[jira] [Commented] (OFBIZ-9529) [FB] Package org.apache.ofbiz.accounting.payment (Additional Bugs)

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124520#comment-16124520
 ] 

Michael Brohl commented on OFBIZ-9529:
--

Hi Jacques,

I agree with you about the initialization of balance because I assume that it 
should assure that the balance is returned as BigDecimal.ZERO in case of a 
failure or no data.

I see no reason to declare a local variable ZERO from BigDecimal.ZERO. It's 
unneccessary overhead and since it it only used locally, it should also not be 
public.

I suggest to remove the local variable ZERO and replace it with BigDecimal.ZERO.

> [FB] Package org.apache.ofbiz.accounting.payment (Additional Bugs)
> --
>
> Key: OFBIZ-9529
> URL: https://issues.apache.org/jira/browse/OFBIZ-9529
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Jacques Le Roux
>Priority: Minor
> Fix For: 16.11.04
>
> Attachments: 
> OFBIZ-9529_org.apache.ofbiz.accounting.payment_bugfixes.patch
>
>
> BillingAccountWorker.java:217, SE_NO_SERIALVERSIONID
> * SnVI: 
> org.apache.ofbiz.accounting.payment.BillingAccountWorker$BillingAccountComparator
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> GiftCertificateServices.java:229, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to balance in 
> org.apache.ofbiz.accounting.payment.GiftCertificateServices.addFundsToGiftCertificate(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> GiftCertificateServices.java:306, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to balance in 
> org.apache.ofbiz.accounting.payment.GiftCertificateServices.redeemGiftCertificate(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> PaymentGatewayServices.java:211, UCF_USELESS_CONTROL_FLOW
> * UCF: Useless control flow in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.authOrderPaymentPreference(DispatchContext,
>  Map)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. 
> PaymentGatewayServices.java:1889, UCF_USELESS_CONTROL_FLOW
> * UCF: Useless control flow in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.processAuthResult(DispatchContext,
>  Map)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. 
> PaymentGatewayServices.java:3729, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to returnItemResponses in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.isReplacementOrder(GenericValue)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9529) [FB] Package org.apache.ofbiz.accounting.payment (Additional Bugs)

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16124546#comment-16124546
 ] 

Michael Brohl commented on OFBIZ-9529:
--

> BTW there are also local variables which are declared public, though final. I 
> saw a LOT of them in other services classes...

Yes, I know, it's another big field of refactoring issues...

Done in trunk r1804864, I did not back port because it's not a bug.

> [FB] Package org.apache.ofbiz.accounting.payment (Additional Bugs)
> --
>
> Key: OFBIZ-9529
> URL: https://issues.apache.org/jira/browse/OFBIZ-9529
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Jacques Le Roux
>Priority: Minor
> Fix For: 16.11.04
>
> Attachments: 
> OFBIZ-9529_org.apache.ofbiz.accounting.payment_bugfixes.patch
>
>
> BillingAccountWorker.java:217, SE_NO_SERIALVERSIONID
> * SnVI: 
> org.apache.ofbiz.accounting.payment.BillingAccountWorker$BillingAccountComparator
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> GiftCertificateServices.java:229, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to balance in 
> org.apache.ofbiz.accounting.payment.GiftCertificateServices.addFundsToGiftCertificate(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> GiftCertificateServices.java:306, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to balance in 
> org.apache.ofbiz.accounting.payment.GiftCertificateServices.redeemGiftCertificate(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> PaymentGatewayServices.java:211, UCF_USELESS_CONTROL_FLOW
> * UCF: Useless control flow in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.authOrderPaymentPreference(DispatchContext,
>  Map)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. 
> PaymentGatewayServices.java:1889, UCF_USELESS_CONTROL_FLOW
> * UCF: Useless control flow in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.processAuthResult(DispatchContext,
>  Map)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. 
> PaymentGatewayServices.java:3729, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to returnItemResponses in 
> org.apache.ofbiz.accounting.payment.PaymentGatewayServices.isReplacementOrder(GenericValue)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9306) Check there are no white spaces in the name of a form field when updating a form

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16125775#comment-16125775
 ] 

Michael Brohl commented on OFBIZ-9306:
--

I agree with the trim, but you should check for null first.

> Check there are no white spaces in the name of a form field when updating a 
> form
> 
>
> Key: OFBIZ-9306
> URL: https://issues.apache.org/jira/browse/OFBIZ-9306
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL APPLICATIONS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9306-ModelFormField.java.patch
>
>
> Sometimes ago, I lost an hour because of a space at the end of a field's name 
> in a form. In creation it does not pass (the field lacks) but when updating 
> the form it passes and it's hard to find from where comes the problem.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9306) Check there are no white spaces around the name of a form field when updating a form

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16126120#comment-16126120
 ] 

Michael Brohl commented on OFBIZ-9306:
--

Jacques,

if returnValue is null, you'll get a NullPointerException...

> Check there are no white spaces around the name of a form field when updating 
> a form
> 
>
> Key: OFBIZ-9306
> URL: https://issues.apache.org/jira/browse/OFBIZ-9306
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL APPLICATIONS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9306-ModelFormField.java.patch
>
>
> Sometimes ago, I lost an hour because of a space at the end of a field's name 
> in a form. In creation it does not pass (the field lacks) but when updating 
> the form it passes and it's hard to find from where comes the problem.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9395) EmailServices.sendMailFromScreen improved to take multiple attachments with appropriate type along with several email fixes

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9395:


Assignee: Michael Brohl

> EmailServices.sendMailFromScreen improved to take multiple attachments with 
> appropriate type along with several email fixes
> ---
>
> Key: OFBIZ-9395
> URL: https://issues.apache.org/jira/browse/OFBIZ-9395
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Martin Becker
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9395_emailAttachmentsImprovement.patch
>
>
> This patch fixes a number of issues combined in a patch because of the code 
> dependencies.
> Firstly it enables to add BCC adress(es) to service 
> OrderServices.sendOrderNotificationScreens to oversteer 
> ProductStoreEmailSetting of BCC the same was as for CC.
> Secondly a method UtilValidate.isEmailList(String) is added to check a comma 
> separated list of email addresses, used for example to check the String 
> passed to the new BCC field for an Order-Notification.
> Thirdly there are improvements in EmailServices.sendMailFromScreen. The 
> attachment type of MailAttachments is now not only .pdf but depends on the 
> specific file. This has not been the case before - the mime type was always 
> hard coded as .pdf. 
> The same goes for the bodyPart content-type which is now set to the passed 
> content type or the default text/html type. Before this was also always set 
> to text/html. Additionally, an attachment that has the mime-type text/plain 
> is not rendered with the fop-renderer anymore but with a simple 
> text-renderer. Therefore it is possible to send an CSV file as attachment now.
> The patch also refactors some catch-Blocks in the 
> EmailServices.sendMailFromScreen by using multi-catch since the exception 
> handling is always the same.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9395) EmailServices.sendMailFromScreen improved to take multiple attachments with appropriate type along with several email fixes

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9395.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Martin,

your patch is in trunk r1805459.

> EmailServices.sendMailFromScreen improved to take multiple attachments with 
> appropriate type along with several email fixes
> ---
>
> Key: OFBIZ-9395
> URL: https://issues.apache.org/jira/browse/OFBIZ-9395
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Martin Becker
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9395_emailAttachmentsImprovement.patch
>
>
> This patch fixes a number of issues combined in a patch because of the code 
> dependencies.
> Firstly it enables to add BCC adress(es) to service 
> OrderServices.sendOrderNotificationScreens to oversteer 
> ProductStoreEmailSetting of BCC the same was as for CC.
> Secondly a method UtilValidate.isEmailList(String) is added to check a comma 
> separated list of email addresses, used for example to check the String 
> passed to the new BCC field for an Order-Notification.
> Thirdly there are improvements in EmailServices.sendMailFromScreen. The 
> attachment type of MailAttachments is now not only .pdf but depends on the 
> specific file. This has not been the case before - the mime type was always 
> hard coded as .pdf. 
> The same goes for the bodyPart content-type which is now set to the passed 
> content type or the default text/html type. Before this was also always set 
> to text/html. Additionally, an attachment that has the mime-type text/plain 
> is not rendered with the fop-renderer anymore but with a simple 
> text-renderer. Therefore it is possible to send an CSV file as attachment now.
> The patch also refactors some catch-Blocks in the 
> EmailServices.sendMailFromScreen by using multi-catch since the exception 
> handling is always the same.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9398) Initialize UserLogin.hasLoggedOut to false on very fist login

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9398:


Assignee: Michael Brohl

> Initialize UserLogin.hasLoggedOut to false on very fist login
> -
>
> Key: OFBIZ-9398
> URL: https://issues.apache.org/jira/browse/OFBIZ-9398
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Martin Becker
>Assignee: Michael Brohl
>Priority: Trivial
> Attachments: OFBIZ-9398-LoginServices_hasLoggedOut.patch
>
>
> LoginServices.userLogin: If the user is in his very first login session, the 
> hasLoggedOut flag will still be null during the session since it was never 
> set by a previous session. In order to read the correct flag value during the 
> first user session (which should be false), this patch includes an explicit 
> update to the hasLoggedOut flag to "N" when hasLoggedOut is checked.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9486:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --
>
> Key: OFBIZ-9486
> URL: https://issues.apache.org/jira/browse/OFBIZ-9486
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch, 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch
>
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the 
> constant null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9486.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Kyra,

your patch is in trunk r1805460.

> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --
>
> Key: OFBIZ-9486
> URL: https://issues.apache.org/jira/browse/OFBIZ-9486
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch, 
> OFBIZ-9486_org.apache.ofbiz.accounting.thirdparty.gosoftware_bugfixes.patch
>
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new 
> String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the 
> constant null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn 
> should be package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, 
> RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in 
> org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9504) [FB] Package org.apache.ofbiz.accounting.finaccount

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9504:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.finaccount
> ---
>
> Key: OFBIZ-9504
> URL: https://issues.apache.org/jira/browse/OFBIZ-9504
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9504_org.apache.ofbiz.accounting.finaccount_bugfixes.patch
>
>
> The following Bug was found by the FindBugs Software in the OFBiz codebase 
> and may need fixing:
> FinAccountPaymentServices.java:72, 
> RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> * RCN: Nullcheck of paymentPref at line 72 of value previously dereferenced 
> in 
> org.apache.ofbiz.accounting.finaccount.FinAccountPaymentServices.finAccountPreAuth(DispatchContext,
>  Map)
> A value is checked here to see whether it is null, but this value can't be 
> null because it was previously dereferenced and if it were null a null 
> pointer exception would have occurred at the earlier dereference. 
> Essentially, this code and the previous dereference disagree as to whether 
> this value is allowed to be null. Either the check is redundant or the 
> previous dereference is erroneous.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9505) [FB] Package org.apache.ofbiz.accounting.ledger

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9505:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.ledger
> ---
>
> Key: OFBIZ-9505
> URL: https://issues.apache.org/jira/browse/OFBIZ-9505
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9505_org.apache.ofbiz.accounting.ledger_bugfixes.patch
>
>
> The following Bugs were found by the FindBugs Software in the OFBiz codebase 
> and may need fixing:
> GeneralLedgerServices.java:42, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to totalAmountPercentage in 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.createUpdateCostCenter(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> GeneralLedgerServices.java:50, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.createUpdateCostCenter(DispatchContext,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> GeneralLedgerServices.java:73, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.calculateCostCenterTotal(Map)
>  makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> GeneralLedgerServices.java:75, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of rowValue, which is known to be non-null in 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.calculateCostCenterTotal(Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9504) [FB] Package org.apache.ofbiz.accounting.finaccount

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9504.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Kyra,

your patch is in trunk r1805463.

> [FB] Package org.apache.ofbiz.accounting.finaccount
> ---
>
> Key: OFBIZ-9504
> URL: https://issues.apache.org/jira/browse/OFBIZ-9504
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9504_org.apache.ofbiz.accounting.finaccount_bugfixes.patch
>
>
> The following Bug was found by the FindBugs Software in the OFBiz codebase 
> and may need fixing:
> FinAccountPaymentServices.java:72, 
> RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> * RCN: Nullcheck of paymentPref at line 72 of value previously dereferenced 
> in 
> org.apache.ofbiz.accounting.finaccount.FinAccountPaymentServices.finAccountPreAuth(DispatchContext,
>  Map)
> A value is checked here to see whether it is null, but this value can't be 
> null because it was previously dereferenced and if it were null a null 
> pointer exception would have occurred at the earlier dereference. 
> Essentially, this code and the previous dereference disagree as to whether 
> this value is allowed to be null. Either the check is redundant or the 
> previous dereference is erroneous.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9505) [FB] Package org.apache.ofbiz.accounting.ledger

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9505.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Kyra,

your modified patch is in trunk r1805464.

Additionally to the provided patch I removed the static ZERO variable 
and changed the assignment to BigDecimal.ZERO instead. An unused import
statement was removed also.

