[jira] [Closed] (OFBIZ-11823) Refactor PickListServices#isBinComplete method to remove unnecessary iterations
[ https://issues.apache.org/jira/browse/OFBIZ-11823?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pawan Verma closed OFBIZ-11823. --- Fix Version/s: Upcoming Branch Resolution: Implemented Thanks, [~surajk] and [~jleroux]! > Refactor PickListServices#isBinComplete method to remove unnecessary > iterations > --- > > Key: OFBIZ-11823 > URL: https://issues.apache.org/jira/browse/OFBIZ-11823 > Project: OFBiz > Issue Type: Improvement > Components: product/facility >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Pawan Verma >Priority: Minor > Fix For: Upcoming Branch > > Attachments: OFBIZ-11823.patch, OFBIZ-11823.patch > > > PickListServices#isBinComplete() is used to check if picklistBin is complete. > This method reduces system performance when a picklistBin contains heavy no > of items in it, this method iterator all the items to check the status of the > item to validate if the bin is complete or not. > Instead of iteration, we can add itemStatusId != PICKITEM_COMPLETED condition > while fetching records from the entity using queryCount() method and if we > found count then picklistBin is not complete. > It can be a major performance factor on a production system working on heavy > orders. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11823) Refactor PickListServices#isBinComplete method to remove unnecessary iterations
[ https://issues.apache.org/jira/browse/OFBIZ-11823?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146794#comment-17146794 ] ASF subversion and git services commented on OFBIZ-11823: - Commit 9cf6ec8c909998a3b808a4de9c34085e36bd775b in ofbiz-framework's branch refs/heads/trunk from Pawan Verma [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=9cf6ec8 ] Improved: Refactor PickListServices#isBinComplete method to remove unnecessary iterations(OFBIZ-11823) Thanks: Suraj and Jacques for the review. > Refactor PickListServices#isBinComplete method to remove unnecessary > iterations > --- > > Key: OFBIZ-11823 > URL: https://issues.apache.org/jira/browse/OFBIZ-11823 > Project: OFBiz > Issue Type: Improvement > Components: product/facility >Affects Versions: Trunk >Reporter: Pawan Verma >Assignee: Pawan Verma >Priority: Minor > Attachments: OFBIZ-11823.patch, OFBIZ-11823.patch > > > PickListServices#isBinComplete() is used to check if picklistBin is complete. > This method reduces system performance when a picklistBin contains heavy no > of items in it, this method iterator all the items to check the status of the > item to validate if the bin is complete or not. > Instead of iteration, we can add itemStatusId != PICKITEM_COMPLETED condition > while fetching records from the entity using queryCount() method and if we > found count then picklistBin is not complete. > It can be a major performance factor on a production system working on heavy > orders. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Closed] (OFBIZ-11827) Merge identical catch blocks in single catch block
[
https://issues.apache.org/jira/browse/OFBIZ-11827?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pawan Verma closed OFBIZ-11827.
---
Fix Version/s: Upcoming Branch
Resolution: Implemented
Thanks, [~jleroux]!
> Merge identical catch blocks in single catch block
> ---
>
> Key: OFBIZ-11827
> URL: https://issues.apache.org/jira/browse/OFBIZ-11827
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Pawan Verma
>Assignee: Pawan Verma
>Priority: Minor
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11827-plugins.patch, OFBIZ-11827.patch
>
>
> In Java SE 7 and later, a single catch block can handle more than one type of
> exception. This feature can reduce code duplication and lessen the temptation
> to catch an overly broad exception.
