[
https://issues.apache.org/jira/browse/OFBIZ-9638?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17610628#comment-17610628
]
ASF subversion and git services commented on OFBIZ-9638:
--------------------------------------------------------
Commit d40dda87fdc78a2f1c0e340f93ff79cf4164172c in ofbiz-framework's branch
refs/heads/trunk from Jacques Le Roux
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=d40dda87fd ]
Fixed: [FB] Package org.apache.ofbiz.service (OFBIZ-9638)
I'm not sure how this error, found in stable demo log, can happen and I don't
want to dig deeper, so using a simple check.
2022-09-28 14:41:36,969 |7.0.0.1-18009-exec-7 |ScriptUtil
|W| Error running script at location
[component://webtools/groovyScripts/service/Services.groovy]:
java.lang.NullPointerException
java.lang.NullPointerException: null
at org.apache.ofbiz.service.RunningService.getEndStamp(RunningService.java:63)
I fixed both cases (end and start) but it seems it's only end that's the pb.
So I guess setEndStamp is not called sometimes in ServiceDispatcher::runSync
Note that it seems nothing bad happens except a trace in log
> [FB] Package org.apache.ofbiz.service
> -------------------------------------
>
> Key: OFBIZ-9638
> URL: https://issues.apache.org/jira/browse/OFBIZ-9638
> Project: OFBiz
> Issue Type: Sub-task
> Components: framework
> Affects Versions: Trunk
> Reporter: Dennis Balkir
> Assignee: Michael Brohl
> Priority: Minor
> Fix For: 17.12.01
>
> Attachments: OFBIZ-9638_org.apache.ofbiz.service_bugfixes.patch
>
>
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.loader is transient
> but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class,
> thus it seems to be part of the state of the class. However, since the field
> is marked as transient and not set in readObject or readResolve, it will
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.dispatcher is
> transient but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class,
> thus it seems to be part of the state of the class. However, since the field
> is marked as transient and not set in readObject or readResolve, it will
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:56, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.DispatchContext is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - DispatchContext.java:209, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in
> org.apache.ofbiz.service.DispatchContext.getModelService(String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - DispatchContext.java:273, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in
> org.apache.ofbiz.service.DispatchContext.getGlobalServiceMap()
> This method contains a redundant check of a known non-null value against the
> constant null.
> - GeneralServiceException.java:63, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of
> org.apache.ofbiz.base.util.GeneralException.getNested(), which is known to be
> non-null in
> org.apache.ofbiz.service.GeneralServiceException.returnError(String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - GenericAbstractDispatcher.java:86, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in
> org.apache.ofbiz.service.GenericAbstractDispatcher.schedule(String, String,
> String, Map, long, int, int, int, long, int)
> This method uses a try-catch block that catches Exception objects, but
> Exception is not thrown within the try block, and RuntimeException is not
> explicitly caught. It is a common bug pattern to say try { ... } catch
> (Exception e) { something } as a shorthand for catching a number of types of
> exception each of whose catch blocks is identical, but this construct also
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that
> are thrown, or to explicitly catch RuntimeException exception, rethrow it,
> and then catch all non-Runtime Exceptions, as shown below:
> try {
> ...
> } catch (RuntimeException e) {
> throw e;
> } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
> }
> - GenericDispatcherFactory.java:32, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled should be
> package protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> - GenericDispatcherFactory.java:49, SIC_INNER_SHOULD_BE_STATIC
> SIC: Should
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher be a
> _static_ inner class?
> This class is an inner class, but does not use its embedded reference to the
> object which created it. This reference makes the instances of the class
> larger, and may keep the reference to the creator object alive longer than
> necessary. If possible, the class should be made static.
> - GenericDispatcherFactory.java:72, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
> ST: Write to static field
> org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled from instance
> method
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.disableEcas()
> This instance method writes to a static field. This is tricky to get correct
> if multiple instances are being manipulated, and generally bad practice.
> - GenericDispatcherFactory.java:77, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
> ST: Write to static field
> org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled from instance
> method
> org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.enableEcas()
> This instance method writes to a static field. This is tricky to get correct
> if multiple instances are being manipulated, and generally bad practice.
