Julian Leichert created OFBIZ-9815:
--------------------------------------
Summary: [FB] Package org.apache.ofbiz.content.webapp.ftl
Key: OFBIZ-9815
URL: https://issues.apache.org/jira/browse/OFBIZ-9815
Project: OFBiz
Issue Type: Sub-task
Components: content
Affects Versions: Trunk
Reporter: Julian Leichert
Priority: Minor
CheckPermissionTransform.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
CheckPermissionTransform.java:99, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform$1
could be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
EditRenderSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
EditRenderSubContentCacheTransform.java:131, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1 could
be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
EditRenderSubContentCacheTransform.java:163, WMI_WRONG_MAP_ITERATOR
- WMI:
org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close()
makes inefficient use of keySet iterator instead of entrySet iterator
This method accesses the value of a Map entry, using a key that was retrieved
from a keySet iterator. It is more efficient to use an iterator on the entrySet
of the map, to avoid the Map.get(key) lookup.
EditRenderSubContentCacheTransform.java:171, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in
org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close()
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
EditRenderSubContentTransform.java:163, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
InjectNodeTrailCsvTransform.java:49, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
InjectNodeTrailCsvTransform.java:50, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.removeKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
InjectNodeTrailCsvTransform.java:87, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
LimitedSubContentCacheTransform.java:59, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
LimitedSubContentCacheTransform.java:60, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
LimitedSubContentCacheTransform.java:156, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
LimitedSubContentCacheTransform.java:226, DLS_DEAD_LOCAL_STORE
- DLS: Dead store to locale in
org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
Map, Environment, GenericValue)
This instruction assigns a value to a local variable, but the value is not read
or used in any subsequent instruction. Often, this indicates an error, because
the value computed is never used.
Note that Sun's javac compiler often generates dead stores for final local
variables. Because FindBugs is a bytecode-based tool, there is no easy way to
eliminate these false positives.
LimitedSubContentCacheTransform.java:229, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in
org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator,
Map, Environment, GenericValue)
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
LoopSubContentTransform.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
LoopSubContentTransform.java:57, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.removeKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
LoopSubContentTransform.java:189, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform$1
could be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderContentAndSubContent.java:61, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.RenderContentAndSubContent$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderContentAsText.java:55, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
RenderContentAsText.java:56, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
RenderContentAsText.java:84, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentAsText$1
could be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderContentTransform.java:66, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentTransform$1
could be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderSubContentAsText.java:51, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
RenderSubContentAsText.java:52, MS_PKGPROTECT
- MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
RenderSubContentAsText.java:83, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText$1
could be refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderSubContentCacheTransform.java:55, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
RenderSubContentCacheTransform.java:113, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderSubContentCacheTransform.java:198, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in
org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1.closeEditWrap(Writer,
String)
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
RenderSubContentTransform.java:107, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
RenderSubContentTransform.java:141, UCF_USELESS_CONTROL_FLOW
- UCF: Useless control flow in
org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1.renderSubContent()
This method contains a useless control flow statement, where control flow
continues onto the same place regardless of whether or not the branch is taken.
For example, this is caused by having an empty statement block for an if
statement:
if (argv.length == 0) {
// TODO: handle this case
}
TraverseSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
TraverseSubContentCacheTransform.java:53, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
TraverseSubContentCacheTransform.java:135, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
TraverseSubContentCacheTransform.java:235, NP_NULL_ON_SOME_PATH
- NP: Possible null pointer dereference of contentIdStart in
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1.populateContext(Map,
Map)
There is a branch of statement that, if executed, guarantees that a null value
will be dereferenced, which would generate a NullPointerException when the code
is executed. Of course, the problem might be that the branch or statement is
infeasible and that the null pointer exception can't ever be executed; deciding
that is beyond the ability of FindBugs.
TraverseSubContentTransform.java:55, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
TraverseSubContentTransform.java:56, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.removeKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
TraverseSubContentTransform.java:143, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
WrapSubContentCacheTransform.java:52, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.upSaveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
WrapSubContentCacheTransform.java:53, MS_PKGPROTECT
- MS:
org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.saveKeyNames
should be package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
WrapSubContentCacheTransform.java:142, SIC_INNER_SHOULD_BE_STATIC_ANON
- SIC: The class
org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1 could be
refactored into a named _static_ inner class
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made into a static inner class.
Since anonymous inner classes cannot be marked as static, doing this will
require refactoring the inner class so that it is a named inner class.
WrapSubContentCacheTransform.java:176, NP_LOAD_OF_KNOWN_NULL_VALUE
- NP: Load of known null value in
org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1.close()
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
