[
https://issues.apache.org/jira/browse/OFBIZ-9716?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl closed OFBIZ-9716.
--------------------------------
Resolution: Implemented
Fix Version/s: Upcoming Release
Thanks Julian,
your modified patch is in trunk r1813640.
> [FB] Package org.apache.ofbiz.entity
> ------------------------------------
>
> Key: OFBIZ-9716
> URL: https://issues.apache.org/jira/browse/OFBIZ-9716
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL APPLICATIONS, ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Julian Leichert
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9716_org.apache.ofbiz.entity_bugfixes.patch
>
>
> GenericDelegator.java:117, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.entity.GenericDelegator.userIdentifierStack isn't
> final but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> GenericDelegator.java:119, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.entity.GenericDelegator.sessionIdentifierStack isn't
> final but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> GenericDelegator.java:324, RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> - RV: Exceptional return value of
> java.util.concurrent.ExecutorService.submit(Runnable) ignored in
> org.apache.ofbiz.entity.GenericDelegator.initEntityEcaHandler()
> This method returns a value that is not checked. The return value should be
> checked since it can indicate an unusual or unexpected function execution.
> For example, the File.delete() method returns false if the file could not be
> successfully deleted (rather than throwing an Exception). If you don't check
> the result, you won't notice if the method invocation signals unexpected
> behavior by returning an atypical return value.
> GenericDelegator.java:452, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of entity, which is known to be non-null in
> org.apache.ofbiz.entity.GenericDelegator.getModelEntityMapByGroup(String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericDelegator.java:579, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelFieldTypeReader, which is known to be
> non-null in
> org.apache.ofbiz.entity.GenericDelegator.getModelFieldTypeReader(ModelEntity)
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericDelegator.java:597, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of modelFieldTypeReader, which is known to be
> non-null in
> org.apache.ofbiz.entity.GenericDelegator.getEntityFieldTypeNames(ModelEntity)
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericDelegator.java:789, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of value, which is known to be non-null in
> org.apache.ofbiz.entity.GenericDelegator.createSetNextSeqId(GenericValue)
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericDelegator.java:846, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.createSetNextSeqId(GenericValue)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:879, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of value, which is known to be non-null in
> org.apache.ofbiz.entity.GenericDelegator.create(GenericValue)
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericDelegator.java:902, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.create(GenericValue)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:932, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.createOrStore(GenericValue)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1013, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.removeByPrimaryKey(GenericPK)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1070, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.removeValue(GenericValue)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1126, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.removeByCondition(String,
> EntityCondition)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1208, REC_CATCH_EXCEPTION, Priorität: Niedrig
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.storeByCondition(String, Map,
> EntityCondition)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1261, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.store(GenericValue)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1347, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.storeAll(List, EntityStoreOptions)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1385, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.removeAll(List)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1458, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.findOne(String, Map, boolean)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1497, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.findByPrimaryKeyPartial(GenericPK,
> Set)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1595, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.findList(String, EntityCondition,
> Set, List, EntityFindOptions, boolean)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1662, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.findCountByCondition(String,
> EntityCondition, EntityCondition, EntityFindOptions)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:1693, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.getMultiRelation(GenericValue,
> String, String, List)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:2358, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.entity.GenericDelegator.setNextSubSeqId(GenericValue,
> String, int, int)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> GenericDelegator.java:2607, SIC_INNER_SHOULD_BE_STATIC
> - SIC: Should org.apache.ofbiz.entity.GenericDelegator$TestOperation be a
> _static_ inner class?
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made static.
> GenericDelegator.java:2638, RV_RETURN_VALUE_IGNORED_BAD_PRACTICE
> - RV: Exceptional return value of
> java.util.concurrent.ExecutorService.submit(Runnable) ignored in
> org.apache.ofbiz.entity.GenericDelegator.initDistributedCacheClear()
> This method returns a value that is not checked. The return value should be
> checked since it can indicate an unusual or unexpected function execution.
> For example, the File.delete() method returns false if the file could not be
> successfully deleted (rather than throwing an Exception). If you don't check
> the result, you won't notice if the method invocation signals unexpected
> behavior by returning an atypical return value.
