[
https://issues.apache.org/jira/browse/OFBIZ-9452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Brohl reassigned OFBIZ-9452:
------------------------------------
Assignee: Michael Brohl
> [FB] Package org.apache.ofbiz.accounting.tax
> --------------------------------------------
>
> Key: OFBIZ-9452
> URL: https://issues.apache.org/jira/browse/OFBIZ-9452
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Trunk
> Reporter: Kyra Pritzel-Hentley
> Assignee: Michael Brohl
> Priority: Minor
> Attachments: OFBIZ-9452_tax.TaxAuthorityServices_bugfixes.patch
>
>
> TaxAuthorityServices.java:60, MS_SHOULD_BE_FINAL
> * MS:
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxFinalDecimals
> isn't final but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> TaxAuthorityServices.java:61, MS_SHOULD_BE_FINAL
> * MS:
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxCalcDecimals
> isn't final but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> TaxAuthorityServices.java:62, MS_SHOULD_BE_FINAL
> * MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxRounding
> isn't final but should be
> This static field public but not final, and could be changed by malicious
> code or by accident from another package. The field could be made final to
> avoid this vulnerability.
> TaxAuthorityServices.java:168, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
> Map)
> The variable referenced at this point is known to be null due to an earlier
> check against null. Although this is valid, it might be a mistake (perhaps
> you intended to refer to a different variable, or perhaps the earlier check
> to see if the variable is null should have been a check to see if it was
> non-null).
> TaxAuthorityServices.java:213, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of shippingAddress, which is known to be non-null
> in
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
> Map)
> This method contains a redundant check of a known non-null value against the
> constant null.
> TaxAuthorityServices.java:388,RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> * RCN: Nullcheck of taxAuthorityRateProduct at line 388 of value previously
> dereferenced in
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator,
> GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal,
> BigDecimal, BigDecimal, BigDecimal)
> A value is checked here to see whether it is null, but this value can't be
> null because it was previously dereferenced and if it were null a null
> pointer exception would have occurred at the earlier dereference.
> Essentially, this code and the previous dereference disagree as to whether
> this value is allowed to be null. Either the check is redundant or the
> previous dereference is erroneous.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
