Dennis Balkir created OFBIZ-9638:
------------------------------------
Summary: [FB] Package org.apache.ofbiz.service
Key: OFBIZ-9638
URL: https://issues.apache.org/jira/browse/OFBIZ-9638
Project: OFBiz
Issue Type: Sub-task
Components: framework
Affects Versions: Trunk
Reporter: Dennis Balkir
Priority: Minor
- DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
Se: The field org.apache.ofbiz.service.DispatchContext.loader is transient but
isn't set by deserialization
This class contains a field that is updated at multiple places in the class,
thus it seems to be part of the state of the class. However, since the field is
marked as transient and not set in readObject or readResolve, it will contain
the default value in any deserialized instance of the class.
- DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
Se: The field org.apache.ofbiz.service.DispatchContext.dispatcher is transient
but isn't set by deserialization
This class contains a field that is updated at multiple places in the class,
thus it seems to be part of the state of the class. However, since the field is
marked as transient and not set in readObject or readResolve, it will contain
the default value in any deserialized instance of the class.
- DispatchContext.java:56, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.DispatchContext is Serializable; consider
declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- DispatchContext.java:209, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of serviceMap, which is known to be non-null in
org.apache.ofbiz.service.DispatchContext.getModelService(String)
This method contains a redundant check of a known non-null value against the
constant null.
- DispatchContext.java:273, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of serviceMap, which is known to be non-null in
org.apache.ofbiz.service.DispatchContext.getGlobalServiceMap()
This method contains a redundant check of a known non-null value against the
constant null.
- GeneralServiceException.java:63, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of
org.apache.ofbiz.base.util.GeneralException.getNested(), which is known to be
non-null in org.apache.ofbiz.service.GeneralServiceException.returnError(String)
This method contains a redundant check of a known non-null value against the
constant null.
- GenericAbstractDispatcher.java:86, REC_CATCH_EXCEPTION
REC: Exception is caught when Exception is not thrown in
org.apache.ofbiz.service.GenericAbstractDispatcher.schedule(String, String,
String, Map, long, int, int, int, long, int)
This method uses a try-catch block that catches Exception objects, but
Exception is not thrown within the try block, and RuntimeException is not
explicitly caught. It is a common bug pattern to say try { ... } catch
(Exception e) { something } as a shorthand for catching a number of types of
exception each of whose catch blocks is identical, but this construct also
accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that
are thrown, or to explicitly catch RuntimeException exception, rethrow it, and
then catch all non-Runtime Exceptions, as shown below:
try {
...
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
... deal with all non-runtime exceptions ...
}
- GenericDispatcherFactory.java:32, MS_PKGPROTECT
MS: org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled should be
package protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
- GenericDispatcherFactory.java:49, SIC_INNER_SHOULD_BE_STATIC
SIC: Should org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher
be a _static_ inner class?
This class is an inner class, but does not use its embedded reference to the
object which created it. This reference makes the instances of the class
larger, and may keep the reference to the creator object alive longer than
necessary. If possible, the class should be made static.
- GenericDispatcherFactory.java:72, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
ST: Write to static field
org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled from instance
method
org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.disableEcas()
This instance method writes to a static field. This is tricky to get correct if
multiple instances are being manipulated, and generally bad practice.
- GenericDispatcherFactory.java:77, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
ST: Write to static field
org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled from instance
method
org.apache.ofbiz.service.GenericDispatcherFactory$GenericDispatcher.enableEcas()
This instance method writes to a static field. This is tricky to get correct if
multiple instances are being manipulated, and generally bad practice.
- GenericResultWaiter.java:29, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.GenericResultWaiter is Serializable; consider
declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- GenericResultWaiter.java:52, NO_NOTIFY_NOT_NOTIFYALL
No: Using notify rather than notifyAll in
org.apache.ofbiz.service.GenericResultWaiter.receiveResult(Map)
This method calls notify() rather than notifyAll(). Java monitors are often
used for multiple conditions. Calling notify() only wakes up one thread,
meaning that the thread woken up might not be the one waiting for the condition
that the caller just satisfied.
- GenericResultWaiter.java:64, NO_NOTIFY_NOT_NOTIFYALL
No: Using notify rather than notifyAll in
org.apache.ofbiz.service.GenericResultWaiter.receiveThrowable(Throwable)
This method calls notify() rather than notifyAll(). Java monitors are often
used for multiple conditions. Calling notify() only wakes up one thread,
meaning that the thread woken up might not be the one waiting for the condition
that the caller just satisfied.
- ModelParam.java:41, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelParam is Serializable; consider declaring a
serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelParam.java:209, HE_EQUALS_USE_HASHCODE
HE: org.apache.ofbiz.service.ModelParam defines equals and uses
Object.hashCode()
This class overrides equals(Object), but does not override hashCode(), and
inherits the implementation of hashCode() from java.lang.Object (which returns
the identity hash code, an arbitrary value assigned to the object by the VM).
