[
https://issues.apache.org/jira/browse/OFBIZ-9539?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16289353#comment-16289353
]
Michael Brohl commented on OFBIZ-9539:
--------------------------------------
Yes, we thought about the same but there was a reason not to do it. [~Dennis
Balkir]?
> [FB] Package org.apache.ofbiz.accounting.thirdparty.paypal
> ----------------------------------------------------------
>
> Key: OFBIZ-9539
> URL: https://issues.apache.org/jira/browse/OFBIZ-9539
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Trunk
> Reporter: Kyra Pritzel-Hentley
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9539.patch,
> OFBIZ-9539_org.apache.ofbiz.accounting.thirdparty.paypal_bugfixes.patch
>
>
> PayPalEvents.java:236, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in
> org.apache.ofbiz.accounting.thirdparty.paypal.PayPalEvents.payPalIPN(HttpServletRequest,
> HttpServletResponse): new java.io.PrintWriter(OutputStream)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> PayPalEvents.java:240, OS_OPEN_STREAM_EXCEPTION_PATH
> * OS:
> org.apache.ofbiz.accounting.thirdparty.paypal.PayPalEvents.payPalIPN(HttpServletRequest,
> HttpServletResponse) may fail to close stream on exception
> The method creates an IO stream object, does not assign it to any fields,
> pass it to other methods, or return it, and does not appear to close it on
> all possible exception paths out of the method. This may result in a file
> descriptor leak. It is generally a good idea to use a finally block to
> ensure that streams are closed.
> PayPalEvents.java:240, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in
> org.apache.ofbiz.accounting.thirdparty.paypal.PayPalEvents.payPalIPN(HttpServletRequest,
> HttpServletResponse): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to
> byte) conversion, and will assume that the default platform encoding is
> suitable. This will cause the application behaviour to vary between
> platforms. Use an alternative API and specify a charset name or Charset
> object explicitly.
> PayPalEvents.java:343, 393 RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT
> * Return value of method without side effect is ignored
> This code calls a method and ignores the return value. However our analysis
> shows that the method (including its implementations in subclasses if any)
> does not produce any effect other than return value. Thus this call can be
> removed.
> PayPalEvents.java:493, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of results in
> org.apache.ofbiz.accounting.thirdparty.paypal.PayPalEvents.setPaymentPreference(LocalDispatcher,
> GenericValue, GenericValue, HttpServletRequest)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