> GenericEntity.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> - Se: The field org.apache.ofbiz.entity.GenericEntity.observable is transient
> but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class,
> thus it seems to be part of the state of the class. However, since the field
> is marked as transient and not set in readObject or readResolve, it will
> contain the default value in any deserialized instance of the class.
> GenericEntity.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> - Se: The field org.apache.ofbiz.entity.GenericEntity.modelEntity is
> transient but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class,
> thus it seems to be part of the state of the class. However, since the field
> is marked as transient and not set in readObject or readResolve, it will
> contain the default value in any deserialized instance of the class.
> GenericEntity.java:75, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.entity.GenericEntity is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> GenericEntity.java:354, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of
> org.apache.ofbiz.entity.GenericEntity.delegatorName, which is known to be
> non-null in org.apache.ofbiz.entity.GenericEntity.getDelegator()
> This method contains a redundant check of a known non-null value against the
> constant null.
> GenericEntity.java:474, DE_MIGHT_IGNORE
> DE: org.apache.ofbiz.entity.GenericEntity.set(String, Object, boolean) might
> ignore org.apache.ofbiz.base.util.GeneralException
> This method might ignore an exception. In general, exceptions should be
> handled or reported in some way, or they should be thrown out of the method.
> GenericEntity.java:476, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in
> org.apache.ofbiz.entity.GenericEntity.set(String, Object, boolean):
> String.getBytes()
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> GenericEntity.java:532, NP_NULL_ON_SOME_PATH
> - NP: Possible null pointer dereference of field in
> org.apache.ofbiz.entity.GenericEntity.setString(String, String)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
> GenericEntity.java:540, SF_SWITCH_NO_DEFAULT
> - SF: Switch statement found in
> org.apache.ofbiz.entity.GenericEntity.setString(String, String) where default
> case is missing
> This method contains a switch statement where default case is missing.
> Usually you need to provide a default case.
> Because the analysis only looks at the generated bytecode, this warning can
> be incorrect triggered if the default case is at the end of the switch
> statement and the switch statement doesn't contain break statements for other
> cases.
> GenericEntity.java:542, DB_DUPLICATE_SWITCH_CLAUSES
> - DB: org.apache.ofbiz.entity.GenericEntity.setString(String, String) uses
> the same code for two switch clauses
> This method uses the same code to implement two clauses of a switch
> statement. This could be a case of duplicate code, but it might also indicate
> a coding mistake.
> GenericEntity.java:624, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in
> org.apache.ofbiz.entity.GenericEntity.setNextSeqId()
> This method contains a useless control flow statement, where control flow
> continues onto the same place regardless of whether or not the branch is
> taken. For example, this is caused by having an empty statement block for an
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> GenericEntity.java:636, NP_BOOLEAN_RETURN_NULL
> - NP: org.apache.ofbiz.entity.GenericEntity.getBoolean(String) has Boolean
> return type and returns explicit null
> A method that returns either Boolean.TRUE, Boolean.FALSE or null is an
> accident waiting to happen. This method can be invoked as though it returned
> a value of type boolean, and the compiler will insert automatic unboxing of
> the Boolean value. If a null value is returned, this will result in a
> NullPointerException.
> GenericEntity.java:712, DM_FP_NUMBER_CTOR
> - Bx: org.apache.ofbiz.entity.GenericEntity.getDouble(String) invokes
> inefficient new Double(double) constructor; use Double.valueOf(double) instead
> Using new Double(double) is guaranteed to always result in a new object
> whereas Double.valueOf(double) allows caching of values to be done by the
> compiler, class library, or JVM. Using of cached values avoids object
> allocation and the code will be faster.
> Unless the class must be compatible with JVMs predating Java 1.5, use either
> autoboxing or the valueOf() method when creating instances of Double and
> Float.
> GenericEntity.java:731, PZLA_PREFER_ZERO_LENGTH_ARRAYS
> - PZLA: Should org.apache.ofbiz.entity.GenericEntity.getBytes(String) return
> a zero length array rather than null?
> It is often a better design to return a length zero array rather than a null
> reference to indicate that there are no results (i.e., an empty list of
> results). This way, no explicit check for null is needed by clients of the
> method.
> On the other hand, using null to indicate "there is no answer to this
> question" is probably appropriate. For example, File.listFiles() returns an
> empty list if given a directory containing no files, and returns null if the
> file is not a directory.