> [FB] Package org.apache.ofbiz.accounting.ledger
> ---
>
> Key: OFBIZ-9505
> URL: https://issues.apache.org/jira/browse/OFBIZ-9505
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9505_org.apache.ofbiz.accounting.ledger_bugfixes.patch
>
>
> The following Bugs were found by the FindBugs Software in the OFBiz codebase 
> and may need fixing:
> GeneralLedgerServices.java:42, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to totalAmountPercentage in 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.createUpdateCostCenter(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> GeneralLedgerServices.java:50, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.createUpdateCostCenter(DispatchContext,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> GeneralLedgerServices.java:73, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.calculateCostCenterTotal(Map)
>  makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> GeneralLedgerServices.java:75, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of rowValue, which is known to be non-null in 
> org.apache.ofbiz.accounting.ledger.GeneralLedgerServices.calculateCostCenterTotal(Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9527) [FB] Packages org.apache.ofbiz.accounting.period and org.apache.ofbiz.accounting.tax

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9527:


Assignee: Michael Brohl

> [FB] Packages org.apache.ofbiz.accounting.period and 
> org.apache.ofbiz.accounting.tax
> 
>
> Key: OFBIZ-9527
> URL: https://issues.apache.org/jira/browse/OFBIZ-9527
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9527_org.apache.ofbiz.accounting.period_and_org.apache.ofbiz.accounting.tax_refactoring.patch
>
>
> PeriodServices.java:42, MS_SHOULD_BE_FINAL
> * MS: org.apache.ofbiz.accounting.period.PeriodServices.module isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> After adjusting the FindBugs configuration, a new bug has been found in 
> TaxAuthorityServices:
> TaxAuthorityServices.java:350, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of productCategoryCond, which is known to be 
> non-null in 
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator,
>  GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal, 
> BigDecimal, BigDecimal, BigDecimal)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9527) [FB] Packages org.apache.ofbiz.accounting.period and org.apache.ofbiz.accounting.tax

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9527.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Kyra,

your patch is in trunk r1805466.

> [FB] Packages org.apache.ofbiz.accounting.period and 
> org.apache.ofbiz.accounting.tax
> 
>
> Key: OFBIZ-9527
> URL: https://issues.apache.org/jira/browse/OFBIZ-9527
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9527_org.apache.ofbiz.accounting.period_and_org.apache.ofbiz.accounting.tax_refactoring.patch
>
>
> PeriodServices.java:42, MS_SHOULD_BE_FINAL
> * MS: org.apache.ofbiz.accounting.period.PeriodServices.module isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> After adjusting the FindBugs configuration, a new bug has been found in 
> TaxAuthorityServices:
> TaxAuthorityServices.java:350, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of productCategoryCond, which is known to be 
> non-null in 
> org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator,
>  GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal, 
> BigDecimal, BigDecimal, BigDecimal)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9534) exception in service semaphore in wait mode and with multi thread calls

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16133580#comment-16133580
 ] 

Michael Brohl commented on OFBIZ-9534:
--

Thanks Pierre,

your patch looks good to me. Any objections to commit this from others?



> exception in service semaphore in wait mode and with multi thread calls
> ---
>
> Key: OFBIZ-9534
> URL: https://issues.apache.org/jira/browse/OFBIZ-9534
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: Trunk
>Reporter: Gaudin Pierre
> Attachments: semaphore.patch
>
>
> When service semaphore is use in wait mode with numerous simultaneous calls 
> (multi thread), it happens that the service semaphore raises an exception 
> when it tries to record in database the semaphore lock. This exception is 
> raised and stop the wait loop. The exception could be catched to continue the 
> waitloop.
> 
> this can be reproduced by creating a semaphore in wait mode with several 
> calls simultaneously with soapui



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9534) exception in service semaphore in wait mode and with multi thread calls

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9534:


Assignee: Michael Brohl

> exception in service semaphore in wait mode and with multi thread calls
> ---
>
> Key: OFBIZ-9534
> URL: https://issues.apache.org/jira/browse/OFBIZ-9534
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: Trunk
>Reporter: Gaudin Pierre
>Assignee: Michael Brohl
> Attachments: semaphore.patch
>
>
> When service semaphore is use in wait mode with numerous simultaneous calls 
> (multi thread), it happens that the service semaphore raises an exception 
> when it tries to record in database the semaphore lock. This exception is 
> raised and stop the wait loop. The exception could be catched to continue the 
> waitloop.
> 
> this can be reproduced by creating a semaphore in wait mode with several 
> calls simultaneously with soapui



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9541) [FB] Package org.apache.ofbiz.accounting.invoice

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9541:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.invoice
> 
>
> Key: OFBIZ-9541
> URL: https://issues.apache.org/jira/browse/OFBIZ-9541
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Karsten Tymann
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-number_FB_accounting_invoice.patch
>
>
> InvoiceServices.java:107, MS_SHOULD_BE_FINAL
> * MS: org.apache.ofbiz.accounting.invoice.InvoiceServices.module isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> InvoiceServices.java:395, NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE
> * NP: Possible null pointer dereference of orderItem on branch that might be 
> infeasible in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoiceForOrder(DispatchContext,
>  Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs. Due to the fact 
> that this value had been previously tested for nullness, this is a definite 
> possibility.
> InvoiceServices.java:764, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoiceForOrder(DispatchContext,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> InvoiceServices.java:918, DLS_DEAD_LOCAL_STORE, Priorität: Normal
> * DLS: Dead store to billFromVendorInvoiceRoles in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:919, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to invoiceItems in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:960, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to quantity in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:1038, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> InvoiceServices.java:1154, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to invoicesCreated in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoicesFromShipment(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac com

[jira] [Assigned] (OFBIZ-9560) [FB] Package org.apache.ofbiz.base.component

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9560:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.component
> 
>
> Key: OFBIZ-9560
> URL: https://issues.apache.org/jira/browse/OFBIZ-9560
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-No_org.apache.ofbiz.base.component_bugfixes.patch
>
>
> ComponentConfig.java:270, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getFullLocation(String, 
> String, String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:291, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getRootLocation(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:299, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getStream(String, String, 
> String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:307, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getURL(String, String, String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:330, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.isFileResourceLoader(String, 
> String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:704, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of rh, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig$KeystoreInfo.getKeyStore()
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:839, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> new 
> org.apache.ofbiz.base.component.ComponentConfig$WebappInfo(ComponentConfig, 
> Element)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> ComponentConfig.java:925, EI_EXPOSE_REP
> - EI: 
> org.apache.ofbiz.base.component.ComponentConfig$WebappInfo.getBasePermission()
>  may expose internal representation by returning 
> ComponentConfig$WebappInfo.basePermission
> Returning a reference to a mutable object value stored in one of the object's 
> fields exposes the internal representation of the object. If instances are 
> accessed by untrusted code, and unchecked changes to the mutable object would 
> compromise security or other important properties, you will need to do 
> something different. Returning a new copy of the object is better approach in 
> many situations.
> ComponentResourceHandler.java:39, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.base.component.ComponentResourceHandler is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9560) [FB] Package org.apache.ofbiz.base.component

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9560?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9560.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1805472.

> [FB] Package org.apache.ofbiz.base.component
> 
>
> Key: OFBIZ-9560
> URL: https://issues.apache.org/jira/browse/OFBIZ-9560
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-No_org.apache.ofbiz.base.component_bugfixes.patch
>
>
> ComponentConfig.java:270, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getFullLocation(String, 
> String, String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:291, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getRootLocation(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:299, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getStream(String, String, 
> String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:307, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.getURL(String, String, String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:330, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of cc, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig.isFileResourceLoader(String, 
> String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:704, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of rh, which is known to be non-null in 
> org.apache.ofbiz.base.component.ComponentConfig$KeystoreInfo.getKeyStore()
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ComponentConfig.java:839, DM_CONVERT_CASE
> - Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> new 
> org.apache.ofbiz.base.component.ComponentConfig$WebappInfo(ComponentConfig, 
> Element)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> ComponentConfig.java:925, EI_EXPOSE_REP
> - EI: 
> org.apache.ofbiz.base.component.ComponentConfig$WebappInfo.getBasePermission()
>  may expose internal representation by returning 
> ComponentConfig$WebappInfo.basePermission
> Returning a reference to a mutable object value stored in one of the object's 
> fields exposes the internal representation of the object. If instances are 
> accessed by untrusted code, and unchecked changes to the mutable object would 
> compromise security or other important properties, you will need to do 
> something different. Returning a new copy of the object is better approach in 
> many situations.
> ComponentResourceHandler.java:39, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.base.component.ComponentResourceHandler is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9594:


Assignee: Michael Brohl

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
> Fix For: Upcoming Release
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16134094#comment-16134094
 ] 

Michael Brohl commented on OFBIZ-9594:
--

Hi [~ang],

I'm sorry, but I have no clue what this issue is about. You filed it as a bug 
but there is no bug description (what did you do?, what did you expect?, what 
is happening instead?)

You also have references to BOM, DLL's and C# in your issue description. OFBiz 
is a Java Enterprise application and does not use any of these.

Are you sure you filed the issue to the correct project?

Thanks for clarification,
regards,

Michael

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
> Fix For: Upcoming Release
>
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl updated OFBIZ-9594:
-
Fix Version/s: (was: Upcoming Release)

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
>   Original Estimate: 504h
>  Remaining Estimate: 504h
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl updated OFBIZ-9594:
-
 Flags: Patch  (was: Patch,Important)
External issue URL:   (was: https://launchpad.net/angosso)
 External issue ID:   (was: /var/www/vhosts/.../httpdocs)
Remaining Estimate: (was: 504h)
 Original Estimate: (was: 504h)

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (OFBIZ-9444) Dependency problem between Solr 6.6.0 and Guava

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl updated OFBIZ-9444:
-
Attachment: OFBIZ-9444_intermediate.patch

Hi [~Renuka_Srishti],

sorry for the delay, I missed your comment.

I have attached a patch which contains the changes I've made to update to 6.6.0 
with the simple added tests. It also contains some changes I've made in the 
gradle file to introduce a fixed dependency to the needed Guava version.

Please consider this a work in process and experimental patch, I had no time to 
dig further for some time.

Maybe you'll find an acceptable solution without introducing the dependency in 
the main build file.

Thanks,
Michael

> Dependency problem between Solr 6.6.0 and Guava
> ---
>
> Key: OFBIZ-9444
> URL: https://issues.apache.org/jira/browse/OFBIZ-9444
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: solr
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
> Attachments: dependencies.txt, OFBIZ-9444_intermediate.patch, 
> OFBIZ-9444.patch
>
>
> It seems we have a dependency problem in our codebase.
> The Solr code needs access to a method 
> com.google.common.base.Objects.firstNonNull, which was removed from Guava 
> from version 21 (see [1]).
> I tried to add the dependency both through the Solr build.gradle with
> {code:java}
> dependencies {
> pluginLibsCompile 'org.apache.solr:solr-core:6.6.0'
> pluginLibsCompile 'com.google.guava:guava:20.0'
> }
> {code}
> and also as a runtime dependency in main build.gradle
> {code:java}
> dependencies {
> // ofbiz compile libs
> ...
> runtime 'com.google.guava:guava:20.0'
> ...
> }
> {code}
> Both did not work. Running my Solo tests I get the error
> {code:java}
> 2017-07-01 14:25:18,049 |jsse-nio-8443-exec-4 |HttpSolrCall  
> |E| null:java.lang.RuntimeException: java.lang.NoSuchMethodError: 
> com.google.common.base.Objects.firstNonNull(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
> at 
> org.apache.solr.servlet.HttpSolrCall.sendError(HttpSolrCall.java:676)
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:544)
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:361)
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:305)
> at 
> org.apache.ofbiz.solr.webapp.OFBizSolrContextFilter.doFilter(OFBizSolrContextFilter.java:151)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
> at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
> at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
> at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
> at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoSuchMethodError: 
> com.google.common.base.Objects.firstNonNull(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
> at 
> org.apache.so

[jira] [Commented] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16135963#comment-16135963
 ] 

Michael Brohl commented on OFBIZ-9594:
--

Please be more specific and give a clear description what you are expecting.
Without some basic information it is impossible for us to work on the issue.

Please answer the following questions to help us to understand your problem:

What do you want to achieve in detail?

What did you do to achieve this?

What exactly does not work?

What do you think how the problem can be solved?

What do you expect us to do? What should be changed?

Thanks for some clarification.

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-7792) Update OFBiz Website

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-7792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148810#comment-16148810
 ] 

Michael Brohl commented on OFBIZ-7792:
--

[~toashishvijay],

this is an important point and should be handled as soon as possible (who can 
do it?).

The direct links "community" and "release notes", which are displayed when you 
search for "apache ofbiz" in Google, are also not working.

> Update OFBiz Website
> 
>
> Key: OFBIZ-7792
> URL: https://issues.apache.org/jira/browse/OFBIZ-7792
> Project: OFBiz
>  Issue Type: Improvement
>Reporter: Sharan Foga
>Assignee: Sharan Foga
>Priority: Minor
>
> The current OFBiz website needs to be updated. This JIRA covers updates 
> required to the complete site.
> HIgh Level Plan
> Phase 1: Requirements Definition : COMPLETED
> Phase 2: Design & Structure : COMPLETED
> Phase 3 Build & Construct : IN PROGRESS
> Phase 4: Validate & Test : NOT STARTED
> Phase 5: Transition & Publish: NOT STARTED
> More details of around the website planning, tasks and construction can be 
> found on the wiki.
> https://cwiki.apache.org/confluence/display/OFBIZ/New+OFBiz+Website



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-7792) Update OFBiz Website

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-7792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148873#comment-16148873
 ] 

Michael Brohl commented on OFBIZ-7792:
--

Thanks, [~deepak.dixit]!