> For more details:
> https://docs.oracle.com/javase/8/docs/technotes/guides/language/catch-multiple.html
> Example:
> {code:java}
> catch (IOException ex) {
> logger.log(ex);
> throw ex;
> } catch (SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
> Can be written as, which is valid in Java SE 7 and later, eliminates the
> duplicated code:
>
> {code:java}
> catch (IOException | SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11837) First Data Payment Gateway Integration
[ https://issues.apache.org/jira/browse/OFBIZ-11837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146790#comment-17146790 ] ASF subversion and git services commented on OFBIZ-11837: - Commit df753f80b2be1cb964df0bc9c3cfe30fa3bf83f2 in ofbiz-plugins's branch refs/heads/trunk from Pritam Kute [ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=df753f8 ] Adding new plugin for integration of First Data payment gateway with Apache OFBiz. (OFBIZ-11837) > First Data Payment Gateway Integration > -- > > Key: OFBIZ-11837 > URL: https://issues.apache.org/jira/browse/OFBIZ-11837 > Project: OFBiz > Issue Type: New Feature >Affects Versions: Trunk >Reporter: Pritam Kute >Assignee: Pritam Kute >Priority: Major > > Dev Thread Link: [https://markmail.org/thread/2p5top4idkeiwlih] > Apache OFBiz has OOTB integrations for most of the widely used payment > gateways around the world. > We are working on integrating First Data Payment Gateway for one of the > websites. The First Data payment gateway is quite popular and comes in the > list of top payment gateways around the globe. We would like to contribute > the basic payment gateway integration of First Data into Apache OFBiz. > Also as discussed over the DEV list, we will be contributing gateway as a > separate plugin. > We will create the subtasks under this main task to deliver different payment > gateway methods. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-plugins] asfgit merged pull request #34: Adding new plugin for integration of First Data payment gateway with …
asfgit merged pull request #34: URL: https://github.com/apache/ofbiz-plugins/pull/34 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11827) Merge identical catch blocks in single catch block
[
https://issues.apache.org/jira/browse/OFBIZ-11827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146791#comment-17146791
]
ASF subversion and git services commented on OFBIZ-11827:
-
Commit 1f97f89bae0db49da2facf0be28f0cf7ebe4c8e7 in ofbiz-plugins's branch
refs/heads/trunk from Pawan Verma
[ https://gitbox.apache.org/repos/asf?p=ofbiz-plugins.git;h=1f97f89 ]
Improved: Merge identical catch blocks in single catch block(OFBIZ-11827)
In Java SE 7 and later, a single catch block can handle more than one type of
exception. This feature can reduce code duplication and lessen the temptation
to catch an overly broad exception.
Thanks: Jacques for the review.
> Merge identical catch blocks in single catch block
> ---
>
> Key: OFBIZ-11827
> URL: https://issues.apache.org/jira/browse/OFBIZ-11827
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Pawan Verma
>Assignee: Pawan Verma
>Priority: Minor
> Attachments: OFBIZ-11827-plugins.patch, OFBIZ-11827.patch
>
>
> In Java SE 7 and later, a single catch block can handle more than one type of
> exception. This feature can reduce code duplication and lessen the temptation
> to catch an overly broad exception.
> For more details:
> https://docs.oracle.com/javase/8/docs/technotes/guides/language/catch-multiple.html
> Example:
> {code:java}
> catch (IOException ex) {
> logger.log(ex);
> throw ex;
> } catch (SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
> Can be written as, which is valid in Java SE 7 and later, eliminates the
> duplicated code:
>
> {code:java}
> catch (IOException | SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11827) Merge identical catch blocks in single catch block
[
https://issues.apache.org/jira/browse/OFBIZ-11827?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146789#comment-17146789
]
ASF subversion and git services commented on OFBIZ-11827:
-
Commit f0af2894e5915c2ffaa87b0ad6b52818267ac202 in ofbiz-framework's branch
refs/heads/trunk from Pawan Verma
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=f0af289 ]
Improved: Merge identical catch blocks in single catch block(OFBIZ-11827)
In Java SE 7 and later, a single catch block can handle more than one type of
exception. This feature can reduce code duplication and lessen the temptation
to catch an overly broad exception.
Thanks: Jacques for the review.
> Merge identical catch blocks in single catch block
> ---
>
> Key: OFBIZ-11827
> URL: https://issues.apache.org/jira/browse/OFBIZ-11827
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Pawan Verma
>Assignee: Pawan Verma
>Priority: Minor
> Attachments: OFBIZ-11827-plugins.patch, OFBIZ-11827.patch
>
>
> In Java SE 7 and later, a single catch block can handle more than one type of
> exception. This feature can reduce code duplication and lessen the temptation
> to catch an overly broad exception.
