[jira] [Commented] (OFBIZ-12386) Fix some bugs SpotBugs reports

Sun, 26 Dec 2021 05:53:05 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12386?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17465379#comment-17465379
 ] 

ASF subversion and git services commented on OFBIZ-12386:
---------------------------------------------------------

Commit 06092ae0afd37c6855e6b13f2c9ea48c0d2e7251 in ofbiz-framework's branch 
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=06092ae ]

Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)

As advised by SpotBugs:

<<This code creates a java.util.Random object, uses it to generate one random
number, and then discards the Random object. This produces mediocre quality
random numbers and is inefficient. If possible, rewrite the code so that the
Random object is created once and saved, and each time a new random number is
required invoke a method on the existing Random object to obtain it.

If it is important that the generated Random numbers not be guessable, you must
not create a new Random for each random number; the values are too easily
guessable. You should strongly consider using a java.security.SecureRandom
instead (and avoid allocating a new SecureRandom for each random number needed).

Rank: Troubling (14), confidence: High
Pattern: DMI_RANDOM_USED_ONLY_ONCE
Type: DMI, Category: BAD_PRACTICE (Bad practice)>>

uses <<private static final SecureRandom SECURE_RANDOM = new SecureRandom();>>
in classes:
PaymentGatewayServices
ValueLinkApi
ContactMechServices
ProductStoreWorker
DesCrypt
HashCrypt
EntityCrypto
ContextFilter.java

Despite doing so SpotButs still reports the same error for those classes.
As it's obviously an error I prefer to not excludes those cases that will maybe
not be reported in a future version of SpotButs in Eclipse. For instance they
are not reported at all in previous version (4.5.1) but are in 4.5.2


> Fix some bugs SpotBugs reports
> ------------------------------
>
>                 Key: OFBIZ-12386
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12386
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
>




--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to