> - GenericResultWaiter.java:29, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.GenericResultWaiter is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - GenericResultWaiter.java:52, NO_NOTIFY_NOT_NOTIFYALL
> No: Using notify rather than notifyAll in
> org.apache.ofbiz.service.GenericResultWaiter.receiveResult(Map)
> This method calls notify() rather than notifyAll(). Java monitors are often
> used for multiple conditions. Calling notify() only wakes up one thread,
> meaning that the thread woken up might not be the one waiting for the
> condition that the caller just satisfied.
> - GenericResultWaiter.java:64, NO_NOTIFY_NOT_NOTIFYALL
> No: Using notify rather than notifyAll in
> org.apache.ofbiz.service.GenericResultWaiter.receiveThrowable(Throwable)
> This method calls notify() rather than notifyAll(). Java monitors are often
> used for multiple conditions. Calling notify() only wakes up one thread,
> meaning that the thread woken up might not be the one waiting for the
> condition that the caller just satisfied.
> - ModelParam.java:41, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelParam is Serializable; consider declaring
> a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelParam.java:209, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.service.ModelParam defines equals and uses
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and
> inherits the implementation of hashCode() from java.lang.Object (which
> returns the identity hash code, an arbitrary value assigned to the object by
> the VM). Therefore, the class is very likely to violate the invariant that
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> - ModelParam.java:209, EQ_SELF_USE_OBJECT
> Eq: org.apache.ofbiz.service.ModelParam defines equals(ModelParam) method and
> uses Object.equals(Object)
> This class defines a covariant version of the equals() method, but inherits
> the normal equals(Object) method defined in the base java.lang.Object class.
> The class should probably define a boolean equals(Object) method.
> - ModelParam.java:297, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelParam$ModelParamValidator is
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelPermGroup.java:32, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelPermGroup is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelPermission.java:35, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelPermission is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelPermission.java:108, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in
> org.apache.ofbiz.service.ModelPermission.evalRoleMember(GenericValue)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> - ModelPermission.java:129, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of permission, which is known to be non-null in
> org.apache.ofbiz.service.ModelPermission.evalPermissionService(ModelService,
> DispatchContext, Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelPermission.java:150, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in
> org.apache.ofbiz.service.ModelPermission.evalPermissionService(ModelService,
> DispatchContext, Map)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> - ModelService.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.service.ModelService defines non-transient
> non-serializable instance field implServices
> This Serializable class defines a non-primitive instance field which is
> neither transient, Serializable, or java.lang.Object, and does not appear to
> implement the Externalizable interface or the readObject() and writeObject()
> methods. Objects of this class will not be deserialized correctly if a
> non-Serializable object is stored in this field.
> - ModelService.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.service.ModelService defines non-transient
> non-serializable instance field internalGroup
> This Serializable class defines a non-primitive instance field which is
> neither transient, Serializable, or java.lang.Object, and does not appear to
> implement the Externalizable interface or the readObject() and writeObject()
> methods. Objects of this class will not be deserialized correctly if a
> non-Serializable object is stored in this field.
> - ModelService.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.service.ModelService defines non-transient
> non-serializable instance field metrics
> This Serializable class defines a non-primitive instance field which is
> neither transient, Serializable, or java.lang.Object, and does not appear to
> implement the Externalizable interface or the readObject() and writeObject()
> methods. Objects of this class will not be deserialized correctly if a
> non-Serializable object is stored in this field.
> - ModelService.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.service.ModelService defines non-transient
> non-serializable instance field notifications
> This Serializable class defines a non-primitive instance field which is
> neither transient, Serializable, or java.lang.Object, and does not appear to
> implement the Externalizable interface or the readObject() and writeObject()
> methods. Objects of this class will not be deserialized correctly if a
> non-Serializable object is stored in this field.
> - ModelService.java:84, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelService is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelService.java:329, IT_NO_SUCH_ELEMENT
> It: org.apache.ofbiz.service.ModelService$1$1.next() can't throw
> NoSuchElementException
> This class implements the java.util.Iterator interface. However, its next()
> method is not capable of throwing java.util.NoSuchElementException. The
> next() method should be changed so it throws NoSuchElementException if is
> called when there are no more elements to return.