> For more details:
> https://docs.oracle.com/javase/8/docs/technotes/guides/language/catch-multiple.html
> Example:
> {code:java}
> catch (IOException ex) {
> logger.log(ex);
> throw ex;
> } catch (SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
> Can be written as, which is valid in Java SE 7 and later, eliminates the
> duplicated code:
>
> {code:java}
> catch (IOException | SQLException ex) {
> logger.log(ex);
> throw ex;
> }{code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #14: Implemented: Added new inventory cycle count feature for warehouse.
sonarcloud[bot] commented on pull request #14: URL: https://github.com/apache/ofbiz-framework/pull/14#issuecomment-650500300 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=CODE_SMELL) [3 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=14=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=14) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=14=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=14=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (OFBIZ-11499) Convert createPaymentFromOrder service from mini-lang to groovy DSL
[ https://issues.apache.org/jira/browse/OFBIZ-11499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Saurabh Dixit reassigned OFBIZ-11499: - Assignee: Saurabh Dixit (was: Devanshu Vyas) > Convert createPaymentFromOrder service from mini-lang to groovy DSL > --- > > Key: OFBIZ-11499 > URL: https://issues.apache.org/jira/browse/OFBIZ-11499 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Devanshu Vyas >Assignee: Saurabh Dixit >Priority: Minor > > Convert the createPaymentFromOrder service code from mini-lang to groovy DSL. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-11487) Convert voidPayment service from mini-lang to groovy DSL
[ https://issues.apache.org/jira/browse/OFBIZ-11487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Sourabh Punyani reassigned OFBIZ-11487: --- Assignee: Sourabh Punyani (was: Devanshu Vyas) > Convert voidPayment service from mini-lang to groovy DSL > > > Key: OFBIZ-11487 > URL: https://issues.apache.org/jira/browse/OFBIZ-11487 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Devanshu Vyas >Assignee: Sourabh Punyani >Priority: Minor > > Convert the voidPayment service code from mini-lang to groovy DSL. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Assigned] (OFBIZ-10013) Screen Rendering issue on Payment Overview screen
[ https://issues.apache.org/jira/browse/OFBIZ-10013?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Rahul Chohal reassigned OFBIZ-10013: Assignee: Rahul Chohal > Screen Rendering issue on Payment Overview screen > - > > Key: OFBIZ-10013 > URL: https://issues.apache.org/jira/browse/OFBIZ-10013 > Project: OFBiz > Issue Type: Bug > Components: accounting >Affects Versions: Release Branch 16.11, Trunk >Reporter: Pritam Kute >Assignee: Rahul Chohal >Priority: Major > > Steps to regenerate are - > 1. Go to https://demo-trunk.ofbiz.apache.org/accounting/control/main > 2. Click on "show all payment" payments. > 3. Select any payment of type "Customer Payment" and click on it to go to > overview screen > 4. On overview screen click on the button "Acctg Trans Entries PDF" > Result: > Actual: The broken screen > Should be the PDF with account transaction entries. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-framework] JacquesLeRoux commented on pull request #208: Improved: Convert InvoicePerShipmentTests.xml tests to groovy (OFBIZ-11553)
JacquesLeRoux commented on pull request #208: URL: https://github.com/apache/ofbiz-framework/pull/208#issuecomment-650218173 Hi Priya, It's good now, the duplicated lines reported are only in jquery. I'll review later, thanks! This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #209: OFBIZ-11446 Improved: Convert ContentPermissionServices.xml mini lang to groovy
sonarcloud[bot] commented on pull request #209: URL: https://github.com/apache/ofbiz-framework/pull/209#issuecomment-650207858 Kudos, SonarCloud Quality Gate passed! [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=209=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=209) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=209=new_duplicated_lines_density=list) [0.0% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=209=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] wpaetzold opened a new pull request #209: OFBIZ-11446 Improved: Convert ContentPermissionServices.xml mini lang to groovy
wpaetzold opened a new pull request #209: URL: https://github.com/apache/ofbiz-framework/pull/209 Improved:Convert ContentPermissionServices.xml mini lang to groovy (OFBIZ-11446) Also change the reference in DataResourcePermissionServices.xml for checkOwnership This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] priyasharma1 commented on pull request #208: Improved: Convert InvoicePerShipmentTests.xml tests to groovy (OFBIZ-11553)