> Update OFBiz Website
> 
>
> Key: OFBIZ-7792
> URL: https://issues.apache.org/jira/browse/OFBIZ-7792
> Project: OFBiz
>  Issue Type: Improvement
>Reporter: Sharan Foga
>Assignee: Sharan Foga
>Priority: Minor
>
> The current OFBiz website needs to be updated. This JIRA covers updates 
> required to the complete site.
> HIgh Level Plan
> Phase 1: Requirements Definition : COMPLETED
> Phase 2: Design & Structure : COMPLETED
> Phase 3 Build & Construct : IN PROGRESS
> Phase 4: Validate & Test : NOT STARTED
> Phase 5: Transition & Publish: NOT STARTED
> More details of around the website planning, tasks and construction can be 
> found on the wiki.
> https://cwiki.apache.org/confluence/display/OFBIZ/New+OFBiz+Website



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (OFBIZ-9674) Update build.gradle to the latest dependencies

[Michael Brohl (JIRA)]

Michael Brohl created OFBIZ-9674:


 Summary: Update build.gradle to the latest dependencies
 Key: OFBIZ-9674
 URL: https://issues.apache.org/jira/browse/OFBIZ-9674
 Project: OFBiz
  Issue Type: Improvement
  Components: ALL COMPONENTS
Affects Versions: Trunk
Reporter: Michael Brohl
Assignee: Michael Brohl
Priority: Minor


I wondered how up-to-date our project dependencies are and searched for an 
efficient way how to check this. I found the gradle-versions-plugin [1] which 
analyzes the dependencies and checks if there are newer versions available.

I ran the check with 
{code:java}
./gradlew dependencyUpdates -Drevision=release
{code}

and got the following result:


: Project Dependency Updates (report to plain text file)


The following dependencies are using the latest release version:
 - net.sf.barcode4j:barcode4j:2.1
 - net.sf.barcode4j:barcode4j-fop-ext:2.1
 - org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
 - org.apache.commons:commons-collections4:4.1
 - com.googlecode.ez-vcard:ez-vcard:0.9.10
 - org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
 - org.apache.geronimo.components:geronimo-transaction:3.1.4
 - at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
 - com.github.ben-manes:gradle-versions-plugin:0.15.0
 - org.hamcrest:hamcrest-all:1.3
 - net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
 - javax.el:javax.el-api:3.0.1-b04
 - de.odysseus.juel:juel-impl:2.2.7
 - de.odysseus.juel:juel-spi:2.2.7
 - junit:junit:4.12
 - oro:oro:2.0.8
 - apache-xerces:xercesImpl:2.9.1

The following dependencies exceed the version found at the release revision 
level:
 - com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer 
[20160628.1 <- 1.1]

The following dependencies have later release versions:
 - org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
 - org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
 - org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
 - org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
 - org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
 - commons-cli:commons-cli [1.3.1 -> 1.4]
 - org.apache.commons:commons-csv [1.1 -> 1.5]
 - org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
 - commons-net:commons-net [3.3 -> 3.6]
 - commons-validator:commons-validator [1.5.1 -> 1.6]
 - com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 -> 
1.4.2]
 - com.google.zxing:core [3.2.1 -> 3.3.0]
 - org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
 - org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
 - org.apache.xmlgraphics:fop [2.1 -> 2.2]
 - org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
 - org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
 - org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
 - com.ibm.icu:icu4j [57.1 -> 59.1]
 - com.lowagie:itext [2.1.7 -> 4.2.2]
 - org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
 - com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
 - javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
 - javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
 - junit:junit-dep [4.10 -> 4.11]
 - com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
 - org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
 - org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
 - org.mockito:mockito-core [1.10.19 -> 2.9.0]
 - org.apache.poi:poi [3.14 -> 3.17-beta1]
 - org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
 - org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
 - org.apache.tika:tika-core [1.12 -> 1.16]
 - org.apache.tika:tika-parsers [1.12 -> 1.16]
 - org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
 - org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
 - org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
 - org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
 - wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
 - org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
 - org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
 - com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]

Failed to determine the latest version for the following dependencies (use 
--info for details):
 - com.sun.syndication:com.springsource.com.sun.syndication
 - org.apache.geronimo.specs:geronimo-jaxrpc_1.1_spec

Generated report file build/dependencyUpdates/report.txt
===

If there are no objections, I would try to update the dependencies to the 
latest release versions, which means I would skip the milestone versions for 
e.g. Tomcat here.

We can run this check from time to time to see if we have missed updates to the 
dependencies.

What do you think? Is this reasonable?

Thanks,
Michael

[1] https://github.c

[jira] [Commented] (OFBIZ-7473) Induce Model XML from Database throws exception

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-7473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16160287#comment-16160287
 ] 

Michael Brohl commented on OFBIZ-7473:
--

Additional information from [~allan.zarsuela] in OFBIZ-9582:



I installed the apache-ofbiz-16.11.03 version to know if it's the same with
what I downloaded in SVN that has error in Induce Model XML from Database.
And it is so.

Steps to duplicate Bug:
1. Download and install apache-ofbiz-16.11.03 version
2. Log in username and password respectively as admin ofbiz.
3. Accessing the link below I encountered the error message
below:

https://localhost:8443/webtools/control/view/ModelInduceFromDb

ERROR in error page, (infinite loop or error page not found with name
[/error/error.jsp]), but here is the text just in case it helps you:
java.lang.StackOverflowErrorERROR in error page, (infinite loop or error
page not found with name [/error/error.jsp]), but here is the text just in
case it helps you: java.lang.StackOverflowError

In the log in terminal, I can see below. I already tried to truncate this
table server_hit:

(Error while inserting:
[GenericEntity:ServerHit][contentId,webtools.view(java.lang.String)][createdStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][createdTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][hitStartDateTime,2017-08-10
16:01:33.785(java.sql.Timestamp)][hitTypeId,REQUEST(java.lang.String)][lastUpdatedStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][lastUpdatedTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][partyId,admin(java.lang.String)][referrerUrl,https://localhost:8443/webtools/control/main?externalLoginKey=ELe10a3e70-599f-468e-acaa-0eb6b6394a79(java.lang.String)][requestUrl,https://localhost:8443/webtools/control/view/ModelInduceFromDb(java.lang.String)][runningTimeMillis,16425(java.lang.Long)][serverHostName,kexpresstest-ThinkCentre-A58(java.lang.String)][serverIpAddress,127.0.1.1(java.lang.String)][userLoginId,admin(java.lang.String)][visitId,10901(java.lang.String)]
(SQL Exception while executing the following:INSERT INTO SERVER_HIT
(VISIT_ID, CONTENT_ID, HIT_START_DATE_TIME, HIT_TYPE_ID, NUM_OF_BYTES,
RUNNING_TIME_MILLIS, USER_LOGIN_ID, STATUS_ID, REQUEST_URL, REFERRER_URL,
SERVER_IP_ADDRESS, SERVER_HOST_NAME, LAST_UPDATED_STAMP,
LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP, INTERNAL_CONTENT_ID,
PARTY_ID, ID_BY_IP_CONTACT_MECH_ID, REF_BY_WEB_CONTACT_MECH_ID) VALUES (?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (Duplicate entry
'10901-webtools.view-2017-08-10 16:01:34-REQUEST' for key 'PRIMARY')))


> Induce Model XML from Database throws exception
> ---
>
> Key: OFBIZ-7473
> URL: https://issues.apache.org/jira/browse/OFBIZ-7473
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework/webtools
>Affects Versions: Trunk
>Reporter: Gopal Yadav
>Assignee: Jacques Le Roux
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-7473.patch
>
>
> Go to Webtools -> Import/Export -> Induce Model XML from Database 
> (https://localhost:8443/webtools/control/view/ModelInduceFromDb)
> An exception is thrown: javax.servlet.ServletException: File 
> [/entity/ModelInduceFromDb.jsp] not found.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Comment Edited] (OFBIZ-7473) Induce Model XML from Database throws exception

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-7473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16160287#comment-16160287
 ] 

Michael Brohl edited comment on OFBIZ-7473 at 9/10/17 10:19 AM:


Additional information from [~allan.zarsuela] in OFBIZ-9582:

Environment:

Ubuntu 16.04
Apache OFBiz Version 16.11.03
MySQL DB Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper
mysql-connector-java-5.1.37-bin.jar

I installed the apache-ofbiz-16.11.03 version to know if it's the same with
what I downloaded in SVN that has error in Induce Model XML from Database.
And it is so.

Steps to duplicate Bug:
1. Download and install apache-ofbiz-16.11.03 version
2. Log in username and password respectively as admin ofbiz.
3. Accessing the link below I encountered the error message
below:

https://localhost:8443/webtools/control/view/ModelInduceFromDb

ERROR in error page, (infinite loop or error page not found with name
[/error/error.jsp]), but here is the text just in case it helps you:
java.lang.StackOverflowErrorERROR in error page, (infinite loop or error
page not found with name [/error/error.jsp]), but here is the text just in
case it helps you: java.lang.StackOverflowError

In the log in terminal, I can see below. I already tried to truncate this
table server_hit:

(Error while inserting:
[GenericEntity:ServerHit][contentId,webtools.view(java.lang.String)][createdStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][createdTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][hitStartDateTime,2017-08-10
16:01:33.785(java.sql.Timestamp)][hitTypeId,REQUEST(java.lang.String)][lastUpdatedStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][lastUpdatedTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][partyId,admin(java.lang.String)][referrerUrl,https://localhost:8443/webtools/control/main?externalLoginKey=ELe10a3e70-599f-468e-acaa-0eb6b6394a79(java.lang.String)][requestUrl,https://localhost:8443/webtools/control/view/ModelInduceFromDb(java.lang.String)][runningTimeMillis,16425(java.lang.Long)][serverHostName,kexpresstest-ThinkCentre-A58(java.lang.String)][serverIpAddress,127.0.1.1(java.lang.String)][userLoginId,admin(java.lang.String)][visitId,10901(java.lang.String)]
(SQL Exception while executing the following:INSERT INTO SERVER_HIT
(VISIT_ID, CONTENT_ID, HIT_START_DATE_TIME, HIT_TYPE_ID, NUM_OF_BYTES,
RUNNING_TIME_MILLIS, USER_LOGIN_ID, STATUS_ID, REQUEST_URL, REFERRER_URL,
SERVER_IP_ADDRESS, SERVER_HOST_NAME, LAST_UPDATED_STAMP,
LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP, INTERNAL_CONTENT_ID,
PARTY_ID, ID_BY_IP_CONTACT_MECH_ID, REF_BY_WEB_CONTACT_MECH_ID) VALUES (?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (Duplicate entry
'10901-webtools.view-2017-08-10 16:01:34-REQUEST' for key 'PRIMARY')))



was (Author: mbrohl):
Additional information from [~allan.zarsuela] in OFBIZ-9582:



I installed the apache-ofbiz-16.11.03 version to know if it's the same with
what I downloaded in SVN that has error in Induce Model XML from Database.
And it is so.

Steps to duplicate Bug:
1. Download and install apache-ofbiz-16.11.03 version
2. Log in username and password respectively as admin ofbiz.
3. Accessing the link below I encountered the error message
below:

https://localhost:8443/webtools/control/view/ModelInduceFromDb

ERROR in error page, (infinite loop or error page not found with name
[/error/error.jsp]), but here is the text just in case it helps you:
java.lang.StackOverflowErrorERROR in error page, (infinite loop or error
page not found with name [/error/error.jsp]), but here is the text just in
case it helps you: java.lang.StackOverflowError

In the log in terminal, I can see below. I already tried to truncate this
table server_hit:

(Error while inserting:
[GenericEntity:ServerHit][contentId,webtools.view(java.lang.String)][createdStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][createdTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][hitStartDateTime,2017-08-10
16:01:33.785(java.sql.Timestamp)][hitTypeId,REQUEST(java.lang.String)][lastUpdatedStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][lastUpdatedTxStamp,2017-08-10
16:01:50.212(java.sql.Timestamp)][partyId,admin(java.lang.String)][referrerUrl,https://localhost:8443/webtools/control/main?externalLoginKey=ELe10a3e70-599f-468e-acaa-0eb6b6394a79(java.lang.String)][requestUrl,https://localhost:8443/webtools/control/view/ModelInduceFromDb(java.lang.String)][runningTimeMillis,16425(java.lang.Long)][serverHostName,kexpresstest-ThinkCentre-A58(java.lang.String)][serverIpAddress,127.0.1.1(java.lang.String)][userLoginId,admin(java.lang.String)][visitId,10901(java.lang.String)]
(SQL Exception while executing the following:INSERT INTO SERVER_HIT
(VISIT_ID, CONTENT_ID, HIT_START_DATE_TIME, HIT_TYPE_ID, NUM_OF_BYTES,
RUNNING_TIME_MILLIS, USER_LOGIN_ID, STATUS_ID, REQUEST_URL, REFERRER_URL,
SERVER_IP_ADDRESS, SERVER_HOST_NAM

[jira] [Closed] (OFBIZ-9582) Error on Accessing Induce Model XML from Database

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9582?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9582.

Resolution: Duplicate
  Assignee: Michael Brohl

Closing as duplicate. I have copied the additional informations from this 
ticket to OFBIZ-7473.

