[
https://issues.apache.org/jira/browse/OFBIZ-10837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-10837:
------------------------------------
Description:
As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1],
a code smell in Findbugs[2]) when extending to use the same name than the
extended Object.[3]
[1]
[https://sbforge.org/sonar/rules/show/findbugs:NM_SAME_SIMPLE_NAME_AS_SUPERCLASS?layout=false]
[2] [https://logging.apache.org/log4j/log4j-2.2/log4j-jul/findbugs.html]
[3] Bug: The class name org.apache.ofbiz.base.util.ObjectInputStream shadows
the simple name of the superclass java.io.ObjectInputStream
This class has a simple name that is identical to that of its superclass,
except that its superclass is in a different package (e.g., alpha.Foo extends
beta.Foo). This can be exceptionally confusing, create lots of situations in
which you have to look at import statements to resolve references and creates
many opportunities to accidentally define methods that do not override methods
in their superclasses.
Rank: Troubling (14), confidence: High
Pattern: NM_SAME_SIMPLE_NAME_AS_SUPERCLASS
Type: Nm, Category: BAD_PRACTICE (Bad practice)
{color:#de350b}2019/09/12: Initiallty this description was intentionnaly done
to somehow hide a security issue (CVE-2019-0189) while allowing to fix the
bug.{color}
was:
As reported by FindBugs and Sonar, it's troubling (a Bad practice in Sonar[1],
a code smell in Findbugs[2]) when extending to use the same name than the
extended Object.[3]
[1]
[https://sbforge.org/sonar/rules/show/findbugs:NM_SAME_SIMPLE_NAME_AS_SUPERCLASS?layout=false]
[2] [https://logging.apache.org/log4j/log4j-2.2/log4j-jul/findbugs.html]
[3] Bug: The class name org.apache.ofbiz.base.util.ObjectInputStream shadows
the simple name of the superclass java.io.ObjectInputStream
This class has a simple name that is identical to that of its superclass,
except that its superclass is in a different package (e.g., alpha.Foo extends
beta.Foo). This can be exceptionally confusing, create lots of situations in
which you have to look at import statements to resolve references and creates
many opportunities to accidentally define methods that do not override methods
in their superclasses.
Rank: Troubling (14), confidence: High
Pattern: NM_SAME_SIMPLE_NAME_AS_SUPERCLASS
Type: Nm, Category: BAD_PRACTICE (Bad practice)
> Improve ObjectInputStream class
> -------------------------------
>
> Key: OFBIZ-10837
> URL: https://issues.apache.org/jira/browse/OFBIZ-10837
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: Release Branch 16.11, Release Branch 17.12, Release
> Branch 18.12
> Reporter: Jacques Le Roux
> Assignee: Jacques Le Roux
> Priority: Major
> Fix For: 17.12.01, 16.11.06, 18.12.01
>
>
> As reported by FindBugs and Sonar, it's troubling (a Bad practice in
> Sonar[1], a code smell in Findbugs[2]) when extending to use the same name
> than the extended Object.[3]
> [1]
> [https://sbforge.org/sonar/rules/show/findbugs:NM_SAME_SIMPLE_NAME_AS_SUPERCLASS?layout=false]
> [2] [https://logging.apache.org/log4j/log4j-2.2/log4j-jul/findbugs.html]
> [3] Bug: The class name org.apache.ofbiz.base.util.ObjectInputStream shadows
> the simple name of the superclass java.io.ObjectInputStream
> This class has a simple name that is identical to that of its superclass,
> except that its superclass is in a different package (e.g., alpha.Foo extends
> beta.Foo). This can be exceptionally confusing, create lots of situations in
> which you have to look at import statements to resolve references and creates
> many opportunities to accidentally define methods that do not override
> methods in their superclasses.
> Rank: Troubling (14), confidence: High
> Pattern: NM_SAME_SIMPLE_NAME_AS_SUPERCLASS
> Type: Nm, Category: BAD_PRACTICE (Bad practice)
> {color:#de350b}2019/09/12: Initiallty this description was intentionnaly done
> to somehow hide a security issue (CVE-2019-0189) while allowing to fix the
> bug.{color}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
