[jira] [Comment Edited] (OFBIZ-12386) Fix some bugs Spotbugs reports

Sat, 11 Dec 2021 07:28:05 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457634#comment-17457634
 ] 

Jacques Le Roux edited comment on OFBIZ-12386 at 12/11/21, 3:27 PM:
--------------------------------------------------------------------

Commit 4de3a37c5463da0d2c9a6367bbbbf929b58a9af6 in ofbiz-framework's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=4de3a37 ]

Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)

In ProposedOrder::calculateStartDate and TimeDuration::TimeDuration better use a
long directly (efficiency)

In ConfigXMLReader, removes unused getViewMap method

In ServiceArtifactInfo, some formatting and in writeServiceCallGraphEoModel
method add missing <<if (calledServiceSet != null) {>>

Adds and documents false positives in exclude.xml.
Remains 14 issues, I'll document them in the Jira and 'll later discuss them
on dev ML (committers attention needed). None of them are security issues :)

{noformat}
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/GenericMapValues.java:49
 org.apache.ofbiz.base.util.collections.GenericMapValues.equals(Object) checks 
for operand being a java.util.List [Finding(14), High confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/GenericMapValues.java:49
 org.apache.ofbiz.base.util.collections.GenericMapValues.equals(Object) checks 
for operand being a java.util.Set [Troubling(14), High confidence]
framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java:875
 A method call in new org.apache.ofbiz.widget.renderer.macro. 
MacroFormRendererTest$36(MacroFormRendererTest, ModelForm) passes null to an 
unconditionally dereferenced parameter in 
org.apache.ofbiz.webapp.control.RequestHandler.makeLink(HttpServletRequest, 
HttpServletResponse, String) [Scary(8), Normal confidence]
framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java:848
 A method call in new org.apache.ofbiz.widget.renderer.macro. 
MacroFormRendererTest$35(MacroFormRendererTest, ModelForm) passes null to an 
unconditionally dereferenced parameter in 
org.apache.ofbiz.webapp.control.RequestHandler.makeLink(HttpServletRequest, 
HttpServletResponse, String) [Scary(8), Normal confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/cache/CacheSoftReference.java:29
 org.apache.ofbiz.base.util.cache.CacheSoftReference is Serializable but its 
superclass has no visible default constructor [Troubling(14), High confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/FlexibleServletAccessor.java:193
 org.apache.ofbiz.base.util.collections.FlexibleServletAccessor.equals(Object) 
checks for operand being a String [Troubling(14), High confidence]

framework/service/src/main/java/org/apache/ofbiz/service/test/XmlRpcTests.java:47
 Write a static field org.apache.ofbiz.service.test.XmlRpcTests.url from the 
method of a new org.apache.ofbiz.service.test.XmlRpcTests(String) instance [Of 
Concern(15), High confidence]
plugins/rest-api/src/main/java/org/apache/ofbiz/ws/rs/listener/ApiContextListener.java:38
 Write a static field org.apache.ofbiz.ws.rs.listener.ApiContextListener. 
servletContext from the method of an 
org.apache.ofbiz.ws.rs.listener.ApiContextListener.contextInitialized(ServletContextEvent)
 instance [Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java:91
 Immediate deferencing of the result of a readLine() in 
org.apache.ofbiz.ldap.cas.OFBizCasAuthenticationHandler.login(HttpServletRequest,
 HttpServletResponse, Element) [Of Concern(15), Normal confidence]
plugins/pricat/src/main/java/org/apache/ofbiz/htmlreport/AbstractReportThread.java:160
 Never written field: org.apache.ofbiz.htmlreport.AbstractReportThread.report 
[Troubling(12), Normal confidence]
plugins/ecommerce/src/main/java/org/apache/ofbiz/ecommerce/janrain/JanrainHelper.java:72
 Writing a static field 
org.apache.ofbiz.ecommerce.janrain.JanrainHelper.baseUrl from the method of an 
instance new org.apache.ofbiz.ecommerce.janrain.JanrainHelper(String, String) 
[Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/activedirectory/OFBizActiveDirectoryAuthenticationHandler.java:110
 Lossy feeding of a local variable into the method 
org.apache.ofbiz.ldap.activedirectory.OFBizActiveDirectoryAuthenticationHandler.getLdapSearchResult(String,
 String, Element, boolean) [Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/openldap/OFBizLdapAuthenticationHandler.java:95
 Lossy feeding of a local variable into 
org.apache.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler.getLdapSearchResult(String,
 String, Element, boolean) [Of Concern(15), High confidence]
plugins/ecommerce/src/main/java/org/apache/ofbiz/ecommerce/janrain/JanrainHelper.java:71
 Write a static field org.apache.ofbiz.ecommerce.janrain.JanrainHelper.apiKey 
from the method of a new instance 
org.apache.ofbiz.ecommerce.janrain.JanrainHelper(String, String) [Of 
Concern(15), High confidence]
{noformat}



was (Author: jira-bot):
Commit 4de3a37c5463da0d2c9a6367bbbbf929b58a9af6 in ofbiz-framework's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=4de3a37 ]

Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)

In ProposedOrder::calculateStartDate and TimeDuration::TimeDuration better use a
long directly (efficiency)

In ConfigXMLReader, removes unused getViewMap method

In ServiceArtifactInfo, some formatting and in writeServiceCallGraphEoModel
method add missing <<if (calledServiceSet != null) {>>

Adds and documents false positives in exclude.xml.
Remains 14 issues, I'll document them in the Jira and 'll later discuss them
on dev ML (committers attention needed). None of them are security issues :)

Sorry in French for now:

{noformat}
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/GenericMapValues.java:49
 org.apache.ofbiz.base.util.collections.GenericMapValues.equals(Object) checks 
for operand being a java.util.List [Finding(14), High confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/GenericMapValues.java:49
 org.apache.ofbiz.base.util.collections.GenericMapValues.equals(Object) checks 
for operand being a java.util.Set [Troubling(14), High confidence]
framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java:875
 A method call in new org.apache.ofbiz.widget.renderer.macro. 
MacroFormRendererTest$36(MacroFormRendererTest, ModelForm) passes null to an 
unconditionally dereferenced parameter in 
org.apache.ofbiz.webapp.control.RequestHandler.makeLink(HttpServletRequest, 
HttpServletResponse, String) [Scary(8), Normal confidence]
framework/widget/src/test/java/org/apache/ofbiz/widget/renderer/macro/MacroFormRendererTest.java:848
 A method call in new org.apache.ofbiz.widget.renderer.macro. 
MacroFormRendererTest$35(MacroFormRendererTest, ModelForm) passes null to an 
unconditionally dereferenced parameter in 
org.apache.ofbiz.webapp.control.RequestHandler.makeLink(HttpServletRequest, 
HttpServletResponse, String) [Scary(8), Normal confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/cache/CacheSoftReference.java:29
 org.apache.ofbiz.base.util.cache.CacheSoftReference is Serializable but its 
superclass has no visible default constructor [Troubling(14), High confidence]
framework/base/src/main/java/org/apache/ofbiz/base/util/collections/FlexibleServletAccessor.java:193
 org.apache.ofbiz.base.util.collections.FlexibleServletAccessor.equals(Object) 
checks for operand being a String [Troubling(14), High confidence]

framework/service/src/main/java/org/apache/ofbiz/service/test/XmlRpcTests.java:47
 Write a static field org.apache.ofbiz.service.test.XmlRpcTests.url from the 
method of a new org.apache.ofbiz.service.test.XmlRpcTests(String) instance [Of 
Concern(15), High confidence]
plugins/rest-api/src/main/java/org/apache/ofbiz/ws/rs/listener/ApiContextListener.java:38
 Write a static field org.apache.ofbiz.ws.rs.listener.ApiContextListener. 
servletContext from the method of an 
org.apache.ofbiz.ws.rs.listener.ApiContextListener.contextInitialized(ServletContextEvent)
 instance [Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java:91
 Immediate deferencing of the result of a readLine() in 
org.apache.ofbiz.ldap.cas.OFBizCasAuthenticationHandler.login(HttpServletRequest,
 HttpServletResponse, Element) [Of Concern(15), Normal confidence]
plugins/pricat/src/main/java/org/apache/ofbiz/htmlreport/AbstractReportThread.java:160
 Never written field: org.apache.ofbiz.htmlreport.AbstractReportThread.report 
[Troubling(12), Normal confidence]
plugins/ecommerce/src/main/java/org/apache/ofbiz/ecommerce/janrain/JanrainHelper.java:72
 Writing a static field 
org.apache.ofbiz.ecommerce.janrain.JanrainHelper.baseUrl from the method of an 
instance new org.apache.ofbiz.ecommerce.janrain.JanrainHelper(String, String) 
[Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/activedirectory/OFBizActiveDirectoryAuthenticationHandler.java:110
 Lossy feeding of a local variable into the method 
org.apache.ofbiz.ldap.activedirectory.OFBizActiveDirectoryAuthenticationHandler.getLdapSearchResult(String,
 String, Element, boolean) [Of Concern(15), High confidence]
plugins/ldap/src/main/java/org/apache/ofbiz/ldap/openldap/OFBizLdapAuthenticationHandler.java:95
 Lossy feeding of a local variable into 
org.apache.ofbiz.ldap.openldap.OFBizLdapAuthenticationHandler.getLdapSearchResult(String,
 String, Element, boolean) [Of Concern(15), High confidence]
plugins/ecommerce/src/main/java/org/apache/ofbiz/ecommerce/janrain/JanrainHelper.java:71
 Write a static field org.apache.ofbiz.ecommerce.janrain.JanrainHelper.apiKey 
from the method of a new instance 
org.apache.ofbiz.ecommerce.janrain.JanrainHelper(String, String) [Of 
Concern(15), High confidence]
{noformat}


> Fix some bugs Spotbugs reports
> ------------------------------
>
>                 Key: OFBIZ-12386
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12386
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to