Julian Leichert created OFBIZ-10061:
---------------------------------------
Summary: [FB] Package org.apache.ofbiz.service.jms
Key: OFBIZ-10061
URL: https://issues.apache.org/jira/browse/OFBIZ-10061
Project: OFBiz
Issue Type: Sub-task
Affects Versions: Trunk
Reporter: Julian Leichert
Priority: Minor
JmsListenerFactory.java:47, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.service.jms.JmsListenerFactory.listeners isn't final but
should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
JmsListenerFactory.java:48, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.service.jms.JmsListenerFactory.servers isn't final but
should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
JmsListenerFactory.java:74, SC_START_IN_CTOR
- SC: new org.apache.ofbiz.service.jms.JmsListenerFactory(Delegator) invokes
Thread.start()
The constructor starts a thread. This is likely to be wrong if the class is
ever extended/subclassed, since the thread will be started before the subclass
constructor is started.
JmsListenerFactory.java:126, REC_CATCH_EXCEPTION
- REC: Exception is caught when Exception is not thrown in
org.apache.ofbiz.service.jms.JmsListenerFactory.loadListeners()
This method uses a try-catch block that catches Exception objects, but
Exception is not thrown within the try block, and RuntimeException is not
explicitly caught. It is a common bug pattern to say try { ... } catch
(Exception e) { something } as a shorthand for catching a number of types of
exception each of whose catch blocks is identical, but this construct also
accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that
are thrown, or to explicitly catch RuntimeException exception, rethrow it, and
then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
JmsListenerFactory.java:160, REC_CATCH_EXCEPTION
- REC: Exception is caught when Exception is not thrown in
org.apache.ofbiz.service.jms.JmsListenerFactory.loadListener(String, Server)
This method uses a try-catch block that catches Exception objects, but
Exception is not thrown within the try block, and RuntimeException is not
explicitly caught. It is a common bug pattern to say try { ... } catch
(Exception e) { something } as a shorthand for catching a number of types of
exception each of whose catch blocks is identical, but this construct also
accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that
are thrown, or to explicitly catch RuntimeException exception, rethrow it, and
then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
JmsServiceEngine.java:97, REC_CATCH_EXCEPTION, Priorität: Niedrig
REC: Exception is caught when Exception is not thrown in
org.apache.ofbiz.service.jms.JmsServiceEngine.makeMessage(Session,
ModelService, Map)
This method uses a try-catch block that catches Exception objects, but
Exception is not thrown within the try block, and RuntimeException is not
explicitly caught. It is a common bug pattern to say try { ... } catch
(Exception e) { something } as a shorthand for catching a number of types of
exception each of whose catch blocks is identical, but this construct also
accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that
are thrown, or to explicitly catch RuntimeException exception, rethrow it, and
then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
JmsServiceEngine.java:269, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of clientId, which is known to be non-null in
org.apache.ofbiz.service.jms.JmsServiceEngine.runXaQueue(ModelService, Map,
Element)
This method contains a redundant check of a known non-null value against the
constant null.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