> Error on Accessing Induce Model XML from Database
> -
>
> Key: OFBIZ-9582
> URL: https://issues.apache.org/jira/browse/OFBIZ-9582
> Project: OFBiz
>  Issue Type: Bug
>  Components: datamodel
>Affects Versions: 16.11.03
> Environment: Ubuntu 16.04
> Apache OFBiz Version 16.11.03
> MySQL DB  Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using  EditLine wrapper
> mysql-connector-java-5.1.37-bin.jar
>Reporter: Allan Zarsuela
>Assignee: Michael Brohl
>  Labels: features
>
> I installed the apache-ofbiz-16.11.03  version to know if it's the same with
> what I downloaded in SVN that has error in Induce Model XML from Database.
> And it is so.
> Steps to duplicate Bug:
> 1. Download and install apache-ofbiz-16.11.03  version
> 2. Log in username and password respectively as admin ofbiz.
> 3. Accessing the link below I encountered the error message
> below:
> https://localhost:8443/webtools/control/view/ModelInduceFromDb
> ERROR in error page, (infinite loop or error page not found with name
> [/error/error.jsp]), but here is the text just in case it helps you:
> java.lang.StackOverflowErrorERROR in error page, (infinite loop or error
> page not found with name [/error/error.jsp]), but here is the text just in
> case it helps you: java.lang.StackOverflowError
> In the log in terminal, I can see below. I already tried to truncate this
> table server_hit:
>  (Error while inserting:
> [GenericEntity:ServerHit][contentId,webtools.view(java.lang.String)][createdStamp,2017-08-10
> 16:01:50.212(java.sql.Timestamp)][createdTxStamp,2017-08-10
> 16:01:50.212(java.sql.Timestamp)][hitStartDateTime,2017-08-10
> 16:01:33.785(java.sql.Timestamp)][hitTypeId,REQUEST(java.lang.String)][lastUpdatedStamp,2017-08-10
> 16:01:50.212(java.sql.Timestamp)][lastUpdatedTxStamp,2017-08-10
> 16:01:50.212(java.sql.Timestamp)][partyId,admin(java.lang.String)][referrerUrl,https://localhost:8443/webtools/control/main?externalLoginKey=ELe10a3e70-599f-468e-acaa-0eb6b6394a79(java.lang.String)][requestUrl,https://localhost:8443/webtools/control/view/ModelInduceFromDb(java.lang.String)][runningTimeMillis,16425(java.lang.Long)][serverHostName,kexpresstest-ThinkCentre-A58(java.lang.String)][serverIpAddress,127.0.1.1(java.lang.String)][userLoginId,admin(java.lang.String)][visitId,10901(java.lang.String)]
> (SQL Exception while executing the following:INSERT INTO SERVER_HIT
> (VISIT_ID, CONTENT_ID, HIT_START_DATE_TIME, HIT_TYPE_ID, NUM_OF_BYTES,
> RUNNING_TIME_MILLIS, USER_LOGIN_ID, STATUS_ID, REQUEST_URL, REFERRER_URL,
> SERVER_IP_ADDRESS, SERVER_HOST_NAME, LAST_UPDATED_STAMP,
> LAST_UPDATED_TX_STAMP, CREATED_STAMP, CREATED_TX_STAMP, INTERNAL_CONTENT_ID,
> PARTY_ID, ID_BY_IP_CONTACT_MECH_ID, REF_BY_WEB_CONTACT_MECH_ID) VALUES (?,
> ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) (Duplicate entry
> '10901-webtools.view-2017-08-10 16:01:34-REQUEST' for key 'PRIMARY')))



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9395) EmailServices.sendMailFromScreen improved to take multiple attachments with appropriate type along with several email fixes

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9395?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9395.

Resolution: Fixed

Fixed in r1810260.
Thanks for spotting the missing attributes, Jacques.

> EmailServices.sendMailFromScreen improved to take multiple attachments with 
> appropriate type along with several email fixes
> ---
>
> Key: OFBIZ-9395
> URL: https://issues.apache.org/jira/browse/OFBIZ-9395
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Martin Becker
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9395_emailAttachmentsImprovement.patch
>
>
> This patch fixes a number of issues combined in a patch because of the code 
> dependencies.
> Firstly it enables to add BCC adress(es) to service 
> OrderServices.sendOrderNotificationScreens to oversteer 
> ProductStoreEmailSetting of BCC the same was as for CC.
> Secondly a method UtilValidate.isEmailList(String) is added to check a comma 
> separated list of email addresses, used for example to check the String 
> passed to the new BCC field for an Order-Notification.
> Thirdly there are improvements in EmailServices.sendMailFromScreen. The 
> attachment type of MailAttachments is now not only .pdf but depends on the 
> specific file. This has not been the case before - the mime type was always 
> hard coded as .pdf. 
> The same goes for the bodyPart content-type which is now set to the passed 
> content type or the default text/html type. Before this was also always set 
> to text/html. Additionally, an attachment that has the mime-type text/plain 
> is not rendered with the fop-renderer anymore but with a simple 
> text-renderer. Therefore it is possible to send an CSV file as attachment now.
> The patch also refactors some catch-Blocks in the 
> EmailServices.sendMailFromScreen by using multi-catch since the exception 
> handling is always the same.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9594) Perfect of Ofbiz

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16193004#comment-16193004
 ] 

Michael Brohl commented on OFBIZ-9594:
--

Hi [~medjo],

can you please answer the questions and provide more informations for your 
issue. Else I will close this ticket as "Not a problem" in 7 days.

Thanks,
Michael

> Perfect of Ofbiz
> 
>
> Key: OFBIZ-9594
> URL: https://issues.apache.org/jira/browse/OFBIZ-9594
> Project: OFBiz
>  Issue Type: Bug
>  Components: ALL COMPONENTS
>Affects Versions: 16.11.03
> Environment: Hosting Environment: Web.config and database details 
> externalize the 
>Reporter: Roger Mbiama
>Assignee: Michael Brohl
>  Labels: features
>
> Log Rules for .NET 7.1.1
> Ofbiz Service configuration
> configuration and set-up tasks:
> Configure the Execution Service:
> You need to specify the deployment directory for the business object model 
> (BOM) and other DLLs needed to run the Execution Service, link the Execution 
> Service to the Persistence Service, and specify the required Windows 
> Management Instrumentation (WMI) settings.
> Create an Execution Service client application:
> You need an application to host the Execution Service client. Any application 
> can host an Execution Service client.
> Deploy the execution environment:
> The execution environment is a directory specified by the 
> ILOG.Rules.ExecutionServer.Execution.BaseDirectory property in the Execution 
> Service configuration file.
> Configure remote rule execution using Internet Information Services (IIS):
> You need only carry out this task if you want to use remote rule execution.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-8317) Update Apache POI to release 3.15

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-8317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16193047#comment-16193047
 ] 

Michael Brohl commented on OFBIZ-8317:
--

[~toashishvijay], [~pandeypranay],

any chance to help me out here?

> Update Apache POI to release 3.15
> -
>
> Key: OFBIZ-8317
> URL: https://issues.apache.org/jira/browse/OFBIZ-8317
> Project: OFBiz
>  Issue Type: Improvement
>  Components: product
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Minor
>
> According to the announcement in 
> https://lists.apache.org/thread.html/777608ec8efada4f441b67ff8327094d0db8be05204d9d073b6f2878@%3Cannounce.apache.org%3E
>  there is a new POI release available.
> This issue takes care of the update.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (OFBIZ-9813) Update to Tomcat 8.5.23

[Michael Brohl (JIRA)]

Michael Brohl created OFBIZ-9813:


 Summary: Update to Tomcat 8.5.23
 Key: OFBIZ-9813
 URL: https://issues.apache.org/jira/browse/OFBIZ-9813
 Project: OFBiz
  Issue Type: Improvement
  Components: framework
Affects Versions: Trunk
Reporter: Michael Brohl
Assignee: Michael Brohl


There is a new Tomcat version available which fixes a CVE:

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.23.

Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Containers technologies.

Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
features pulled forward from the 9.0.x branch. The notable changes since
8.5.20 include:

- Fix CVE-2017-12617

- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
  JARs to the work directory for improved performance when deploying
  packed WAR files.

- Additional capabilities for the CGI Servlet. Based on patches provided
  by jm009.

- Added support for the OpenSSL SSL_CONF API. To support this the
  minimum required Tomcat Native version is 1.2.14.


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.5-doc/changelog.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9813) Update to Tomcat 8.5.23

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9813.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811404.

> Update to Tomcat 8.5.23
> ---
>
> Key: OFBIZ-9813
> URL: https://issues.apache.org/jira/browse/OFBIZ-9813
> Project: OFBiz
>  Issue Type: Improvement
>  Components: framework
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9813_tomcat-update.8_5_23.patch
>
>
> There is a new Tomcat version available which fixes a CVE:
> The Apache Tomcat team announces the immediate availability of Apache
> Tomcat 8.5.23.
> Tomcat 8.x users should normally be using 8.5.x releases in preference
> to 8.0.x releases.
> Apache Tomcat 8 is an open source software implementation of the Java
> Servlet, JavaServer Pages, Java Unified Expression Language, Java
> WebSocket and Java Authentication Service Provider Interface for
> Containers technologies.
> Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
> features pulled forward from the 9.0.x branch. The notable changes since
> 8.5.20 include:
> - Fix CVE-2017-12617
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
>   JARs to the work directory for improved performance when deploying
>   packed WAR files.
> - Additional capabilities for the CGI Servlet. Based on patches provided
>   by jm009.
> - Added support for the OpenSSL SSL_CONF API. To support this the
>   minimum required Tomcat Native version is 1.2.14.
> Please refer to the change log for the complete list of changes:
> http://tomcat.apache.org/tomcat-8.5-doc/changelog.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9674) Update build.gradle to the latest dependencies

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195626#comment-16195626
 ] 

Michael Brohl commented on OFBIZ-9674:
--

Ok, there are no objections and a positive response from Jacques. We are going 
to implement this and provide a patch for the suggested upgrades soon.

> Update build.gradle to the latest dependencies
> --
>
> Key: OFBIZ-9674
> URL: https://issues.apache.org/jira/browse/OFBIZ-9674
> Project: OFBiz
>  Issue Type: Improvement
>  Components: ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
>Priority: Minor
>
> I wondered how up-to-date our project dependencies are and searched for an 
> efficient way how to check this. I found the gradle-versions-plugin [1] which 
> analyzes the dependencies and checks if there are newer versions available.
> I ran the check with 
> {code:java}
> ./gradlew dependencyUpdates -Drevision=release
> {code}
> and got the following result:
> 
> : Project Dependency Updates (report to plain text file)
> 
> The following dependencies are using the latest release version:
>  - net.sf.barcode4j:barcode4j:2.1
>  - net.sf.barcode4j:barcode4j-fop-ext:2.1
>  - org.codeartisans.thirdparties.swing:batik-all:1.8pre-r1084380
>  - org.apache.commons:commons-collections4:4.1
>  - com.googlecode.ez-vcard:ez-vcard:0.9.10
>  - org.apache.geronimo.specs:geronimo-jms_1.1_spec:1.1.1
>  - org.apache.geronimo.components:geronimo-transaction:3.1.4
>  - at.bxm.gradleplugins:gradle-svntools-plugin:2.2.1
>  - com.github.ben-manes:gradle-versions-plugin:0.15.0
>  - org.hamcrest:hamcrest-all:1.3
>  - net.fortuna.ical4j:ical4j:1.0-rc3-atlassian-11
>  - javax.el:javax.el-api:3.0.1-b04
>  - de.odysseus.juel:juel-impl:2.2.7
>  - de.odysseus.juel:juel-spi:2.2.7
>  - junit:junit:4.12
>  - oro:oro:2.0.8
>  - apache-xerces:xercesImpl:2.9.1
> The following dependencies exceed the version found at the release revision 
> level:
>  - com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer 
> [20160628.1 <- 1.1]
> The following dependencies have later release versions:
>  - org.apache.ant:ant-junit [1.9.0 -> 1.10.1]
>  - org.apache.ant:ant-junit [1.9.7 -> 1.10.1]
>  - org.apache.axis2:axis2-kernel [1.7.1 -> 1.7.6]
>  - org.apache.axis2:axis2-transport-http [1.7.1 -> 1.7.6]
>  - org.apache.axis2:axis2-transport-local [1.7.1 -> 1.7.6]
>  - commons-cli:commons-cli [1.3.1 -> 1.4]
>  - org.apache.commons:commons-csv [1.1 -> 1.5]
>  - org.apache.commons:commons-dbcp2 [2.1 -> 2.1.1]
>  - commons-net:commons-net [3.3 -> 3.6]
>  - commons-validator:commons-validator [1.5.1 -> 1.6]
>  - com.googlecode.concurrentlinkedhashmap:concurrentlinkedhashmap-lru [1.0 -> 
> 1.4.2]
>  - com.google.zxing:core [3.2.1 -> 3.3.0]
>  - org.apache.derby:derby [10.11.1.1 -> 10.13.1.1]
>  - org.owasp.esapi:esapi [2.1.0 -> 2.1.0.1]
>  - org.apache.xmlgraphics:fop [2.1 -> 2.2]
>  - org.freemarker:freemarker [2.3.25-incubating -> 2.3.26-incubating]
>  - org.codehaus.groovy:groovy-all [2.4.12 -> 2.5.0-beta-1]
>  - org.apache.httpcomponents:httpclient-cache [4.4.1 -> 4.5.3]
>  - com.ibm.icu:icu4j [57.1 -> 59.1]
>  - com.lowagie:itext [2.1.7 -> 4.2.2]
>  - org.zapodot:jackson-databind-java-optional [2.4.2 -> 2.6.1]
>  - com.sun.mail:javax.mail [1.5.1 -> 1.6.0]
>  - javax.servlet:javax.servlet-api [3.1.0 -> 4.0.0]
>  - javax.servlet.jsp:javax.servlet.jsp-api [2.3.0 -> 2.3.2-b02]
>  - junit:junit-dep [4.10 -> 4.11]
>  - com.googlecode.libphonenumber:libphonenumber [8.6.0 -> 8.8.0]
>  - org.apache.logging.log4j:log4j-1.2-api [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-api [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-core [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-jul [2.6.2 -> 2.9.0]
>  - org.apache.logging.log4j:log4j-slf4j-impl [2.6.2 -> 2.9.0]
>  - org.mockito:mockito-core [1.10.19 -> 2.9.0]
>  - org.apache.poi:poi [3.14 -> 3.17-beta1]
>  - org.apache.shiro:shiro-core [1.3.0 -> 1.4.0]
>  - org.springframework:spring-test [4.2.3.RELEASE -> 4.3.10.RELEASE]
>  - org.apache.tika:tika-core [1.12 -> 1.16]
>  - org.apache.tika:tika-parsers [1.12 -> 1.16]
>  - org.apache.tomcat:tomcat-catalina [8.5.16 -> 9.0.0.M26]
>  - org.apache.tomcat:tomcat-catalina-ha [8.5.16 -> 9.0.0.M25]
>  - org.apache.tomcat:tomcat-jasper [8.5.16 -> 9.0.0.M26]
>  - org.apache.tomcat:tomcat-tribes [8.5.16 -> 9.0.0.M25]
>  - wsdl4j:wsdl4j [1.6.2 -> 1.6.3]
>  - org.apache.xmlrpc:xmlrpc-client [3.1.2 -> 3.1.3]
>  - org.apache.xmlrpc:xmlrpc-server [3.1.2 -> 3.1.3]
>  - com.thoughtworks.xstream:xstream [1.4.9 -> 1.4.10]
> Failed to determine the latest version for the following dependencies (use 
> --info for d

