[ https://issues.apache.org/jira/browse/OFBIZ-9815?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brohl reassigned OFBIZ-9815: ------------------------------------ Assignee: Michael Brohl > [FB] Package org.apache.ofbiz.content.webapp.ftl > ------------------------------------------------ > > Key: OFBIZ-9815 > URL: https://issues.apache.org/jira/browse/OFBIZ-9815 > Project: OFBiz > Issue Type: Sub-task > Components: content > Affects Versions: Trunk > Reporter: Julian Leichert > Assignee: Michael Brohl > Priority: Minor > Attachments: > OFBIZ-9815_org.apache.ofbiz.content.webapp.ftl_bugfixes.patch > > > CheckPermissionTransform.java:56, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > CheckPermissionTransform.java:99, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.CheckPermissionTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > EditRenderSubContentCacheTransform.java:52, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > EditRenderSubContentCacheTransform.java:131, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1 > could be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > EditRenderSubContentCacheTransform.java:163, WMI_WRONG_MAP_ITERATOR > - WMI: > org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close() > makes inefficient use of keySet iterator instead of entrySet iterator > This method accesses the value of a Map entry, using a key that was retrieved > from a keySet iterator. It is more efficient to use an iterator on the > entrySet of the map, to avoid the Map.get(key) lookup. > EditRenderSubContentCacheTransform.java:171, NP_LOAD_OF_KNOWN_NULL_VALUE > - NP: Load of known null value in > org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentCacheTransform$1.close() > The variable referenced at this point is known to be null due to an earlier > check against null. Although this is valid, it might be a mistake (perhaps > you intended to refer to a different variable, or perhaps the earlier check > to see if the variable is null should have been a check to see if it was > non-null). > EditRenderSubContentTransform.java:163, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.EditRenderSubContentTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > InjectNodeTrailCsvTransform.java:49, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > InjectNodeTrailCsvTransform.java:50, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform.removeKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > InjectNodeTrailCsvTransform.java:87, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.InjectNodeTrailCsvTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > LimitedSubContentCacheTransform.java:59, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > LimitedSubContentCacheTransform.java:60, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > LimitedSubContentCacheTransform.java:156, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1 could > be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > LimitedSubContentCacheTransform.java:226, DLS_DEAD_LOCAL_STORE > - DLS: Dead store to locale in > org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator, > Map, Environment, GenericValue) > This instruction assigns a value to a local variable, but the value is not > read or used in any subsequent instruction. Often, this indicates an error, > because the value computed is never used. > Note that Sun's javac compiler often generates dead stores for final local > variables. Because FindBugs is a bytecode-based tool, there is no easy way to > eliminate these false positives. > LimitedSubContentCacheTransform.java:229, NP_LOAD_OF_KNOWN_NULL_VALUE > - NP: Load of known null value in > org.apache.ofbiz.content.webapp.ftl.LimitedSubContentCacheTransform$1.prepCtx(Delegator, > Map, Environment, GenericValue) > The variable referenced at this point is known to be null due to an earlier > check against null. Although this is valid, it might be a mistake (perhaps > you intended to refer to a different variable, or perhaps the earlier check > to see if the variable is null should have been a check to see if it was > non-null). > LoopSubContentTransform.java:56, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > LoopSubContentTransform.java:57, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform.removeKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > LoopSubContentTransform.java:189, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.LoopSubContentTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderContentAndSubContent.java:61, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.RenderContentAndSubContent$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderContentAsText.java:55, MS_PKGPROTECT > - MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RenderContentAsText.java:56, MS_PKGPROTECT > - MS: org.apache.ofbiz.content.webapp.ftl.RenderContentAsText.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RenderContentAsText.java:84, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentAsText$1 > could be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderContentTransform.java:66, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderContentTransform$1 > could be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderSubContentAsText.java:51, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RenderSubContentAsText.java:52, MS_PKGPROTECT > - MS: org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RenderSubContentAsText.java:83, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class org.apache.ofbiz.content.webapp.ftl.RenderSubContentAsText$1 > could be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderSubContentCacheTransform.java:55, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > RenderSubContentCacheTransform.java:113, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderSubContentCacheTransform.java:198, NP_LOAD_OF_KNOWN_NULL_VALUE > - NP: Load of known null value in > org.apache.ofbiz.content.webapp.ftl.RenderSubContentCacheTransform$1.closeEditWrap(Writer, > String) > The variable referenced at this point is known to be null due to an earlier > check against null. Although this is valid, it might be a mistake (perhaps > you intended to refer to a different variable, or perhaps the earlier check > to see if the variable is null should have been a check to see if it was > non-null). > RenderSubContentTransform.java:107, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > RenderSubContentTransform.java:141, UCF_USELESS_CONTROL_FLOW > - UCF: Useless control flow in > org.apache.ofbiz.content.webapp.ftl.RenderSubContentTransform$1.renderSubContent() > This method contains a useless control flow statement, where control flow > continues onto the same place regardless of whether or not the branch is > taken. For example, this is caused by having an empty statement block for an > if statement: > if (argv.length == 0) { > // TODO: handle this case > } > TraverseSubContentCacheTransform.java:52, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > TraverseSubContentCacheTransform.java:53, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > TraverseSubContentCacheTransform.java:135, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1 could > be refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > TraverseSubContentCacheTransform.java:235, NP_NULL_ON_SOME_PATH > - NP: Possible null pointer dereference of contentIdStart in > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentCacheTransform$1.populateContext(Map, > Map) > There is a branch of statement that, if executed, guarantees that a null > value will be dereferenced, which would generate a NullPointerException when > the code is executed. Of course, the problem might be that the branch or > statement is infeasible and that the null pointer exception can't ever be > executed; deciding that is beyond the ability of FindBugs. > TraverseSubContentTransform.java:55, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > TraverseSubContentTransform.java:56, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform.removeKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > TraverseSubContentTransform.java:143, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.TraverseSubContentTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > WrapSubContentCacheTransform.java:52, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.upSaveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > WrapSubContentCacheTransform.java:53, MS_PKGPROTECT > - MS: > org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform.saveKeyNames > should be package protected > A mutable static field could be changed by malicious code or by accident. The > field could be made package protected to avoid this vulnerability. > WrapSubContentCacheTransform.java:142, SIC_INNER_SHOULD_BE_STATIC_ANON > - SIC: The class > org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1 could be > refactored into a named _static_ inner class > This class is an inner class, but does not use its embedded reference to the > object which created it. This reference makes the instances of the class > larger, and may keep the reference to the creator object alive longer than > necessary. If possible, the class should be made into a static inner class. > Since anonymous inner classes cannot be marked as static, doing this will > require refactoring the inner class so that it is a named inner class. > WrapSubContentCacheTransform.java:176, NP_LOAD_OF_KNOWN_NULL_VALUE > - NP: Load of known null value in > org.apache.ofbiz.content.webapp.ftl.WrapSubContentCacheTransform$1.close() > The variable referenced at this point is known to be null due to an earlier > check against null. Although this is valid, it might be a mistake (perhaps > you intended to refer to a different variable, or perhaps the earlier check > to see if the variable is null should have been a check to see if it was > non-null). -- This message was sent by Atlassian JIRA (v6.4.14#64029)