> - ModelService.java:383, IS2_INCONSISTENT_SYNC
> IS: Inconsistent synchronization of
> org.apache.ofbiz.service.ModelService.inheritedParameters; locked 50% of time
> The fields of this class appear to be accessed inconsistently with respect to
> synchronization. This bug report indicates that the bug pattern detector
> judged that
> The class contains a mix of locked and unlocked accesses,
> The class is not annotated as javax.annotation.concurrent.NotThreadSafe,
> At least one locked access was performed by one of the class's own methods,
> and
> The number of unsynchronized field accesses (reads and writes) was no more
> than one third of all accesses, with writes being weighed twice as high as
> reads
> A typical bug matching this bug pattern is forgetting to synchronize one of
> the methods in a class that is intended to be thread-safe.
> You can select the nodes labeled "Unsynchronized access" to show the code
> locations where the detector believed that a field was accessed without
> synchronization.
> Note that there are various sources of inaccuracy in this detector; for
> example, the detector cannot statically detect all situations in which a lock
> is held. Also, even when the detector is accurate in distinguishing locked
> vs. unlocked accesses, the code in question may still be correct.
> - ModelService.java:480, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of params, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.updateDefaultValues(Map, String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelService.java:991, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of permission, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.evalPermission(DispatchContext, Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelService.java:998, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of thisService, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.evalPermission(DispatchContext, Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelService.java:1141, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of model, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.interfaceUpdate(DispatchContext)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelService.java:1245, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of inParam, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.getWSDL(Definition, String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelService.java:1291, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of outParam, which is known to be non-null in
> org.apache.ofbiz.service.ModelService.getWSDL(Definition, String)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelServiceReader.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.service.ModelServiceReader defines non-transient
> non-serializable instance field delegator
> This Serializable class defines a non-primitive instance field which is
> neither transient, Serializable, or java.lang.Object, and does not appear to
> implement the Externalizable interface or the readObject() and writeObject()
> methods. Objects of this class will not be deserialized correctly if a
> non-Serializable object is stored in this field.
> - ModelServiceReader.java:60, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.ModelServiceReader is Serializable; consider
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a
> serialVersionUID field. A change as simple as adding a reference to a .class
> object will add synthetic fields to the class, which will unfortunately
> change the implicit serialVersionUID (e.g., adding a reference to
> String.class will generate a static field class$java$lang$String). Also,
> different source code to bytecode compilers may use different naming
> conventions for synthetic variables generated for references to class objects
> or inner classes. To ensure interoperability of Serializable across versions,
> consider adding an explicit serialVersionUID.
> - ModelServiceReader.java:111, UCF_USELESS_CONTROL_FLOW
> UCF: Useless control flow in
> org.apache.ofbiz.service.ModelServiceReader.getModelServices()
> This method contains a useless control flow statement, where control flow
> continues onto the same place regardless of whether or not the branch is
> taken. For example, this is caused by having an empty statement block for an
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> - ModelServiceReader.java:154, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of service, which is known to be non-null in
> org.apache.ofbiz.service.ModelServiceReader.getModelServices()
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ModelServiceReader.java:450, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of fieldsIter, which is known to be non-null in
> org.apache.ofbiz.service.ModelServiceReader.createAutoAttrDef(Element,
> ModelService)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - RunningService.java:59, EI_EXPOSE_REP
> EI: org.apache.ofbiz.service.RunningService.getStartStamp() may expose
> internal representation by returning RunningService.startStamp
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> - RunningService.java:63, EI_EXPOSE_REP
> EI: org.apache.ofbiz.service.RunningService.getEndStamp() may expose internal
> representation by returning RunningService.endStamp
> Returning a reference to a mutable object value stored in one of the object's
> fields exposes the internal representation of the object. If instances are
> accessed by untrusted code, and unchecked changes to the mutable object would
> compromise security or other important properties, you will need to do
> something different. Returning a new copy of the object is better approach in
> many situations.
> - RunningService.java:72, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.service.RunningService defines equals and uses
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and
> inherits the implementation of hashCode() from java.lang.Object (which
> returns the identity hash code, an arbitrary value assigned to the object by
> the VM). Therefore, the class is very likely to violate the invariant that
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> - ServiceContainer.java:57, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
> ST: Write to static field
> org.apache.ofbiz.service.ServiceContainer.dispatcherFactory from instance
> method org.apache.ofbiz.service.ServiceContainer.init(List, String, String)
> This instance method writes to a static field. This is tricky to get correct
> if multiple instances are being manipulated, and generally bad practice.