[jira] [Closed] (OFBIZ-9541) [FB] Package org.apache.ofbiz.accounting.invoice

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9541?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9541.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Karsten,

your patch is in trunk r1811405.

> [FB] Package org.apache.ofbiz.accounting.invoice
> 
>
> Key: OFBIZ-9541
> URL: https://issues.apache.org/jira/browse/OFBIZ-9541
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Karsten Tymann
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-number_FB_accounting_invoice.patch
>
>
> InvoiceServices.java:107, MS_SHOULD_BE_FINAL
> * MS: org.apache.ofbiz.accounting.invoice.InvoiceServices.module isn't final 
> but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> InvoiceServices.java:395, NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE
> * NP: Possible null pointer dereference of orderItem on branch that might be 
> infeasible in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoiceForOrder(DispatchContext,
>  Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs. Due to the fact 
> that this value had been previously tested for nullness, this is a definite 
> possibility.
> InvoiceServices.java:764, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoiceForOrder(DispatchContext,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> InvoiceServices.java:918, DLS_DEAD_LOCAL_STORE, Priorität: Normal
> * DLS: Dead store to billFromVendorInvoiceRoles in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:919, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to invoiceItems in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:960, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to quantity in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> InvoiceServices.java:1038, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createCommissionInvoices(DispatchContext,
>  Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> InvoiceServices.java:1154, DLS_DEAD_LOCAL_STORE
> * DLS: Dead store to invoicesCreated in 
> org.apache.ofbiz.accounting.invoice.InvoiceServices.createInvoicesFromShipment(DispatchContext,
>  Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subse

[jira] [Closed] (OFBIZ-9534) exception in service semaphore in wait mode and with multi thread calls

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9534?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9534.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Pierre,

your patch is in trunk r1811406.

> exception in service semaphore in wait mode and with multi thread calls
> ---
>
> Key: OFBIZ-9534
> URL: https://issues.apache.org/jira/browse/OFBIZ-9534
> Project: OFBiz
>  Issue Type: Bug
>  Components: framework
>Affects Versions: Trunk
>Reporter: Gaudin Pierre
>Assignee: Michael Brohl
> Fix For: Upcoming Release
>
> Attachments: semaphore.patch
>
>
> When service semaphore is use in wait mode with numerous simultaneous calls 
> (multi thread), it happens that the service semaphore raises an exception 
> when it tries to record in database the semaphore lock. This exception is 
> raised and stop the wait loop. The exception could be catched to continue the 
> waitloop.
> 
> this can be reproduced by creating a semaphore in wait mode with several 
> calls simultaneously with soapui



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (OFBIZ-9828) Check CCServicesTest class and fix broken tests

[Michael Brohl (JIRA)]

Michael Brohl created OFBIZ-9828:


 Summary: Check CCServicesTest class and fix broken tests
 Key: OFBIZ-9828
 URL: https://issues.apache.org/jira/browse/OFBIZ-9828
 Project: OFBiz
  Issue Type: Improvement
  Components: accounting
Affects Versions: Trunk
Reporter: Michael Brohl
Assignee: Michael Brohl
Priority: Minor


Derived from OFBIZ-9454:

"While trying to test the class I learned that CCServicesTest is actually never 
tested (not included in any test-suite). I wonder why this class is still in 
the OFBiz project if it is never used for testing. And after adding the class 
to a suite, the class failed 4 out of 6 tests. This, of course, is a topic for 
another ticket but is probably worth looking into. "



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9454) [FB] Package org.apache.ofbiz.accounting.thirdparty.clearcommerce

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9454?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9454.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Kyra,

your patch is in trunk r1811407.

> [FB] Package org.apache.ofbiz.accounting.thirdparty.clearcommerce
> -
>
> Key: OFBIZ-9454
> URL: https://issues.apache.org/jira/browse/OFBIZ-9454
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9454_accounting.thirdparty.clearcommerce.patch
>
>
> CCPaymentServices.java:78: 109: 144: 178: 235: 270, DM_BOOLEAN_CTOR
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccAuth(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccCredit(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccCapture(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccRelease(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccRefund(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.ccReAuth(DispatchContext,
>  Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> Creating new instances of java.lang.Boolean wastes memory, since Boolean 
> objects are immutable and there are only two useful values of this type.  Use 
> the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean 
> objects instead.
> CCPaymentServices.java:772, SBSC_USE_STRINGBUFFER_CONCATENATION
> * SBSC: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.appendPaymentMechNode(Element,
>  GenericValue, String, String) concatenates strings using + in a loop
> The method seems to be building a String using concatenation in a loop. In 
> each iteration, the String is converted to a StringBuffer/StringBuilder, 
> appended to, and converted back to a String. This can lead to a cost 
> quadratic in the number of iterations, as the growing string is recopied in 
> each iteration.
> Better performance can be obtained by using a StringBuffer (or StringBuilder 
> in Java 1.5) explicitly.
> CCPaymentServices.java:902, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCPaymentServices.sendRequest(Document,
>  String, Delegator): java.io.ByteArrayOutputStream.toString()
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behavior to vary between platforms. 
> Use an alternative API and specify a charset name or Charset object 
> explicitly.
> CCServicesTest.java:101: 131: 162: 209, DM_BOOLEAN_CTOR, Priorität: Normal
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCServicesTest.testAuth()
>  invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCServicesTest.testCredit()
>  invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCServicesTest.testPurchaseSubscription()
>  invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.clearcommerce.CCServicesTest.testCCReport()
>  invokes inefficient Boolean constructor; use Boolean.valueOf(...) instead
> Creating new instances of java.lang.Boolean wastes memory, since Boolean 
> objects are immutable and there are only two useful values of this type.  Use 
> the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean 
> objects instead.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9545) [FB] Package org.apache.ofbiz.accounting.thirdparty.sagepay

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9545:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.thirdparty.sagepay
> ---
>
> Key: OFBIZ-9545
> URL: https://issues.apache.org/jira/browse/OFBIZ-9545
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Karsten Tymann
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-number_FB_accounting_sagepay.patch
>
>
> SagePayPaymentServices.java:133, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of processAmount in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.buildCustomerBillingInfo(Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs.
> SagePayPaymentServices.java:159, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.ccAuth(DispatchContext,
>  Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> SagePayServices.java:64, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayServices.buildSagePayProperties(Map,
>  Delegator) makes inefficient use of keySet iterator instead of entrySet 
> iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> SagePayUtil.java:124, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of hostUrl in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHost(Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs.
> SagePayUtil.java:141, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse):
>  new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> SagePayUtil.java:141, OS_OPEN_STREAM
> * OS: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse)
>  may fail to close stream
> The method creates an IO stream object, does not assign it to any fields, 
> pass it to other methods that might close it, or return it, and does not 
> appear to close the stream on all paths out of the method.  This may result 
> in a file descriptor leak.  It is generally a good idea to use a finally 
> block to ensure that streams are closed.
> SagePayUtil.java:164, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHttpPost(String,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> While doing the changes some potential problems with the current behavior of 
> the SagePayPaymentAuthentication occurred which I will describe in the 
> following comment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9545) [FB] Package org.apache.ofbiz.accounting.thirdparty.sagepay

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195653#comment-16195653
 ] 

Michael Brohl commented on OFBIZ-9545:
--

Fellow developers,

is there someone who can help out and check if the patch is correct from a 
business/process perspective?
Thank you!

> [FB] Package org.apache.ofbiz.accounting.thirdparty.sagepay
> ---
>
> Key: OFBIZ-9545
> URL: https://issues.apache.org/jira/browse/OFBIZ-9545
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Karsten Tymann
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-number_FB_accounting_sagepay.patch
>
>
> SagePayPaymentServices.java:133, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of processAmount in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.buildCustomerBillingInfo(Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs.
> SagePayPaymentServices.java:159, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.ccAuth(DispatchContext,
>  Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> SagePayServices.java:64, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayServices.buildSagePayProperties(Map,
>  Delegator) makes inefficient use of keySet iterator instead of entrySet 
> iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> SagePayUtil.java:124, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of hostUrl in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHost(Map)
> There is a branch of statement that, if executed, guarantees that a null 
> value will be dereferenced, which would generate a NullPointerException when 
> the code is executed. Of course, the problem might be that the branch or 
> statement is infeasible and that the null pointer exception can't ever be 
> executed; deciding that is beyond the ability of FindBugs.
> SagePayUtil.java:141, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse):
>  new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> SagePayUtil.java:141, OS_OPEN_STREAM
> * OS: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse)
>  may fail to close stream
> The method creates an IO stream object, does not assign it to any fields, 
> pass it to other methods that might close it, or return it, and does not 
> appear to close the stream on all paths out of the method.  This may result 
> in a file descriptor leak.  It is generally a good idea to use a finally 
> block to ensure that streams are closed.
> SagePayUtil.java:164, WMI_WRONG_MAP_ITERATOR
> * WMI: 
> org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHttpPost(String,
>  Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved 
> from a keySet iterator. It is more efficient to use an iterator on the 
> entrySet of the map, to avoid the Map.get(key) lookup.
> While doing the changes some potential problems with the current behavior of 
> the SagePayPaymentAuthentication occurred which I will describe in the 
> following comment.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9573) [FB] Package org.apache.ofbiz.base.start

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9573:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.start
> 
>
> Key: OFBIZ-9573
> URL: https://issues.apache.org/jira/browse/OFBIZ-9573
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch
>
>
> - AdminClient.java:77, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
>  Config): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminClient.java:78, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
>  Config): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:84, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, 
> AtomicReference): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:85, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, 
> AtomicReference): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:109, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of String.substring(int), which is known to be 
> non-null in 
> org.apache.ofbiz.base.start.AdminServer.determineClientCommand(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - Classpath.java:104, NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
> NP: Possible null pointer dereference in 
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) due to return 
> value of called method
> The return value from a method is dereferenced without a null check, and the 
> return value of that method is one that should generally be checked for null. 
> This may lead to a NullPointerException when the code is executed.
> - Classpath.java:105, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - Config.java:154, SF_SWITCH_NO_DEFAULT
> SF: Switch statement found in 
> org.apache.ofbiz.base.start.Config.getDefaultLocale(Properties, String) where 
> default case is missing
> This method contains a switch statement where default case is missing. 
> Usually you need to provide a default case.
> Because the analysis only looks at the generated bytecode, this warning can 
> be incorrect triggered if the default case is at the end of the switch 
> statement and the switch statement doesn't contain break statements for other 
> cases.
> - Start.java:121, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.start.Start$ServerState.toString()
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result i

[jira] [Assigned] (OFBIZ-9453) [FB] Package org.apache.ofbiz.accounting.thirdparty.authorizedotnet

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9453?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9453:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.accounting.thirdparty.authorizedotnet
> ---
>
> Key: OFBIZ-9453
> URL: https://issues.apache.org/jira/browse/OFBIZ-9453
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: accounting
>Affects Versions: Trunk
>Reporter: Kyra Pritzel-Hentley
>Assignee: Michael Brohl
>Priority: Minor
>
> AIMPaymentServices.java:648: 679: 705: 732: 758, DM_BOOLEAN_CTOR
> * Dm: 
> org.apache.ofbiz.accounting.thirdparty.authorizedotnet.AIMPaymentServices.processAuthTransResult(Map,
>  Map, Map) invokes inefficient Boolean constructor; use Boolean.valueOf(...) 
> instead
> Creating new instances of java.lang.Boolean wastes memory, since Boolean 
> objects are immutable and there are only two useful values of this type.  Use 
> the Boolean.valueOf() method (or Java 1.5 autoboxing) to create Boolean 
> objects instead.
> AuthorizeResponse.java:131, DMI_INVOKING_TOSTRING_ON_ARRAY
> * USELESS_STRING: Invocation of toString on AuthorizeResponse.response in 
> org.apache.ofbiz.accounting.thirdparty.authorizedotnet.AuthorizeResponse.toString()
> The code invokes toString on an array, which will generate a fairly useless 
> result such as [C@16f0472. Consider using Arrays.toString to convert the 
> array into a readable String that gives the contents of the array. See 
> Programming Puzzlers, chapter 3, puzzle 12.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9573) [FB] Package org.apache.ofbiz.base.start

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9573?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9573.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811413.