Therefore, the class is very likely to violate the invariant that equal objects
must have equal hashcodes.
If you don't think instances of this class will ever be inserted into a
HashMap/HashTable, the recommended hashCode implementation to use is:
public int hashCode() {
assert false : "hashCode not designed";
return 42; // any arbitrary constant will do
}
- ModelParam.java:209, EQ_SELF_USE_OBJECT
Eq: org.apache.ofbiz.service.ModelParam defines equals(ModelParam) method and
uses Object.equals(Object)
This class defines a covariant version of the equals() method, but inherits the
normal equals(Object) method defined in the base java.lang.Object class. The
class should probably define a boolean equals(Object) method.
- ModelParam.java:297, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelParam$ModelParamValidator is Serializable;
consider declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelPermGroup.java:32, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelPermGroup is Serializable; consider
declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelPermission.java:35, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelPermission is Serializable; consider
declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelPermission.java:108, NP_LOAD_OF_KNOWN_NULL_VALUE
NP: Load of known null value in
org.apache.ofbiz.service.ModelPermission.evalRoleMember(GenericValue)
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
- ModelPermission.java:129, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of permission, which is known to be non-null in
org.apache.ofbiz.service.ModelPermission.evalPermissionService(ModelService,
DispatchContext, Map)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelPermission.java:150, NP_LOAD_OF_KNOWN_NULL_VALUE
NP: Load of known null value in
org.apache.ofbiz.service.ModelPermission.evalPermissionService(ModelService,
DispatchContext, Map)
The variable referenced at this point is known to be null due to an earlier
check against null. Although this is valid, it might be a mistake (perhaps you
intended to refer to a different variable, or perhaps the earlier check to see
if the variable is null should have been a check to see if it was non-null).
- ModelService.java:-1, SE_BAD_FIELD
Se: Class org.apache.ofbiz.service.ModelService defines non-transient
non-serializable instance field implServices
This Serializable class defines a non-primitive instance field which is neither
transient, Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
- ModelService.java:-1, SE_BAD_FIELD
Se: Class org.apache.ofbiz.service.ModelService defines non-transient
non-serializable instance field internalGroup
This Serializable class defines a non-primitive instance field which is neither
transient, Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
- ModelService.java:-1, SE_BAD_FIELD
Se: Class org.apache.ofbiz.service.ModelService defines non-transient
non-serializable instance field metrics
This Serializable class defines a non-primitive instance field which is neither
transient, Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
- ModelService.java:-1, SE_BAD_FIELD
Se: Class org.apache.ofbiz.service.ModelService defines non-transient
non-serializable instance field notifications
This Serializable class defines a non-primitive instance field which is neither
transient, Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
- ModelService.java:84, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelService is Serializable; consider declaring
a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelService.java:329, IT_NO_SUCH_ELEMENT
It: org.apache.ofbiz.service.ModelService$1$1.next() can't throw
NoSuchElementException
This class implements the java.util.Iterator interface. However, its next()
method is not capable of throwing java.util.NoSuchElementException. The next()
method should be changed so it throws NoSuchElementException if is called when
there are no more elements to return.
- ModelService.java:383, IS2_INCONSISTENT_SYNC
IS: Inconsistent synchronization of
org.apache.ofbiz.service.ModelService.inheritedParameters; locked 50% of time
The fields of this class appear to be accessed inconsistently with respect to
synchronization. This bug report indicates that the bug pattern detector
judged that
The class contains a mix of locked and unlocked accesses,
The class is not annotated as javax.annotation.concurrent.NotThreadSafe,
At least one locked access was performed by one of the class's own methods, and
The number of unsynchronized field accesses (reads and writes) was no more than
one third of all accesses, with writes being weighed twice as high as reads
A typical bug matching this bug pattern is forgetting to synchronize one of the
methods in a class that is intended to be thread-safe.
You can select the nodes labeled "Unsynchronized access" to show the code
locations where the detector believed that a field was accessed without
synchronization.
Note that there are various sources of inaccuracy in this detector; for
example, the detector cannot statically detect all situations in which a lock
is held. Also, even when the detector is accurate in distinguishing locked vs.
unlocked accesses, the code in question may still be correct.
