byte[])
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to