> [FB] Package org.apache.ofbiz.base.start
> 
>
> Key: OFBIZ-9573
> URL: https://issues.apache.org/jira/browse/OFBIZ-9573
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9573_org.apache.ofbiz.base.start_bugfixes.patch
>
>
> - AdminClient.java:77, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
>  Config): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminClient.java:78, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminClient.sendSocketCommand(AdminServer$OfbizSocketCommand,
>  Config): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:84, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, 
> AtomicReference): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:85, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.base.start.AdminServer.processClientRequest(Socket, List, 
> AtomicReference): new java.io.PrintWriter(OutputStream, boolean)
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - AdminServer.java:109, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of String.substring(int), which is known to be 
> non-null in 
> org.apache.ofbiz.base.start.AdminServer.determineClientCommand(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - Classpath.java:104, NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
> NP: Possible null pointer dereference in 
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File) due to return 
> value of called method
> The return value from a method is dereferenced without a null check, and the 
> return value of that method is one that should generally be checked for null. 
> This may lead to a NullPointerException when the code is executed.
> - Classpath.java:105, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.start.Classpath.addFilesFromPath(File)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - Config.java:154, SF_SWITCH_NO_DEFAULT
> SF: Switch statement found in 
> org.apache.ofbiz.base.start.Config.getDefaultLocale(Properties, String) where 
> default case is missing
> This method contains a switch statement where default case is missing. 
> Usually you need to provide a default case.
> Because the analysis only looks at the generated bytecode, this warning can 
> be incorrect triggered if the default case is at the end of the switch 
> statement and the switch statement doesn't contain break statements for other 
> cases.
> - Start.java:121, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.start.Start$ServerState.t

[jira] [Assigned] (OFBIZ-9576) [FB] Package org.apache.ofbiz.base.util.cache.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9576:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.util.cache.test
> --
>
> Key: OFBIZ-9576
> URL: https://issues.apache.org/jira/browse/OFBIZ-9576
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9576_org.apache.ofbiz.base.util.cache.test_bugfixes.patch
>
>
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Addition is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Addition.newValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Removal is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Removal.oldValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update.newValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update.oldValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:39, SE_NO_SUITABLE_CONSTRUCTOR
> Se: org.apache.ofbiz.base.util.cache.test.UtilCacheTests is Serializable but 
> its superclass doesn't define an accessible void constructor
> This class implements the Serializable interface and its superclass does not. 
> When such an object is deserialized, the fields of the superclass need to be 
> initialized by invoking the void constructor of the superclass. Since the 
> superclass does not have one, serialization and deserialization will fail at 
> runtime.
> - UtilCacheTests.java:39, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.cache.test.UtilCacheTests is Serializable; 
> consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - UtilCacheTests.java:148, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Listener defines 
> equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM).  Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrar

[jira] [Assigned] (OFBIZ-9574) [FB] Package org.apache.ofbiz.base.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9574:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.test
> ---
>
> Key: OFBIZ-9574
> URL: https://issues.apache.org/jira/browse/OFBIZ-9574
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9574_org.apache.ofbiz.base.test_bugfixes.patch
>
>
> - GenericTestCaseBase.java:47, UC_USELESS_OBJECT
> Useless object created
> Our analysis shows that this object is useless. It's created and modified, 
> but its value never go outside of the method or produce any side-effect. 
> Either there is a mistake and object was intended to be used or it can be 
> removed.
> This analysis rarely produces false-positives. Common false-positive cases 
> include:
> - This object used to implicitly throw some obscure exception.
> - This object used as a stub to generalize the code.
> - This object used to hold strong references to weak/soft-referenced objects.
> - GenericTestCaseBase.java:99, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertNotEquals(String, 
> Object, Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:99, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertNotEquals(String, 
> Object, Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:327, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertEquals(String, Object, 
> Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:334, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertEquals(String, Object, 
> Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9575) [FB] Package org.apache.ofbiz.base.util.cache

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9575:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.util.cache
> -
>
> Key: OFBIZ-9575
> URL: https://issues.apache.org/jira/browse/OFBIZ-9575
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9575_org.apache.ofbiz.base.util.cache_bugfixes.patch
>
>
> - CacheSoftReference.java:29, SE_NO_SUITABLE_CONSTRUCTOR
> Se: org.apache.ofbiz.base.util.cache.CacheSoftReference is Serializable but 
> its superclass doesn't define an accessible void constructor
> This class implements the Serializable interface and its superclass does not. 
> When such an object is deserialized, the fields of the superclass need to be 
> initialized by invoking the void constructor of the superclass. Since the 
> superclass does not have one, serialization and deserialization will fail at 
> runtime.
> - CacheSoftReference.java:45, FI_PUBLIC_SHOULD_BE_PROTECTED
> FI: org.apache.ofbiz.base.util.cache.CacheSoftReference.finalize() is public; 
> should be protected
> A class's finalize() method should have protected access, not public.
> - UtilCache.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.base.util.cache.UtilCache defines non-transient 
> non-serializable instance field memoryTable
> This Serializable class defines a non-primitive instance field which is 
> neither transient, Serializable, or java.lang.Object, and does not appear to 
> implement the Externalizable interface or the readObject() and writeObject() 
> methods.  Objects of this class will not be deserialized correctly if a 
> non-Serializable object is stored in this field.
> - UtilCache.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.base.util.cache.UtilCache defines non-transient 
> non-serializable instance field listeners
> This Serializable class defines a non-primitive instance field which is 
> neither transient, Serializable, or java.lang.Object, and does not appear to 
> implement the Externalizable interface or the readObject() and writeObject() 
> methods.  Objects of this class will not be deserialized correctly if a 
> non-Serializable object is stored in this field.
> - UtilCache.java:63, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.cache.UtilCache is Serializable; consider 
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - UtilCache.java:160, DMI_INVOKING_TOSTRING_ON_ARRAY
> USELESS_STRING: Invocation of toString on propNames in 
> org.apache.ofbiz.base.util.cache.UtilCache.getPropertyParam(ResourceBundle, 
> String[], String)
> The code invokes toString on an array, which will generate a fairly useless 
> result such as [C@16f0472. Consider using Arrays.toString to convert the 
> array into a readable String that gives the contents of the array. See 
> Programming Puzzlers, chapter 3, puzzle 12.
> - UtilCache.java:387, NP_NULL_ON_SOME_PATH_EXCEPTION
> NP: Possible null pointer dereference of o in 
> org.apache.ofbiz.base.util.cache.UtilCache.findSizeInBytes(Object) on 
> exception path
> A reference value which is null on some exception control path is 
> dereferenced here.  This may lead to a NullPointerException when the code is 
> executed.  Note that because FindBugs currently does not prune infeasible 
> exception paths, this may be a false warning.
> Also note that FindBugs considers the default case of a switch statement to 
> be an exception path, since the default case is often infeasible.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9574) [FB] Package org.apache.ofbiz.base.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9574?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9574.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811414.

> [FB] Package org.apache.ofbiz.base.test
> ---
>
> Key: OFBIZ-9574
> URL: https://issues.apache.org/jira/browse/OFBIZ-9574
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9574_org.apache.ofbiz.base.test_bugfixes.patch
>
>
> - GenericTestCaseBase.java:47, UC_USELESS_OBJECT
> Useless object created
> Our analysis shows that this object is useless. It's created and modified, 
> but its value never go outside of the method or produce any side-effect. 
> Either there is a mistake and object was intended to be used or it can be 
> removed.
> This analysis rarely produces false-positives. Common false-positive cases 
> include:
> - This object used to implicitly throw some obscure exception.
> - This object used as a stub to generalize the code.
> - This object used to hold strong references to weak/soft-referenced objects.
> - GenericTestCaseBase.java:99, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertNotEquals(String, 
> Object, Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:99, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertNotEquals(String, 
> Object, Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:327, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertEquals(String, Object, 
> Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - GenericTestCaseBase.java:334, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.test.GenericTestCaseBase.assertEquals(String, Object, 
> Object)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9575) [FB] Package org.apache.ofbiz.base.util.cache

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9575.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811415. 

> [FB] Package org.apache.ofbiz.base.util.cache
> -
>
> Key: OFBIZ-9575
> URL: https://issues.apache.org/jira/browse/OFBIZ-9575
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9575_org.apache.ofbiz.base.util.cache_bugfixes.patch
>
>
> - CacheSoftReference.java:29, SE_NO_SUITABLE_CONSTRUCTOR
> Se: org.apache.ofbiz.base.util.cache.CacheSoftReference is Serializable but 
> its superclass doesn't define an accessible void constructor
> This class implements the Serializable interface and its superclass does not. 
> When such an object is deserialized, the fields of the superclass need to be 
> initialized by invoking the void constructor of the superclass. Since the 
> superclass does not have one, serialization and deserialization will fail at 
> runtime.
> - CacheSoftReference.java:45, FI_PUBLIC_SHOULD_BE_PROTECTED
> FI: org.apache.ofbiz.base.util.cache.CacheSoftReference.finalize() is public; 
> should be protected
> A class's finalize() method should have protected access, not public.
> - UtilCache.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.base.util.cache.UtilCache defines non-transient 
> non-serializable instance field memoryTable
> This Serializable class defines a non-primitive instance field which is 
> neither transient, Serializable, or java.lang.Object, and does not appear to 
> implement the Externalizable interface or the readObject() and writeObject() 
> methods.  Objects of this class will not be deserialized correctly if a 
> non-Serializable object is stored in this field.
> - UtilCache.java:-1, SE_BAD_FIELD
> Se: Class org.apache.ofbiz.base.util.cache.UtilCache defines non-transient 
> non-serializable instance field listeners
> This Serializable class defines a non-primitive instance field which is 
> neither transient, Serializable, or java.lang.Object, and does not appear to 
> implement the Externalizable interface or the readObject() and writeObject() 
> methods.  Objects of this class will not be deserialized correctly if a 
> non-Serializable object is stored in this field.
> - UtilCache.java:63, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.cache.UtilCache is Serializable; consider 
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - UtilCache.java:160, DMI_INVOKING_TOSTRING_ON_ARRAY
> USELESS_STRING: Invocation of toString on propNames in 
> org.apache.ofbiz.base.util.cache.UtilCache.getPropertyParam(ResourceBundle, 
> String[], String)
> The code invokes toString on an array, which will generate a fairly useless 
> result such as [C@16f0472. Consider using Arrays.toString to convert the 
> array into a readable String that gives the contents of the array. See 
> Programming Puzzlers, chapter 3, puzzle 12.
> - UtilCache.java:387, NP_NULL_ON_SOME_PATH_EXCEPTION
> NP: Possible null pointer dereference of o in 
> org.apache.ofbiz.base.util.cache.UtilCache.findSizeInBytes(Object) on 
> exception path
> A reference value which is null on some exception control path is 
> dereferenced here.  This may lead to a NullPointerException when the code is 
> executed.  Note that because FindBugs currently does not prune infeasible 
> exception paths, this may be a false warning.
> Also note that FindBugs considers the default case of a switch statement to 
> be an exception path, since the default case is often infeasible.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9627) [FB] Package org.apache.ofbiz.common.authentication

