[ https://issues.apache.org/jira/browse/OFBIZ-9723?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brohl reassigned OFBIZ-9723: ------------------------------------ Assignee: Michael Brohl > [FB] Package org.apache.ofbiz.entity.datasource > ----------------------------------------------- > > Key: OFBIZ-9723 > URL: https://issues.apache.org/jira/browse/OFBIZ-9723 > Project: OFBiz > Issue Type: Sub-task > Components: ALL APPLICATIONS, ALL COMPONENTS > Affects Versions: Trunk > Reporter: Julian Leichert > Assignee: Michael Brohl > Priority: Minor > Attachments: > OFBIZ-9723_org.apache.ofbiz.entity.datasource_bugfixes.patch > > > GenericDAO.java:108, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.insert(GenericEntity) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:171, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.singleInsert(GenericEntity, > ModelEntity, List, SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:187, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.updateAll(GenericEntity) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:197, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.update(GenericEntity) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:277, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.singleUpdate(GenericEntity, > ModelEntity, List, SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:331, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.updateByCondition(ModelEntity, > Map, EntityCondition, SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:501, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity, > SQLProcessor) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:521, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity, > SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:547, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: > Normal > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity, > Set) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:592, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity, > Set) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:763, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.selectListIteratorByCondition(Delegator, > ModelEntity, EntityCondition, EntityCondition, Collection, List, > EntityFindOptions) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:854, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > - RCN: Redundant nullcheck of viewHavingEntityCondition, which is known to be > non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.makeConditionHavingString(StringBuilder, > String, ModelEntity, EntityCondition, List, List) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:913, UC_USELESS_OBJECT > Useless object created > Our analysis shows that this object is useless. It's created and modified, > but its value never go outside of the method or produce any side-effect. > Either there is a mistake and object was intended to be used or it can be > removed. > This analysis rarely produces false-positives. Common false-positive cases > include: > - This object used to implicitly throw some obscure exception. > - This object used as a stub to generalize the code. > - This object used to hold strong references to weak/soft-referenced objects. > GenericDAO.java:976, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.selectByMultiRelation(GenericValue, > ModelRelation, ModelEntity, ModelRelation, ModelEntity, List) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:1106, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.selectCountByCondition(Delegator, > ModelEntity, EntityCondition, EntityCondition, List, EntityFindOptions) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:1161, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: > Normal > - RCN: Redundant nullcheck of modelEntity, which is known to be non-null in > org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity, > SQLProcessor) > This method contains a redundant check of a known non-null value against the > constant null. > GenericDAO.java:1174, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity, > SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericDAO.java:1212, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING > - SQL: A prepared statement is generated from a nonconstant String in > org.apache.ofbiz.entity.datasource.GenericDAO.deleteByCondition(ModelEntity, > EntityCondition, SQLProcessor) > The code creates an SQL prepared statement from a nonconstant String. If > unchecked, tainted data from a user is used in building this String, SQL > injection could be used to make the prepared statement do something > unexpected and undesirable. > GenericHelperFactory.java:38, MS_SHOULD_BE_FINAL > - MS: org.apache.ofbiz.entity.datasource.GenericHelperFactory.helperCache > isn't final but should be > This static field public but not final, and could be changed by malicious > code or by accident from another package. The field could be made final to > avoid this vulnerability. > GenericHelperFactory.java:81, NP_NULL_ON_SOME_PATH > - NP: Possible null pointer dereference of helperConstructor in > org.apache.ofbiz.entity.datasource.GenericHelperFactory.getHelper(GenericHelperInfo) > There is a branch of statement that, if executed, guarantees that a null > value will be dereferenced, which would generate a NullPointerException when > the code is executed. Of course, the problem might be that the branch or > statement is infeasible and that the null pointer exception can't ever be > executed; deciding that is beyond the ability of FindBugs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)