- ModelService.java:480, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of params, which is known to be non-null in
org.apache.ofbiz.service.ModelService.updateDefaultValues(Map, String)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelService.java:991, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of permission, which is known to be non-null in
org.apache.ofbiz.service.ModelService.evalPermission(DispatchContext, Map)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelService.java:998, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of thisService, which is known to be non-null in
org.apache.ofbiz.service.ModelService.evalPermission(DispatchContext, Map)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelService.java:1141, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of model, which is known to be non-null in
org.apache.ofbiz.service.ModelService.interfaceUpdate(DispatchContext)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelService.java:1245, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of inParam, which is known to be non-null in
org.apache.ofbiz.service.ModelService.getWSDL(Definition, String)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelService.java:1291, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of outParam, which is known to be non-null in
org.apache.ofbiz.service.ModelService.getWSDL(Definition, String)
This method contains a redundant check of a known non-null value against the
constant null.
- ModelServiceReader.java:-1, SE_BAD_FIELD
Se: Class org.apache.ofbiz.service.ModelServiceReader defines non-transient
non-serializable instance field delegator
This Serializable class defines a non-primitive instance field which is neither
transient, Serializable, or java.lang.Object, and does not appear to implement
the Externalizable interface or the readObject() and writeObject() methods.
Objects of this class will not be deserialized correctly if a non-Serializable
object is stored in this field.
- ModelServiceReader.java:60, SE_NO_SERIALVERSIONID
SnVI: org.apache.ofbiz.service.ModelServiceReader is Serializable; consider
declaring a serialVersionUID
This class implements the Serializable interface, but does not define a
serialVersionUID field. A change as simple as adding a reference to a .class
object will add synthetic fields to the class, which will unfortunately change
the implicit serialVersionUID (e.g., adding a reference to String.class will
generate a static field class$java$lang$String). Also, different source code to
bytecode compilers may use different naming conventions for synthetic variables
generated for references to class objects or inner classes. To ensure
interoperability of Serializable across versions, consider adding an explicit
serialVersionUID.
- ModelServiceReader.java:111, UCF_USELESS_CONTROL_FLOW
UCF: Useless control flow in
org.apache.ofbiz.service.ModelServiceReader.getModelServices()
This method contains a useless control flow statement, where control flow
continues onto the same place regardless of whether or not the branch is taken.
For example, this is caused by having an empty statement block for an if
statement:
if (argv.length == 0) {
// TODO: handle this case
}
- ModelServiceReader.java:154, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of service, which is known to be non-null in
org.apache.ofbiz.service.ModelServiceReader.getModelServices()
This method contains a redundant check of a known non-null value against the
constant null.
- ModelServiceReader.java:450, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of fieldsIter, which is known to be non-null in
org.apache.ofbiz.service.ModelServiceReader.createAutoAttrDef(Element,
ModelService)
This method contains a redundant check of a known non-null value against the
constant null.
- RunningService.java:59, EI_EXPOSE_REP
EI: org.apache.ofbiz.service.RunningService.getStartStamp() may expose internal
representation by returning RunningService.startStamp
Returning a reference to a mutable object value stored in one of the object's
fields exposes the internal representation of the object. If instances are
accessed by untrusted code, and unchecked changes to the mutable object would
compromise security or other important properties, you will need to do
something different. Returning a new copy of the object is better approach in
many situations.
- RunningService.java:63, EI_EXPOSE_REP
EI: org.apache.ofbiz.service.RunningService.getEndStamp() may expose internal
representation by returning RunningService.endStamp
Returning a reference to a mutable object value stored in one of the object's
fields exposes the internal representation of the object. If instances are
accessed by untrusted code, and unchecked changes to the mutable object would
compromise security or other important properties, you will need to do
something different. Returning a new copy of the object is better approach in
many situations.
- RunningService.java:72, HE_EQUALS_USE_HASHCODE
HE: org.apache.ofbiz.service.RunningService defines equals and uses
Object.hashCode()
This class overrides equals(Object), but does not override hashCode(), and
inherits the implementation of hashCode() from java.lang.Object (which returns
the identity hash code, an arbitrary value assigned to the object by the VM).
Therefore, the class is very likely to violate the invariant that equal objects
must have equal hashcodes.
If you don't think instances of this class will ever be inserted into a
HashMap/HashTable, the recommended hashCode implementation to use is:
public int hashCode() {
assert false : "hashCode not designed";
return 42; // any arbitrary constant will do
}
- ServiceContainer.java:57, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
ST: Write to static field
org.apache.ofbiz.service.ServiceContainer.dispatcherFactory from instance
method org.apache.ofbiz.service.ServiceContainer.init(List, String, String)
This instance method writes to a static field. This is tricky to get correct if
multiple instances are being manipulated, and generally bad practice.
- ServiceDispatcher.java:73, MS_SHOULD_BE_FINAL
MS: org.apache.ofbiz.service.ServiceDispatcher.dispatchers isn't final but
should be
This static field public but not final, and could be changed by malicious code
or by accident from another package. The field could be made final to avoid
this vulnerability.
