Dennis Balkir created OFBIZ-9823: ------------------------------------ Summary: [FB] Package org.apache.ofbiz.marketing.tracking Key: OFBIZ-9823 URL: https://issues.apache.org/jira/browse/OFBIZ-9823 Project: OFBiz Issue Type: Sub-task Components: marketing Affects Versions: Trunk Reporter: Dennis Balkir Priority: Minor
--- TrackingCodeEvents.java:261, RpC_REPEATED_CONDITIONAL_TEST RpC: Repeated conditional test in org.apache.ofbiz.marketing.tracking.TrackingCodeEvents.processTrackingCode(GenericValue, HttpServletRequest, HttpServletResponse, String) The code contains a conditional test is performed twice, one right after the other (e.g., x == 0 || x == 0). Perhaps the second occurrence is intended to be something else (e.g., x == 0 || y == 0). --- TrackingCodeEvents.java:261, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE RCN: Redundant nullcheck of visitorSiteId, which is known to be non-null in org.apache.ofbiz.marketing.tracking.TrackingCodeEvents.processTrackingCode(GenericValue, HttpServletRequest, HttpServletResponse, String) This method contains a redundant check of a known non-null value against the constant null. --- TrackingCodeEvents.java:263, HRS_REQUEST_PARAMETER_TO_COOKIE HRS: HTTP cookie formed from untrusted input in org.apache.ofbiz.marketing.tracking.TrackingCodeEvents.processTrackingCode(GenericValue, HttpServletRequest, HttpServletResponse, String) This code constructs an HTTP Cookie using an untrusted HTTP parameter. If this cookie is added to an HTTP response, it will allow a HTTP response splitting vulnerability. See http://en.wikipedia.org/wiki/HTTP_response_splitting for more information. FindBugs looks only for the most blatant, obvious cases of HTTP response splitting. If FindBugs found any, you almost certainly have more vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP response splitting, you should seriously consider using a commercial static analysis or pen-testing tool. -- This message was sent by Atlassian JIRA (v6.4.14#64029)