> GenericEntity.java:1151, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in
> org.apache.ofbiz.entity.GenericEntity.writeXmlText(PrintWriter, String): new
> String(byte[])
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> GenericEntity.java:1328, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in
> org.apache.ofbiz.entity.GenericEntity.toString(): String.getBytes()
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> GenericEntity.java:1427, CN_IDIOM_NO_SUPER_CALL
> - CN: org.apache.ofbiz.entity.GenericEntity.clone() does not call
> super.clone()
> This non-final class defines a clone() method that does not call
> super.clone(). If this class ("A") is extended by a subclass ("B"), and the
> subclass B calls super.clone(), then it is likely that B's clone() method
> will return an object of type A, which violates the standard contract for
> clone().
> If all clone() methods call super.clone(), then they are guaranteed to use
> Object.clone(), which always returns an object of the correct type.
> GenericEntity.java:1592, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.entity.GenericEntity$NullGenericEntity is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> GenericEntity.java:1616, EQ_COMPARETO_USE_OBJECT_EQUALS
> - Eq: org.apache.ofbiz.entity.GenericEntity$NullField defines
> compareTo(GenericEntity$NullField) and uses Object.equals()
> This class defines a compareTo(...) method but inherits its equals() method
> from java.lang.Object. Generally, the value of compareTo should return zero
> if and only if equals returns true. If this is violated, weird and
> unpredictable failures will occur in classes such as PriorityQueue. In Java 5
> the PriorityQueue.remove method uses the compareTo method, while in Java 6 it
> uses the equals method.
> From the JavaDoc for the compareTo method in the Comparable interface:
> It is strongly recommended, but not strictly required that
> (x.compareTo(y)==0) == (x.equals(y)). Generally speaking, any class that
> implements the Comparable interface and violates this condition should
> clearly indicate this fact. The recommended language is "Note: this class has
> a natural ordering that is inconsistent with equals."
> GenericPK.java:32, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.entity.GenericPK is Serializable; consider declaring
> a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> GenericPK.java:64, HE_EQUALS_NO_HASHCODE
> - HE: org.apache.ofbiz.entity.GenericPK defines equals but not hashCode
> This class overrides equals(Object), but does not override hashCode().
> Therefore, the class may violate the invariant that equal objects must have
> equal hashcodes.
> GenericPK.java:75, CN_IDIOM_NO_SUPER_CALL
> - CN: org.apache.ofbiz.entity.GenericPK.clone() does not call super.clone()
> This non-final class defines a clone() method that does not call
> super.clone(). If this class ("A") is extended by a subclass ("B"), and the
> subclass B calls super.clone(), then it is likely that B's clone() method
> will return an object of type A, which violates the standard contract for
> clone().
> If all clone() methods call super.clone(), then they are guaranteed to use
> Object.clone(), which always returns an object of the correct type.
> GenericValue.java:33, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.entity.GenericValue is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> GenericValue.java:220, HE_EQUALS_NO_HASHCODE
> - HE: org.apache.ofbiz.entity.GenericValue defines equals but not hashCode
> This class overrides equals(Object), but does not override hashCode().
> Therefore, the class may violate the invariant that equal objects must have
> equal hashcodes.
> GenericValue.java:231, CN_IDIOM_NO_SUPER_CALL
> - CN: org.apache.ofbiz.entity.GenericValue.clone() does not call super.clone()
> This non-final class defines a clone() method that does not call
> super.clone(). If this class ("A") is extended by a subclass ("B"), and the
> subclass B calls super.clone(), then it is likely that B's clone() method
> will return an object of type A, which violates the standard contract for
> clone().
> If all clone() methods call super.clone(), then they are guaranteed to use
> Object.clone(), which always returns an object of the correct type.
> GenericValue.java:234, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.entity.GenericValue$NullGenericValue is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> GenericValue.java:246, DMI_INVOKING_TOSTRING_ON_ARRAY
> - USELESS_STRING: Invocation of toString on Thread.getStackTrace() in
> org.apache.ofbiz.entity.GenericValue.getStackTraceAsString()
> The code invokes toString on an array, which will generate a fairly useless
> result such as [C@16f0472. Consider using Arrays.toString to convert the
> array into a readable String that gives the contents of the array. See
> Programming Puzzlers, chapter 3, puzzle 12.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
