[
https://issues.apache.org/jira/browse/OFBIZ-10061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl reassigned OFBIZ-10061:
-------------------------------------
Assignee: Michael Brohl
> [FB] Package org.apache.ofbiz.service.jms
> -----------------------------------------
>
> Key: OFBIZ-10061
> URL: https://issues.apache.org/jira/browse/OFBIZ-10061
> Project: OFBiz
> Issue Type: Sub-task
> Components: ALL APPLICATIONS, ALL COMPONENTS
> Affects Versions: Trunk
> Reporter: Julian Leichert
> Assignee: Michael Brohl
> Priority: Minor
> Attachments: OFBIZ-No_org.apache.ofbiz.service.jms_bugfixes.patch
>
>
> JmsListenerFactory.java:47, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.service.jms.JmsListenerFactory.listeners isn't final
> but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> JmsListenerFactory.java:48, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.service.jms.JmsListenerFactory.servers isn't final but
> should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> JmsListenerFactory.java:74, SC_START_IN_CTOR
> - SC: new org.apache.ofbiz.service.jms.JmsListenerFactory(Delegator) invokes
> Thread.start()
> The constructor starts a thread. This is likely to be wrong if the class is
> ever extended/subclassed, since the thread will be started before the
> subclass constructor is started.
> JmsListenerFactory.java:126, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.service.jms.JmsListenerFactory.loadListeners()
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> JmsListenerFactory.java:160, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.service.jms.JmsListenerFactory.loadListener(String, Server)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> JmsServiceEngine.java:97, REC_CATCH_EXCEPTION, Priorität: Niedrig
> REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.service.jms.JmsServiceEngine.makeMessage(Session,
> ModelService, Map)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> JmsServiceEngine.java:269, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of clientId, which is known to be non-null in
> org.apache.ofbiz.service.jms.JmsServiceEngine.runXaQueue(ModelService, Map,
> Element)
> This method contains a redundant check of a known non-null value against the
> constant null.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