priyasharma1 commented on pull request #208: URL: https://github.com/apache/ofbiz-framework/pull/208#issuecomment-650197885 Hi @JacquesLeRoux I moved the duplicate code to a method and triggered it in the tests as per the conditions. But the SonarCloud results are yet not good, any other suggestion? This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] sonarcloud[bot] commented on pull request #208: Improved: Convert InvoicePerShipmentTests.xml tests to groovy (OFBIZ-11553)
sonarcloud[bot] commented on pull request #208: URL: https://github.com/apache/ofbiz-framework/pull/208#issuecomment-650191756 SonarCloud Quality Gate failed. [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208=new_duplicated_lines_density=list) [6.7% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [ofbiz-framework] sonarcloud[bot] removed a comment on pull request #208: Improved: Convert InvoicePerShipmentTests.xml tests to groovy (OFBIZ-11553)
sonarcloud[bot] removed a comment on pull request #208: URL: https://github.com/apache/ofbiz-framework/pull/208#issuecomment-649969383 SonarCloud Quality Gate failed. [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [0 Bugs](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=BUG) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) [0 Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=VULNERABILITY) (and [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=SECURITY_HOTSPOT) [0 Security Hotspots](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=SECURITY_HOTSPOT) to review) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [0 Code Smells](https://sonarcloud.io/project/issues?id=apache_ofbiz-framework=208=false=CODE_SMELL) [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208) No Coverage information [](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208=new_duplicated_lines_density=list) [6.7% Duplication](https://sonarcloud.io/component_measures?id=apache_ofbiz-framework=208=new_duplicated_lines_density=list) This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Closed] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[
https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux closed OFBIZ-11836.
---
Fix Version/s: 17.12.04
18.12.01
Resolution: Fixed
> IDOR vulnerability in the order processing feature in ecommerce component
> -
>
> Key: OFBIZ-11836
> URL: https://issues.apache.org/jira/browse/OFBIZ-11836
> Project: OFBiz
> Issue Type: Sub-task
> Components: ecommerce, order
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: 18.12.01, 17.12.04
>
>
> Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR
> vulnerability to the OFBiz security team, and we thank him for that.
> I'll later quote here his email message when the vulnerability will be fixed.
> It's a post-auth vulnerability so we did not ask for a CVE.
> Here is Harshit's message slightly edited:
> {quote}
> https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1
> In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
> incrementing the value to 'WSCO10001' or 'WSCO10002' will download the
> receipt of other orders which have been placed by other users.
> All the available order receipts can be downloaded by running an automated
> tool (Burp Intruder) on the parameter 'orderId=WSCOX'
> I have successfully tested this by using 2 different accounts: DemoCustomer
> and DemoCustomer2 ([~jleroux] edited)
> An attacker can download order receipts of other users and this could lead to
> information disclosure.
> The only real solution to this issue is to implement access control. The user
> needs to be authorized for the requested information before the server
> provides it.
> Reference:https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
> {quote}
> Only ecommerce is affected because we have secure permissions in backorder
> components (ERP)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Updated] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[
https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jacques Le Roux updated OFBIZ-11836:
Description:
Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability
to the OFBiz security team, and we thank him for that.
I'll later quote here his email message when the vulnerability will be fixed.
It's a post-auth vulnerability so we did not ask for a CVE.
Here is Harshit's message slightly edited:
{quote}
https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1
In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt
of other orders which have been placed by other users.
All the available order receipts can be downloaded by running an automated tool
(Burp Intruder) on the parameter 'orderId=WSCOX'
I have successfully tested this by using 2 different accounts: DemoCustomer and
DemoCustomer2 ([~jleroux] edited)
An attacker can download order receipts of other users and this could lead to
information disclosure.