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9627:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.authentication
> ---
>
> Key: OFBIZ-9627
> URL: https://issues.apache.org/jira/browse/OFBIZ-9627
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9627_org.apache.ofbiz.common.authentification_bugfixes.patch
>
>
> - AuthenticationComparator.java:31, SE_COMPARATOR_SHOULD_BE_SERIALIZABLE
> Se: org.apache.ofbiz.common.authentication.AuthenticationComparator 
> implements Comparator but not Serializable
> This class implements the Comparator interface. You should consider whether 
> or not it should also implement the Serializable interface. If a comparator 
> is used to construct an ordered collection such as a TreeMap, then the 
> TreeMap will be serializable only if the comparator is also serializable. As 
> most comparators have little or no state, making them serializable is 
> generally easy and good defensive programming.
> - AuthenticationComparator.java:70, CO_COMPARETO_INCORRECT_FLOATING
> compareTo()/compare() incorrectly handles float or double value
> This method compares double or float values using pattern like this: val1 > 
> val2 ? 1 : val1 < val2 ? -1 : 0. This pattern works incorrectly for -0.0 and 
> NaN values which may result in incorrect sorting result or broken collection 
> (if compared values are used as keys). Consider using Double.compare or 
> Float.compare static methods which handle all the special cases correctly.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9589) [FB] Package org.apache.ofbiz.base.util.string.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9589:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.util.string.test
> ---
>
> Key: OFBIZ-9589
> URL: https://issues.apache.org/jira/browse/OFBIZ-9589
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9589_org.apache.ofbiz.base.util.string.test_bugfixes.patch, 
> OFBIZ-9589_org.apache.ofbiz.base.util.string.test_bugfixes.patch
>
>
> FlexibleStringExpanderTests.java:196, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests.fseTest(String,
>  String, Map, TimeZone, Locale, String, Object, boolean)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - FlexibleStringExpanderTests.java:209, NM_METHOD_NAMING_CONVENTION
> Nm: The method name 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests.StaticReturnNull()
>  doesn't start with a lower case letter
> Methods should be verbs, in mixed case with the first letter lowercase, with 
> the first letter of each internal word capitalized.
> - FlexibleStringExpanderTests.java:226, NM_CLASS_NOT_EXCEPTION
> Nm: Class 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests$ThrowException
>  is not derived from an Exception, even though it is named as such
> This class is not derived from another exception, but ends with 'Exception'. 
> This will be confusing to users of this class.
> - FlexibleStringExpanderTests.java:251, SE_NO_SERIALVERSIONID
> SnVI: 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests$SpecialNumber
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9590) [FB] Package org.apache.ofbiz.base.util.collections

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9590:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.util.collections
> ---
>
> Key: OFBIZ-9590
> URL: https://issues.apache.org/jira/browse/OFBIZ-9590
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9590_org.apache.ofbiz.base.util.collections_bugfixes.patch
>
>
> FlexibleMapAccessor.java:44, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleMapAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:47, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleServletAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:181, 
> EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS
> Eq: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor.equals(Object) 
> checks for operand being a String
> This equals method is checking to see if the argument is some incompatible 
> type (i.e., a class that is neither a supertype nor subtype of the class that 
> defines the equals method). For example, the Foo class might have an equals 
> method that looks like:
> public boolean equals(Object o) {
> if (o instanceof Foo)
> return name.equals(((Foo)o).name);
> else if (o instanceof String)
> return name.equals(o);
> else return false;
> This is considered bad practice, as it makes it very hard to implement an 
> equals method that is symmetric and transitive. Without those properties, 
> very unexpected behavoirs are possible.
> - FlexibleServletAccessor.java:208, SE_NO_SERIALVERSIONID
> SnVI: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor$AttributeAccessor
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - GenericMap.java:68, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.base.util.collections.GenericMap defines equals and uses 
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM). Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> return 42; // any arbitrary constant will do
> }
> - GenericMapValues.java:45, EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS

[jira] [Assigned] (OFBIZ-9626) [FB] Package org.apache.ofbiz.cmssite.multisite

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9626?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9626:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.cmssite.multisite
> ---
>
> Key: OFBIZ-9626
> URL: https://issues.apache.org/jira/browse/OFBIZ-9626
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: cmssite
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9629_org.apache.ofbiz.cmssite.multisite_bugfixes.patch
>
>
> - MultiSiteRequestWrapper.java:140, NM_CONFUSING
> Nm: Confusing to have methods 
> org.apache.ofbiz.cmssite.multisite.MultiSiteRequestWrapper.getRequestURI() 
> and 
> org.apache.ofbiz.webtools.artifactinfo.ControllerRequestArtifactInfo.getRequestUri()
> The referenced methods have names that differ only by capitalization.
> - WebSiteFilter.java:68, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to 
> javax.servlet.http.HttpServletRequest in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be 
> cast to the type it is being cast to. Check that your program logic ensures 
> that this cast will not fail.
> - WebSiteFilter.java:69, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletResponse to 
> javax.servlet.http.HttpServletResponse in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be 
> cast to the type it is being cast to. Check that your program logic ensures 
> that this cast will not fail.
> - WebSiteFilter.java:83, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - WebSiteFilter.java:83, RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
> RCN: Redundant nullcheck of webSite which is known to be null in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This method contains a redundant check of a known null value against the 
> constant null.
> - WebSiteFilter.java:161, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.entity.Delegator into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.
> - WebSiteFilter.java:162, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.service.LocalDispatcher into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.
> - WebSiteFilter.java:163, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.security.Security into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9630) [FB] Package org.apache.ofbiz.common.login

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9630:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.login
> --
>
> Key: OFBIZ-9630
> URL: https://issues.apache.org/jira/browse/OFBIZ-9630
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9630_org.apache.ofbiz.common.login_bugfixes.patch
>
>
> - LoginServices.java:118, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.userLogin(DispatchContext, Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:161, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to loginDisableMinutes in 
> org.apache.ofbiz.common.login.LoginServices.userLogin(DispatchContext, Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> - LoginServices.java:569, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to resultMap in 
> org.apache.ofbiz.common.login.LoginServices.createUserLogin(DispatchContext, 
> Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> - LoginServices.java:661, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.common.login.LoginServices.updatePassword(DispatchContext, 
> Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - LoginServices.java:671, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.updatePassword(DispatchContext, 
> Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:733, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.updateUserLoginId(DispatchContext,
>  Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:906, RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> RCN: Nullcheck of userLogin at line 915 of value previously dereferenced in 
> org.apache.ofbiz.common.login.LoginServices.checkNewPassword(GenericValue, 
> String, String, String, String, List, boolean, Locale)
> A value is checked here to see whether it is null, but this value can't be 
> null because it was previously dereferenced and if it were null a null 
> pointer exception would have occurred at the earlier dereference. 
> Essentially, this code and the previous dereference disagree as to whether 
> this value is allowed to be null. Either the check is redundant or the 
> previous dereference is erroneous.
> - LoginServices.java:915, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of currentPassword, which is known to be non-null in 
> org.apache.ofbiz.common.login.LoginServices.checkNewPassword(GenericValue, 
> String, String, String, String, List, boolean, Locale)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - LoginServices.java:988, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to messageMap in 
> org.apache.ofbiz.common.lo

[jira] [Assigned] (OFBIZ-9629) [FB] Package org.apache.ofbiz.common.image

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9629:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.image
> --
>
> Key: OFBIZ-9629
> URL: https://issues.apache.org/jira/browse/OFBIZ-9629
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9629_org.apache.ofbiz.common.image_bugfixes.patch
>
>
> - ImageTransform.java:119, DM_STRING_TOSTRING
> Dm: org.apache.ofbiz.common.image.ImageTransform.scaleImage(BufferedImage, 
> double, double, Map, String, Locale) invokes toString() method on a String
> Calling String.toString() is just a redundant operation. Just use the String.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9628) [FB] Package org.apache.ofbiz.common.email

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9628:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.email
> --
>
> Key: OFBIZ-9628
> URL: https://issues.apache.org/jira/browse/OFBIZ-9628
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-No_org.apache.ofbiz.common.email_bugfixes.patch
>
>
> - EmailServices.java:547, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.email.EmailServices.sendMailFromScreen(DispatchContext,
>  Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - EmailServices.java:592, BX_UNBOXING_IMMEDIATELY_REBOXED
> Bx: Boxed value is unboxed and then immediately reboxed in 
> org.apache.ofbiz.common.email.EmailServices.sendMailFromScreen(DispatchContext,
>  Map)
> A boxed value is unboxed and then immediately reboxed.
> - EmailServices.java:662, UC_USELESS_OBJECT
> Useless object created
> Our analysis shows that this object is useless. It's created and modified, 
> but its value never go outside of the method or produce any side-effect. 
> Either there is a mistake and object was intended to be used or it can be 
> removed.
> This analysis rarely produces false-positives. Common false-positive cases 
> include:
> - This object used to implicitly throw some obscure exception.
> - This object used as a stub to generalize the code.
> - This object used to hold strong references to weak/soft-referenced objects.
> - EmailServices.java:715, EI_EXPOSE_REP2
> EI2: new 
> org.apache.ofbiz.common.email.EmailServices$ByteArrayDataSource(byte[], 
> String) may expose internal representation by storing an externally mutable 
> object into EmailServices$ByteArrayDataSource.contentArray
> This code stores a reference to an externally mutable object into the 
> internal representation of the object.  If instances are accessed by 
> untrusted code, and unchecked changes to the mutable object would compromise 
> security or other important properties, you will need to do something 
> different. Storing a copy of the object is better approach in many situations.
> - NotificationServices.java:270, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.email.NotificationServices.setBaseUrl(Delegator, 
> String, Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9589) [FB] Package org.apache.ofbiz.base.util.string.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9589.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811418. 

> [FB] Package org.apache.ofbiz.base.util.string.test
> ---
>
> Key: OFBIZ-9589
> URL: https://issues.apache.org/jira/browse/OFBIZ-9589
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9589_org.apache.ofbiz.base.util.string.test_bugfixes.patch, 
> OFBIZ-9589_org.apache.ofbiz.base.util.string.test_bugfixes.patch
>
>
> FlexibleStringExpanderTests.java:196, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests.fseTest(String,
>  String, Map, TimeZone, Locale, String, Object, boolean)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - FlexibleStringExpanderTests.java:209, NM_METHOD_NAMING_CONVENTION
> Nm: The method name 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests.StaticReturnNull()
>  doesn't start with a lower case letter
> Methods should be verbs, in mixed case with the first letter lowercase, with 
> the first letter of each internal word capitalized.
> - FlexibleStringExpanderTests.java:226, NM_CLASS_NOT_EXCEPTION
> Nm: Class 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests$ThrowException
>  is not derived from an Exception, even though it is named as such
> This class is not derived from another exception, but ends with 'Exception'. 
> This will be confusing to users of this class.
> - FlexibleStringExpanderTests.java:251, SE_NO_SERIALVERSIONID
> SnVI: 
> org.apache.ofbiz.base.util.string.test.FlexibleStringExpanderTests$SpecialNumber
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9576) [FB] Package org.apache.ofbiz.base.util.cache.test

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9576?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9576.


> [FB] Package org.apache.ofbiz.base.util.cache.test
> --
>
> Key: OFBIZ-9576
> URL: https://issues.apache.org/jira/browse/OFBIZ-9576
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9576_org.apache.ofbiz.base.util.cache.test_bugfixes.patch
>
>
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Addition is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Addition.newValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Removal is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Removal.oldValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update.newValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update is 
> final but declares protected field 
> org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Update.oldValue
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - UtilCacheTests.java:39, SE_NO_SUITABLE_CONSTRUCTOR
> Se: org.apache.ofbiz.base.util.cache.test.UtilCacheTests is Serializable but 
> its superclass doesn't define an accessible void constructor
> This class implements the Serializable interface and its superclass does not. 
> When such an object is deserialized, the fields of the superclass need to be 
> initialized by invoking the void constructor of the superclass. Since the 
> superclass does not have one, serialization and deserialization will fail at 
> runtime.
> - UtilCacheTests.java:39, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.cache.test.UtilCacheTests is Serializable; 
> consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - UtilCacheTests.java:148, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.base.util.cache.test.UtilCacheTests$Listener defines 
> equals and uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM).  Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arb

[jira] [Commented] (OFBIZ-9590) [FB] Package org.apache.ofbiz.base.util.collections

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195693#comment-16195693
 ] 

Michael Brohl commented on OFBIZ-9590:
--

Hi Dennis,

after applying this patch, the tests are failing with the newest trunk 
revision. Can you please check?

Thanks and regards,
Michael

> [FB] Package org.apache.ofbiz.base.util.collections
> ---
>
> Key: OFBIZ-9590
> URL: https://issues.apache.org/jira/browse/OFBIZ-9590
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9590_org.apache.ofbiz.base.util.collections_bugfixes.patch
>
>
> FlexibleMapAccessor.java:44, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleMapAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:47, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleServletAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:181, 
> EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS
> Eq: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor.equals(Object) 
> checks for operand being a String
> This equals method is checking to see if the argument is some incompatible 
> type (i.e., a class that is neither a supertype nor subtype of the class that 
> defines the equals method). For example, the Foo class might have an equals 
> method that looks like:
> public boolean equals(Object o) {
> if (o instanceof Foo)
> return name.equals(((Foo)o).name);
> else if (o instanceof String)
> return name.equals(o);
> else return false;
> This is considered bad practice, as it makes it very hard to implement an 
> equals method that is symmetric and transitive. Without those properties, 
> very unexpected behavoirs are possible.
> - FlexibleServletAccessor.java:208, SE_NO_SERIALVERSIONID
> SnVI: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor$AttributeAccessor
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - GenericMap.java:68, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.base.util.collections.GenericMap defines equals and uses 
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM). Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {

[jira] [Commented] (OFBIZ-9626) [FB] Package org.apache.ofbiz.cmssite.multisite

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9626?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195695#comment-16195695
 ] 

Michael Brohl commented on OFBIZ-9626:
--

Hi Dennis,

this patch does not work. It seems to be derived from a framework repository 
with the plugins integrated under /plugins.
Please provide a patch for the plain plugins repository, thanks!