- ServiceDispatcher.java:76, MS_PKGPROTECT
MS: org.apache.ofbiz.service.ServiceDispatcher.enableJM should be package
protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
- ServiceDispatcher.java:77, MS_PKGPROTECT
MS: org.apache.ofbiz.service.ServiceDispatcher.enableJMS should be package
protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
- ServiceDispatcher.java:78, MS_PKGPROTECT
MS: org.apache.ofbiz.service.ServiceDispatcher.enableSvcs should be package
protected
A mutable static field could be changed by malicious code or by accident. The
field could be made package protected to avoid this vulnerability.
- ServiceDispatcher.java:118, NP_NULL_ON_SOME_PATH
NP: Possible null pointer dereference of delegator in new
org.apache.ofbiz.service.ServiceDispatcher(Delegator, boolean, boolean)
There is a branch of statement that, if executed, guarantees that a null value
will be dereferenced, which would generate a NullPointerException when the code
is executed. Of course, the problem might be that the branch or statement is
infeasible and that the null pointer exception can't ever be executed; deciding
that is beyond the ability of FindBugs.
- ServiceDispatcher.java:425, DM_CONVERT_CASE
Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in
org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
boolean)
A String is being converted to upper or lowercase, using the platform's default
encoding. This may result in improper conversions when used with international
characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
versions instead.
- ServiceDispatcher.java:463, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of errMsg, which is known to be non-null in
org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
boolean)
This method contains a redundant check of a known non-null value against the
constant null.
- ServiceDispatcher.java:464, UCF_USELESS_CONTROL_FLOW
UCF: Useless control flow in
org.apache.ofbiz.service.ServiceDispatcher.runSync(String, ModelService, Map,
boolean)
This method contains a useless control flow statement, where control flow
continues onto the same place regardless of whether or not the branch is taken.
For example, this is caused by having an empty statement block for an if
statement:
if (argv.length == 0) {
// TODO: handle this case
}
- ServiceDispatcher.java:1025, HE_USE_OF_UNHASHABLE_CLASS
HE: org.apache.ofbiz.service.RunningService doesn't define a hashCode() method
but is used in a hashed data structure in
org.apache.ofbiz.service.ServiceDispatcher.logService(String, ModelService, int)
A class defines an equals(Object) method but not a hashCode() method, and thus
doesn't fulfill the requirement that equal objects have equal hashCodes. An
instance of this class is used in a hash data structure, making the need to fix
this problem of highest importance.
- ServiceSynchronization.java:55, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of sync, which is known to be non-null in
org.apache.ofbiz.service.ServiceSynchronization.registerCommitService(DispatchContext,
String, String, Map, boolean, boolean)
This method contains a redundant check of a known non-null value against the
constant null.
- ServiceSynchronization.java:62, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of sync, which is known to be non-null in
org.apache.ofbiz.service.ServiceSynchronization.registerRollbackService(DispatchContext,
String, String, Map, boolean, boolean)
This method contains a redundant check of a known non-null value against the
constant null.
- ServiceUtil.java:557, NP_NULL_ON_SOME_PATH
NP: Possible null pointer dereference of job in
org.apache.ofbiz.service.ServiceUtil.cancelJob(DispatchContext, Map)
There is a branch of statement that, if executed, guarantees that a null value
will be dereferenced, which would generate a NullPointerException when the code
is executed. Of course, the problem might be that the branch or statement is
infeasible and that the null pointer exception can't ever be executed; deciding
that is beyond the ability of FindBugs.
- ServiceUtil.java:595, NP_NULL_ON_SOME_PATH
NP: Possible null pointer dereference of job in
org.apache.ofbiz.service.ServiceUtil.cancelJobRetries(DispatchContext, Map)
There is a branch of statement that, if executed, guarantees that a null value
will be dereferenced, which would generate a NullPointerException when the code
is executed. Of course, the problem might be that the branch or statement is
infeasible and that the null pointer exception can't ever be executed; deciding
that is beyond the ability of FindBugs.
- ServiceUtil.java:648, NP_NULL_PARAM_DEREF
NP: Null passed for nonnull parameter of
org.apache.ofbiz.base.util.UtilMisc.toMap(Object[]) in
org.apache.ofbiz.service.ServiceUtil.makeContext(Object[])
This method call passes a null value for a non-null method parameter. Either
the parameter is annotated as a parameter that should always be non-null, or
analysis has shown that it will always be dereferenced.
- ServiceXaWrapper.java:258, SF_SWITCH_NO_DEFAULT
SF: Switch statement found in
org.apache.ofbiz.service.ServiceXaWrapper.runService(String, Map, boolean, int,
int) where default case is missing
This method contains a switch statement where default case is missing. Usually
you need to provide a default case.
Because the analysis only looks at the generated bytecode, this warning can be
incorrect triggered if the default case is at the end of the switch statement
and the switch statement doesn't contain break statements for other cases.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