The only real solution to this issue is to implement access control. The user
needs to be authorized for the requested information before the server provides
it.
Reference:https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
{quote}
Only ecommerce is affected because we have secure permissions in backorder
components (ERP)
was:
Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability
to the OFBiz security team, and we thank him for that.
I'll later quote here his email message when the vulnerability will be fixed.
It's a post-auth vulnerability so we did not ask for a CVE.
> IDOR vulnerability in the order processing feature in ecommerce component
> -
>
> Key: OFBIZ-11836
> URL: https://issues.apache.org/jira/browse/OFBIZ-11836
> Project: OFBiz
> Issue Type: Sub-task
> Components: ecommerce, order
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
>
> Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR
> vulnerability to the OFBiz security team, and we thank him for that.
> I'll later quote here his email message when the vulnerability will be fixed.
> It's a post-auth vulnerability so we did not ask for a CVE.
> Here is Harshit's message slightly edited:
> {quote}
> https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1
> In the above URL, the parameter 'orderId' has the value 'WSCO1' and after
> incrementing the value to 'WSCO10001' or 'WSCO10002' will download the
> receipt of other orders which have been placed by other users.
> All the available order receipts can be downloaded by running an automated
> tool (Burp Intruder) on the parameter 'orderId=WSCOX'
> I have successfully tested this by using 2 different accounts: DemoCustomer
> and DemoCustomer2 ([~jleroux] edited)
> An attacker can download order receipts of other users and this could lead to
> information disclosure.
> The only real solution to this issue is to implement access control. The user
> needs to be authorized for the requested information before the server
> provides it.
> Reference:https://blog.detectify.com/2016/05/25/owasp-top-10-insecure-direct-object-reference-4/
> {quote}
> Only ecommerce is affected because we have secure permissions in backorder
> components (ERP)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[ https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146097#comment-17146097 ] ASF subversion and git services commented on OFBIZ-11836: - Commit 34c02e3bde4c45ab94b594a5102842eb37a7586d in ofbiz-framework's branch refs/heads/release18.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=34c02e3 ] Fixed: IDOR vulnerability in the order processing feature in ecommerce component (OFBIZ-11836) https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1 In the above URL, the parameter 'orderId' has the value 'WSCO1' and after incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt of other orders which have been placed by other users. All the available order receipts can be downloaded by running an automated tool (Burp Intruder) on the parameter 'orderId=WSCOX' I have successfully tested this by using 2 different accounts: DemoCustomer and DemoCustomer2 An attacker can download order receipts of other users and this could lead to information disclosure. The only real solution to this issue is to implement access control. The user needs to be authorized for the requested information before the server provides it. Thanks: Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability to the OFBiz security team, and we thank him for that. > IDOR vulnerability in the order processing feature in ecommerce component > - > > Key: OFBIZ-11836 > URL: https://issues.apache.org/jira/browse/OFBIZ-11836 > Project: OFBiz > Issue Type: Sub-task > Components: ecommerce, order >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR > vulnerability to the OFBiz security team, and we thank him for that. > I'll later quote here his email message when the vulnerability will be fixed. > It's a post-auth vulnerability so we did not ask for a CVE. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[ https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146096#comment-17146096 ] ASF subversion and git services commented on OFBIZ-11836: - Commit 8120f75b21186978bc87fafdc9f0b80e2ee500dc in ofbiz-framework's branch refs/heads/release17.12 from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=8120f75 ] Fixed: IDOR vulnerability in the order processing feature in ecommerce component (OFBIZ-11836) https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1 In the above URL, the parameter 'orderId' has the value 'WSCO1' and after incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt of other orders which have been placed by other users. All the available order receipts can be downloaded by running an automated tool (Burp Intruder) on the parameter 'orderId=WSCOX' I have successfully tested this by using 2 different accounts: DemoCustomer