[
https://issues.apache.org/jira/browse/OFBIZ-9859?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl closed OFBIZ-9859.
--------------------------------
Resolution: Implemented
Fix Version/s: Upcoming Release
The remaining checkConditions part will be handled later in another issue.
> [FB] Package org.apache.ofbiz.content.content
> ---------------------------------------------
>
> Key: OFBIZ-9859
> URL: https://issues.apache.org/jira/browse/OFBIZ-9859
> Project: OFBiz
> Issue Type: Sub-task
> Components: content
> Affects Versions: Trunk
> Reporter: Dennis Balkir
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: Upcoming Release
>
> Attachments:
> OFBIZ-9859_org.apache.ofbiz.content.content_bugfixes.patch
>
>
> --- ContentKeywordIndex.java:59, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of delegator, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentKeywordIndex.indexKeywords(GenericValue,
> boolean)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentKeywordIndex.java:73, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.ContentKeywordIndex.indexKeywords(GenericValue,
> boolean)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentMapFacade.java:54, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can
> be changed by malicious code or by accident from another package. The field
> could be made package protected to avoid this vulnerability. Alternatively
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to
> avoid this vulnerability.
> --- ContentMapFacade.java:418, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.ContentMapFacade$Content.get(Object)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentMapFacade.java:451, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.ContentMapFacade$SubContent.get(Object)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentPermissionServices.java:181,
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of entityAction, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
> Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentPermissionServices.java:238,
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of auxGetter, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
> Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentPermissionServices.java:243,
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of roleGetter, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentPermissionServices.checkContentPermission(DispatchContext,
> Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentSearch.java:451, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint
> is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentSearch.java:564, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint
> defines equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and
> inherits the implementation of hashCode() from java.lang.Object (which
> returns the identity hash code, an arbitrary value assigned to the object by
> the VM). Therefore, the class is very likely to violate the invariant that
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> --- ContentSearch.java:564, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for
> org.apache.ofbiz.content.content.ContentSearch$ContentAssocConstraint assumes
> the argument is of type ContentSearch$ContentAssocConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of
> o. It should simply return false if o is not the same type as this.
> --- ContentSearch.java:604, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentSearch.java:685, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for
> org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint assumes the
> argument is of type ContentSearch$KeywordConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of
> o. It should simply return false if o is not the same type as this.
> --- ContentSearch.java:685, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$KeywordConstraint defines
> equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and
> inherits the implementation of hashCode() from java.lang.Object (which
> returns the identity hash code, an arbitrary value assigned to the object by
> the VM). Therefore, the class is very likely to violate the invariant that
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> --- ContentSearch.java:722, SE_NO_SERIALVERSIONID
> SnVI:
> org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentSearch.java:723, EI_EXPOSE_REP2
> EI2: new
> org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint(Timestamp,
> Timestamp) may expose internal representation by storing an externally
> mutable object into ContentSearch$LastUpdatedRangeConstraint.fromDate
> This code stores a reference to an externally mutable object into the
> internal representation of the object. If instances are accessed by
> untrusted code, and unchecked changes to the mutable object would compromise
> security or other important properties, you will need to do something
> different. Storing a copy of the object is better approach in many situations.
> --- ContentSearch.java:724, EI_EXPOSE_REP2
> EI2: new
> org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint(Timestamp,
> Timestamp) may expose internal representation by storing an externally
> mutable object into ContentSearch$LastUpdatedRangeConstraint.thruDate
> This code stores a reference to an externally mutable object into the
> internal representation of the object. If instances are accessed by
> untrusted code, and unchecked changes to the mutable object would compromise
> security or other important properties, you will need to do something
> different. Storing a copy of the object is better approach in many situations.
> --- ContentSearch.java:773, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint
> defines equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and
> inherits the implementation of hashCode() from java.lang.Object (which
> returns the identity hash code, an arbitrary value assigned to the object by
> the VM). Therefore, the class is very likely to violate the invariant that
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> --- ContentSearch.java:773, BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
> BC: Equals method for
> org.apache.ofbiz.content.content.ContentSearch$LastUpdatedRangeConstraint
> assumes the argument is of type ContentSearch$LastUpdatedRangeConstraint
> The equals(Object o) method shouldn't make any assumptions about the type of
> o. It should simply return false if o is not the same type as this.
> --- ContentSearch.java:818, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$SortKeywordRelevancy is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentSearch.java:858, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.content.content.ContentSearch$SortContentField is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentSearchSession.java:46, SE_NO_SERIALVERSIONID
> SnVI:
> org.apache.ofbiz.content.content.ContentSearchSession$ContentSearchOptions is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> --- ContentServices.java:78, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.ContentServices.findRelatedContent(DispatchContext,
> Map)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentServices.java:837, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to subContentDataResourceView in
> org.apache.ofbiz.content.content.ContentServices.renderSubContentAsText(DispatchContext,
> Map)
> This instruction assigns a value to a local variable, but the value is not
> read or used in any subsequent instruction. Often, this indicates an error,
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to
> eliminate these false positives.
> --- ContentServicesComplex.java:232, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to fromDate in
> org.apache.ofbiz.content.content.ContentServicesComplex.getAssocAndContentAndDataResourceCacheMethod(Delegator,
> String, String, String, Timestamp, String, List, List, Boolean, String,
> String)
> This instruction assigns a value to a local variable, but the value is not
> read or used in any subsequent instruction. Often, this indicates an error,
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to
> eliminate these false positives.
