[ https://issues.apache.org/jira/browse/KARAF-5003?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15942627#comment-15942627 ]
ASF subversion and git services commented on KARAF-5003: -------------------------------------------------------- Commit 08444ba9ffcf4fa8d3c3a946c8c6d074ad150645 in karaf's branch refs/heads/master from [~jbonofre] [ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=08444ba ] [KARAF-5003] Compare by class instead of by class name > Possible bugs in the source code > -------------------------------- > > Key: KARAF-5003 > URL: https://issues.apache.org/jira/browse/KARAF-5003 > Project: Karaf > Issue Type: Bug > Components: karaf-shell, karaf-tooling, karaf-webcontainer > Reporter: AppChecker > Assignee: Jean-Baptiste Onofré > Fix For: 4.0.9, 4.1.1 > > > Hello! > We've checked your project with [static code analyzer > AppChecker|https://cnpo.ru/en/solutions/appchecker.php] and it found several > possible defects: > 1) > https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/web/src/main/java/org/apache/karaf/web/internal/WebContainerServiceImpl.java#L85 > {code:java} > contextPath.trim(); > {code} > contextPath is not changed. Probably it should be: > {code:java} > contextPath = contextPath.trim(); > {code} > 2) > https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/shell/RepoRemoveCommand.java#L120 > {code:java} > if (repository.equals(repository)) { > {code} > repository is compared with itself. Probably it should be: > {code:java} > if (this.repository.equals(repository)) { > {code} > same place - > https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/management/internal/CellarFeaturesMBeanImpl.java#L563 > 3) > https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/GenerateDescriptorMojo.java#L320 > {code:java} > enableGeneration = !"feature".equals(packaging) && > !"feature".equals(packaging); > {code} > !"feature".equals(packaging) is checked twice > 4) > https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/main/src/main/java/org/apache/karaf/main/lock/DefaultJDBCLock.java#L157 > {code:java} > return metadata != null && > (checkTableExists(tableName.toLowerCase(), metadata) // > || checkTableExists(tableName.toLowerCase(), metadata)); > {code} > checkTableExists(tableName.toLowerCase(), metadata) is checked twice > 5) Not a bug, pedantic remark > https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/shell/core/src/main/java/org/apache/karaf/shell/support/table/ShellTable.java#L166 > {code:java} > if > (ps.getClass().getName().equals("org.apache.felix.gogo.runtime.threadio.ThreadPrintStream")) > { > {code} > Not recommended to comparising of classes by name. See: > https://cwe.mitre.org/data/definitions/486.html > https://www.securecoding.cert.org/confluence/display/java/OBJ09-J.+Compare+classes+and+not+class+names > We hope this was helpful -- This message was sent by Atlassian JIRA (v6.3.15#6346)