and DemoCustomer2 An attacker can download order receipts of other users and this could lead to information disclosure. The only real solution to this issue is to implement access control. The user needs to be authorized for the requested information before the server provides it. Thanks: Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability to the OFBiz security team, and we thank him for that. > IDOR vulnerability in the order processing feature in ecommerce component > - > > Key: OFBIZ-11836 > URL: https://issues.apache.org/jira/browse/OFBIZ-11836 > Project: OFBiz > Issue Type: Sub-task > Components: ecommerce, order >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR > vulnerability to the OFBiz security team, and we thank him for that. > I'll later quote here his email message when the vulnerability will be fixed. > It's a post-auth vulnerability so we did not ask for a CVE. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[ https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146098#comment-17146098 ] ASF subversion and git services commented on OFBIZ-11836: - Commit 4f841e9897569bd49d83a94d8d0f2deef9a6fa7a in ofbiz-framework's branch refs/heads/trunk from Jacques Le Roux [ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=4f841e9 ] Fixed: IDOR vulnerability in the order processing feature in ecommerce component (OFBIZ-11836) https://demo-stable.ofbiz.apache.org/ecommerce/control/order.pdf?orderId=WSCO1 In the above URL, the parameter 'orderId' has the value 'WSCO1' and after incrementing the value to 'WSCO10001' or 'WSCO10002' will download the receipt of other orders which have been placed by other users. All the available order receipts can be downloaded by running an automated tool (Burp Intruder) on the parameter 'orderId=WSCOX' I have successfully tested this by using 2 different accounts: DemoCustomer and DemoCustomer2 An attacker can download order receipts of other users and this could lead to information disclosure. The only real solution to this issue is to implement access control. The user needs to be authorized for the requested information before the server provides it. Thanks: Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR vulnerability to the OFBiz security team, and we thank him for that. > IDOR vulnerability in the order processing feature in ecommerce component > - > > Key: OFBIZ-11836 > URL: https://issues.apache.org/jira/browse/OFBIZ-11836 > Project: OFBiz > Issue Type: Sub-task > Components: ecommerce, order >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR > vulnerability to the OFBiz security team, and we thank him for that. > I'll later quote here his email message when the vulnerability will be fixed. > It's a post-auth vulnerability so we did not ask for a CVE. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (OFBIZ-11836) IDOR vulnerability in the order processing feature in ecommerce component
[ https://issues.apache.org/jira/browse/OFBIZ-11836?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-11836: Summary: IDOR vulnerability in the order processing feature in ecommerce component (was: IDOR vulnerability in the order processing feature) > IDOR vulnerability in the order processing feature in ecommerce component > - > > Key: OFBIZ-11836 > URL: https://issues.apache.org/jira/browse/OFBIZ-11836 > Project: OFBiz > Issue Type: Sub-task > Components: ecommerce, order >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > > Harshit Shukla [mailto:harshit.sh...@gmail.com]reported this IDOR > vulnerability to the OFBiz security team, and we thank him for that. > I'll later quote here his email message when the vulnerability will be fixed. > It's a post-auth vulnerability so we did not ask for a CVE. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[GitHub] [ofbiz-framework] JacquesLeRoux commented on pull request #208: Improved: Convert InvoicePerShipmentTests.xml tests to groovy (OFBIZ-11553)
JacquesLeRoux commented on pull request #208: URL: https://github.com/apache/ofbiz-framework/pull/208#issuecomment-650019359 Hi Priya, Pawan, I suggest we factorise the common part in one specific method, TIA This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (OFBIZ-11553) Convert InvoicePerShipmentTests.xml to Groovy
[ https://issues.apache.org/jira/browse/OFBIZ-11553?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17146076#comment-17146076 ] Jacques Le Roux commented on OFBIZ-11553: - +1 for logInfo() method in OFBizTestCase class if it's possible (did not review) > Convert InvoicePerShipmentTests.xml to Groovy > -- > > Key: OFBIZ-11553 > URL: https://issues.apache.org/jira/browse/OFBIZ-11553 > Project: OFBiz > Issue Type: Sub-task > Components: accounting >Affects Versions: Trunk >Reporter: Rohit Hukkeri >Assignee: Priya Sharma >Priority: Minor > > Convert InvoicePerShipmentTests.xml to Groovy -- This message was sent by Atlassian Jira (v8.3.4#803005)