> --- ContentUrlFilter.java:55, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to
> javax.servlet.http.HttpServletRequest in
> org.apache.ofbiz.content.content.ContentUrlFilter.doFilter(ServletRequest,
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be
> cast to the type it is being cast to. Check that your program logic ensures
> that this cast will not fail.
> --- ContentUrlFilter.java:56, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletResponse to
> javax.servlet.http.HttpServletResponse in
> org.apache.ofbiz.content.content.ContentUrlFilter.doFilter(ServletRequest,
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be
> cast to the type it is being cast to. Check that your program logic ensures
> that this cast will not fail.
> --- ContentWorker.java:155, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of targetLocaleString, which is known to be non-null
> in
> org.apache.ofbiz.content.content.ContentWorker.findContentForRendering(Delegator,
> String, Locale, String, String, boolean)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentWorker.java:191, RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> RCN: Nullcheck of dispatcher at line 198 of value previously dereferenced in
> org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
> GenericValue, Appendable, Map, Locale, String, boolean, List)
> A value is checked here to see whether it is null, but this value can't be
> null because it was previously dereferenced and if it were null a null
> pointer exception would have occurred at the earlier dereference.
> Essentially, this code and the previous dereference disagree as to whether
> this value is allowed to be null. Either the check is redundant or the
> previous dereference is erroneous.
> --- ContentWorker.java:201, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of service, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
> GenericValue, Appendable, Map, Locale, String, boolean, List)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentWorker.java:292, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of textData, which is known to be non-null in
> org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
> GenericValue, Appendable, Map, Locale, String, boolean, List)
> This method contains a redundant check of a known non-null value against the
> constant null.
> --- ContentWorker.java:305, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.ContentWorker.renderContentAsText(LocalDispatcher,
> GenericValue, Appendable, Map, Locale, String, boolean, List)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- ContentWorker.java:718, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in
> org.apache.ofbiz.content.content.ContentWorker.selectKids(Map, Map)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> --- ContentWorker.java:1119, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in
> org.apache.ofbiz.content.content.ContentWorker.getSubContentCache(Delegator,
> String, String, GenericValue, List, Timestamp, Boolean, String)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> --- ContentWorker.java:1176, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in
> org.apache.ofbiz.content.content.ContentWorker.getCurrentContent(Delegator,
> List, GenericValue, Map, Boolean, String)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> --- ContentWorker.java:1253, NP_NULL_PARAM_DEREF
> NP: Null passed for nonnull parameter of getPurposes(GenericValue) in
> org.apache.ofbiz.content.content.ContentWorker.checkConditions(Delegator,
> Map, Map, Map)
> This method call passes a null value for a non-null method parameter. Either
> the parameter is annotated as a parameter that should always be non-null, or
> analysis has shown that it will always be dereferenced.
> --- ContentWorker.java:1578, WMI_WRONG_MAP_ITERATOR
> WMI: org.apache.ofbiz.content.content.ContentWorker.logMap(StringBuilder,
> String, Map, StringBuilder) makes inefficient use of keySet iterator instead
> of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved
> from a keySet iterator. It is more efficient to use an iterator on the
> entrySet of the map, to avoid the Map.get(key) lookup.
> --- PermissionRecorder.java:53, MS_PKGPROTECT
> MS: org.apache.ofbiz.content.content.PermissionRecorder.opFields should be
> package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> --- PermissionRecorder.java:54, MS_PKGPROTECT
> MS: org.apache.ofbiz.content.content.PermissionRecorder.fieldTitles should be
> package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> --- PermissionRecorder.java:93, EI_EXPOSE_REP
> EI:
> org.apache.ofbiz.content.content.PermissionRecorder.getContentPurposeOperations()
> may expose internal representation by returning
> PermissionRecorder.contentPurposeOperations
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> --- PermissionRecorder.java:109, EI_EXPOSE_REP
> EI: org.apache.ofbiz.content.content.PermissionRecorder.getStatusTargets()
> may expose internal representation by returning
> PermissionRecorder.statusTargets
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> --- PermissionRecorder.java:117, EI_EXPOSE_REP
> EI: org.apache.ofbiz.content.content.PermissionRecorder.getTargetOperations()
> may expose internal representation by returning
> PermissionRecorder.targetOperations
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> --- PermissionRecorder.java:287, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.content.content.PermissionRecorder.renderResultRowHtml(Map,
> Map)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> --- UploadContentAndImage.java:315, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentAndImage(HttpServletRequest,
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> --- UploadContentAndImage.java:353, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to imageBytes in
> org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentStuff(HttpServletRequest,
> HttpServletResponse)
> This instruction assigns a value to a local variable, but the value is not
> read or used in any subsequent instruction. Often, this indicates an error,
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to
> eliminate these false positives.
> --- UploadContentAndImage.java:401, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.content.content.UploadContentAndImage.uploadContentStuff(HttpServletRequest,
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> --- UploadContentAndImage.java:531, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to ftlResults in
> org.apache.ofbiz.content.content.UploadContentAndImage.processContentUpload(Map,
> String, HttpServletRequest)
> This instruction assigns a value to a local variable, but the value is not
> read or used in any subsequent instruction. Often, this indicates an error,
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to
> eliminate these false positives.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