> - ServiceDispatcher.java:73, MS_SHOULD_BE_FINAL
> MS: org.apache.ofbiz.service.ServiceDispatcher.dispatchers isn't final but
> should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> - ServiceDispatcher.java:76, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.ServiceDispatcher.enableJM should be package
> protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> - ServiceDispatcher.java:77, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.ServiceDispatcher.enableJMS should be package
> protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> - ServiceDispatcher.java:78, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.ServiceDispatcher.enableSvcs should be package
> protected
> A mutable static field could be changed by malicious code or by accident. The
> field could be made package protected to avoid this vulnerability.
> - ServiceDispatcher.java:118, NP_NULL_ON_SOME_PATH
> NP: Possible null pointer dereference of delegator in new
> org.apache.ofbiz.service.ServiceDispatcher(Delegator, boolean, boolean)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
> - ServiceDispatcher.java:425, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
> org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
> boolean)
> A String is being converted to upper or lowercase, using the platform's
> default encoding. This may result in improper conversions when used with
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - ServiceDispatcher.java:463, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of errMsg, which is known to be non-null in
> org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
> boolean)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ServiceDispatcher.java:464, UCF_USELESS_CONTROL_FLOW
> UCF: Useless control flow in
> org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
> boolean)
> This method contains a useless control flow statement, where control flow
> continues onto the same place regardless of whether or not the branch is
> taken. For example, this is caused by having an empty statement block for an
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> - ServiceDispatcher.java:1025, HE_USE_OF_UNHASHABLE_CLASS
> HE: org.apache.ofbiz.service.RunningService doesn't define a hashCode()
> method but is used in a hashed data structure in
> org.apache.ofbiz.service.ServiceDispatcher.logService(String, ModelService,
> int)
> A class defines an equals(Object) method but not a hashCode() method, and
> thus doesn't fulfill the requirement that equal objects have equal hashCodes.
> An instance of this class is used in a hash data structure, making the need
> to fix this problem of highest importance.
> - ServiceSynchronization.java:55, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of sync, which is known to be non-null in
> org.apache.ofbiz.service.ServiceSynchronization.registerCommitService(DispatchContext,
> String, String, Map, boolean, boolean)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ServiceSynchronization.java:62, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of sync, which is known to be non-null in
> org.apache.ofbiz.service.ServiceSynchronization.registerRollbackService(DispatchContext,
> String, String, Map, boolean, boolean)
> This method contains a redundant check of a known non-null value against the
> constant null.
> - ServiceUtil.java:557, NP_NULL_ON_SOME_PATH
> NP: Possible null pointer dereference of job in
> org.apache.ofbiz.service.ServiceUtil.cancelJob(DispatchContext, Map)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
> - ServiceUtil.java:595, NP_NULL_ON_SOME_PATH
> NP: Possible null pointer dereference of job in
> org.apache.ofbiz.service.ServiceUtil.cancelJobRetries(DispatchContext, Map)
> There is a branch of statement that, if executed, guarantees that a null
> value will be dereferenced, which would generate a NullPointerException when
> the code is executed. Of course, the problem might be that the branch or
> statement is infeasible and that the null pointer exception can't ever be
> executed; deciding that is beyond the ability of FindBugs.
> - ServiceUtil.java:648, NP_NULL_PARAM_DEREF
> NP: Null passed for nonnull parameter of
> org.apache.ofbiz.base.util.UtilMisc.toMap(Object[]) in
> org.apache.ofbiz.service.ServiceUtil.makeContext(Object[])
> This method call passes a null value for a non-null method parameter. Either
> the parameter is annotated as a parameter that should always be non-null, or
> analysis has shown that it will always be dereferenced.
> - ServiceXaWrapper.java:258, SF_SWITCH_NO_DEFAULT
> SF: Switch statement found in
> org.apache.ofbiz.service.ServiceXaWrapper.runService(String, Map, boolean,
> int, int) where default case is missing
> This method contains a switch statement where default case is missing.
> Usually you need to provide a default case.
> Because the analysis only looks at the generated bytecode, this warning can
> be incorrect triggered if the default case is at the end of the switch
> statement and the switch statement doesn't contain break statements for other
> cases.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