Regards,
Michael

> [FB] Package org.apache.ofbiz.cmssite.multisite
> ---
>
> Key: OFBIZ-9626
> URL: https://issues.apache.org/jira/browse/OFBIZ-9626
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: cmssite
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9629_org.apache.ofbiz.cmssite.multisite_bugfixes.patch
>
>
> - MultiSiteRequestWrapper.java:140, NM_CONFUSING
> Nm: Confusing to have methods 
> org.apache.ofbiz.cmssite.multisite.MultiSiteRequestWrapper.getRequestURI() 
> and 
> org.apache.ofbiz.webtools.artifactinfo.ControllerRequestArtifactInfo.getRequestUri()
> The referenced methods have names that differ only by capitalization.
> - WebSiteFilter.java:68, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletRequest to 
> javax.servlet.http.HttpServletRequest in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be 
> cast to the type it is being cast to. Check that your program logic ensures 
> that this cast will not fail.
> - WebSiteFilter.java:69, BC_UNCONFIRMED_CAST
> BC: Unchecked/unconfirmed cast from javax.servlet.ServletResponse to 
> javax.servlet.http.HttpServletResponse in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This cast is unchecked, and not all instances of the type casted from can be 
> cast to the type it is being cast to. Check that your program logic ensures 
> that this cast will not fail.
> - WebSiteFilter.java:83, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - WebSiteFilter.java:83, RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE
> RCN: Redundant nullcheck of webSite which is known to be null in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.doFilter(ServletRequest, 
> ServletResponse, FilterChain)
> This method contains a redundant check of a known null value against the 
> constant null.
> - WebSiteFilter.java:161, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.entity.Delegator into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.
> - WebSiteFilter.java:162, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.service.LocalDispatcher into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.
> - WebSiteFilter.java:163, J2EE_STORE_OF_NON_SERIALIZABLE_OBJECT_INTO_SESSION
> J2EE: Store of non serializable org.apache.ofbiz.security.Security into 
> HttpSession in 
> org.apache.ofbiz.cmssite.multisite.WebSiteFilter.setWebContextObjects(HttpServletRequest,
>  HttpServletResponse, Delegator, LocalDispatcher)
> This code seems to be storing a non-serializable object into an HttpSession. 
> If this session is passivated or migrated, an error will result.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9627) [FB] Package org.apache.ofbiz.common.authentication

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9627.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811421. 

> [FB] Package org.apache.ofbiz.common.authentication
> ---
>
> Key: OFBIZ-9627
> URL: https://issues.apache.org/jira/browse/OFBIZ-9627
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9627_org.apache.ofbiz.common.authentification_bugfixes.patch
>
>
> - AuthenticationComparator.java:31, SE_COMPARATOR_SHOULD_BE_SERIALIZABLE
> Se: org.apache.ofbiz.common.authentication.AuthenticationComparator 
> implements Comparator but not Serializable
> This class implements the Comparator interface. You should consider whether 
> or not it should also implement the Serializable interface. If a comparator 
> is used to construct an ordered collection such as a TreeMap, then the 
> TreeMap will be serializable only if the comparator is also serializable. As 
> most comparators have little or no state, making them serializable is 
> generally easy and good defensive programming.
> - AuthenticationComparator.java:70, CO_COMPARETO_INCORRECT_FLOATING
> compareTo()/compare() incorrectly handles float or double value
> This method compares double or float values using pattern like this: val1 > 
> val2 ? 1 : val1 < val2 ? -1 : 0. This pattern works incorrectly for -0.0 and 
> NaN values which may result in incorrect sorting result or broken collection 
> (if compared values are used as keys). Consider using Double.compare or 
> Float.compare static methods which handle all the special cases correctly.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9628) [FB] Package org.apache.ofbiz.common.email

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9628?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9628.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811422. 

> [FB] Package org.apache.ofbiz.common.email
> --
>
> Key: OFBIZ-9628
> URL: https://issues.apache.org/jira/browse/OFBIZ-9628
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-No_org.apache.ofbiz.common.email_bugfixes.patch
>
>
> - EmailServices.java:547, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.email.EmailServices.sendMailFromScreen(DispatchContext,
>  Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - EmailServices.java:592, BX_UNBOXING_IMMEDIATELY_REBOXED
> Bx: Boxed value is unboxed and then immediately reboxed in 
> org.apache.ofbiz.common.email.EmailServices.sendMailFromScreen(DispatchContext,
>  Map)
> A boxed value is unboxed and then immediately reboxed.
> - EmailServices.java:662, UC_USELESS_OBJECT
> Useless object created
> Our analysis shows that this object is useless. It's created and modified, 
> but its value never go outside of the method or produce any side-effect. 
> Either there is a mistake and object was intended to be used or it can be 
> removed.
> This analysis rarely produces false-positives. Common false-positive cases 
> include:
> - This object used to implicitly throw some obscure exception.
> - This object used as a stub to generalize the code.
> - This object used to hold strong references to weak/soft-referenced objects.
> - EmailServices.java:715, EI_EXPOSE_REP2
> EI2: new 
> org.apache.ofbiz.common.email.EmailServices$ByteArrayDataSource(byte[], 
> String) may expose internal representation by storing an externally mutable 
> object into EmailServices$ByteArrayDataSource.contentArray
> This code stores a reference to an externally mutable object into the 
> internal representation of the object.  If instances are accessed by 
> untrusted code, and unchecked changes to the mutable object would compromise 
> security or other important properties, you will need to do something 
> different. Storing a copy of the object is better approach in many situations.
> - NotificationServices.java:270, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.email.NotificationServices.setBaseUrl(Delegator, 
> String, Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9629) [FB] Package org.apache.ofbiz.common.image

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9629?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9629.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811423. 

> [FB] Package org.apache.ofbiz.common.image
> --
>
> Key: OFBIZ-9629
> URL: https://issues.apache.org/jira/browse/OFBIZ-9629
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9629_org.apache.ofbiz.common.image_bugfixes.patch
>
>
> - ImageTransform.java:119, DM_STRING_TOSTRING
> Dm: org.apache.ofbiz.common.image.ImageTransform.scaleImage(BufferedImage, 
> double, double, Map, String, Locale) invokes toString() method on a String
> Calling String.toString() is just a redundant operation. Just use the String.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9634) [FB] Package org.apache.ofbiz.common.uom

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9634:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.uom
> 
>
> Key: OFBIZ-9634
> URL: https://issues.apache.org/jira/browse/OFBIZ-9634
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9634_org.apache.ofbiz.common.uom_bugfixes.patch
>
>
> - UomWorker.java:70, PZLA_PREFER_ZERO_LENGTH_ARRAYS
> PZLA: Should org.apache.ofbiz.common.uom.UomWorker.uomTimeToCalTime(String) 
> return a zero length array rather than null?
> It is often a better design to return a length zero array rather than a null 
> reference to indicate that there are no results (i.e., an empty list of 
> results). This way, no explicit check for null is needed by clients of the 
> method.
> On the other hand, using null to indicate "there is no answer to this 
> question" is probably appropriate. For example, File.listFiles() returns an 
> empty list if given a directory containing no files, and returns null if the 
> file is not a directory.
> - UomWorker.java:107, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to svcOutMap in 
> org.apache.ofbiz.common.uom.UomWorker.convertUom(BigDecimal, String, String, 
> LocalDispatcher)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9630) [FB] Package org.apache.ofbiz.common.login

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9630.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811424.

> [FB] Package org.apache.ofbiz.common.login
> --
>
> Key: OFBIZ-9630
> URL: https://issues.apache.org/jira/browse/OFBIZ-9630
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9630_org.apache.ofbiz.common.login_bugfixes.patch
>
>
> - LoginServices.java:118, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.userLogin(DispatchContext, Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:161, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to loginDisableMinutes in 
> org.apache.ofbiz.common.login.LoginServices.userLogin(DispatchContext, Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> - LoginServices.java:569, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to resultMap in 
> org.apache.ofbiz.common.login.LoginServices.createUserLogin(DispatchContext, 
> Map)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> - LoginServices.java:661, NP_LOAD_OF_KNOWN_NULL_VALUE
> NP: Load of known null value in 
> org.apache.ofbiz.common.login.LoginServices.updatePassword(DispatchContext, 
> Map)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).
> - LoginServices.java:671, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.updatePassword(DispatchContext, 
> Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:733, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.login.LoginServices.updateUserLoginId(DispatchContext,
>  Map)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginServices.java:906, RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
> RCN: Nullcheck of userLogin at line 915 of value previously dereferenced in 
> org.apache.ofbiz.common.login.LoginServices.checkNewPassword(GenericValue, 
> String, String, String, String, List, boolean, Locale)
> A value is checked here to see whether it is null, but this value can't be 
> null because it was previously dereferenced and if it were null a null 
> pointer exception would have occurred at the earlier dereference. 
> Essentially, this code and the previous dereference disagree as to whether 
> this value is allowed to be null. Either the check is redundant or the 
> previous dereference is erroneous.
> - LoginServices.java:915, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of currentPassword, which is known to be non-null in 
> org.apache.ofbiz.common.login.LoginServices.checkNewPassword(GenericValue, 
> String, String, String, String, List, boolean, Locale)
> This method contains a redundant check of a known non-null value against the 
> consta

[jira] [Assigned] (OFBIZ-9633) [FB] Package org.apache.ofbiz.common.qrcode

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9633:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.qrcode
> ---
>
> Key: OFBIZ-9633
> URL: https://issues.apache.org/jira/browse/OFBIZ-9633
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9633_org.apache.ofbiz.common.qrcode_bugfixes.patch
>
>
> - QRCodeEvents.java:76, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of mimeType, which is known to be non-null in 
> org.apache.ofbiz.common.qrcode.QRCodeEvents.serveQRCodeImage(HttpServletRequest,
>  HttpServletResponse)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - QRCodeServices.java:77, MS_PKGPROTECT
> MS: org.apache.ofbiz.common.qrcode.QRCodeServices.FORMAT_NAMES should be 
> package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> - QRCodeServices.java:79, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - QRCodeServices.java:93, MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
> MS: org.apache.ofbiz.common.qrcode.QRCodeServices.defaultLogoImage isn't 
> final but should be refactored to be so
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability. However, the static initializer contains more than 
> one write to the field, so doing so will require some refactoring.
> - QRCodeServices.java:252, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.qrcode.QRCodeServices.toBufferedImage(BitMatrix, 
> String)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9631) [FB] Package org.apache.ofbiz.common.period

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9631:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.period
> ---
>
> Key: OFBIZ-9631
> URL: https://issues.apache.org/jira/browse/OFBIZ-9631
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9631_org.apache.ofbiz.common.period_bugfixes.patch
>
>
> - PeriodWorker.java:34, MS_SHOULD_BE_FINAL
> MS: org.apache.ofbiz.common.period.PeriodWorker.module isn't final but should 
> be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9631) [FB] Package org.apache.ofbiz.common.period

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9631?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9631.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811426. 

> [FB] Package org.apache.ofbiz.common.period
> ---
>
> Key: OFBIZ-9631
> URL: https://issues.apache.org/jira/browse/OFBIZ-9631
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9631_org.apache.ofbiz.common.period_bugfixes.patch
>
>
> - PeriodWorker.java:34, MS_SHOULD_BE_FINAL
> MS: org.apache.ofbiz.common.period.PeriodWorker.module isn't final but should 
> be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9633) [FB] Package org.apache.ofbiz.common.qrcode

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9633?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9633.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811427. 

> [FB] Package org.apache.ofbiz.common.qrcode
> ---
>
> Key: OFBIZ-9633
> URL: https://issues.apache.org/jira/browse/OFBIZ-9633
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9633_org.apache.ofbiz.common.qrcode_bugfixes.patch
>
>
> - QRCodeEvents.java:76, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of mimeType, which is known to be non-null in 
> org.apache.ofbiz.common.qrcode.QRCodeEvents.serveQRCodeImage(HttpServletRequest,
>  HttpServletResponse)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - QRCodeServices.java:77, MS_PKGPROTECT
> MS: org.apache.ofbiz.common.qrcode.QRCodeServices.FORMAT_NAMES should be 
> package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> - QRCodeServices.java:79, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - QRCodeServices.java:93, MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
> MS: org.apache.ofbiz.common.qrcode.QRCodeServices.defaultLogoImage isn't 
> final but should be refactored to be so
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability. However, the static initializer contains more than 
> one write to the field, so doing so will require some refactoring.
> - QRCodeServices.java:252, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.common.qrcode.QRCodeServices.toBufferedImage(BitMatrix, 
> String)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9635) [FB] Package org.apache.ofbiz.security

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9635:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.security
> --
>
> Key: OFBIZ-9635
> URL: https://issues.apache.org/jira/browse/OFBIZ-9635
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9635_org.apache.ofbiz.security_bugfixes.patch
>
>
> SecurityFactory.java:-1, CI_CONFUSED_INHERITANCE, Priorität: Niedrig
> CI: Class org.apache.ofbiz.security.SecurityFactory$OFBizSecurity is final 
> but declares protected field 
> org.apache.ofbiz.security.SecurityFactory$OFBizSecurity.simpleRoleEntity
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9637) [FB] Package org.apache.ofbiz.securityext.login

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9637:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.securityext.login
> ---
>
> Key: OFBIZ-9637
> URL: https://issues.apache.org/jira/browse/OFBIZ-9637
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: securityext
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9637_org.apache.ofbiz.securityext_bugfixes.patch
>
>
> - LoginEvents.java:88, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.saveEntryParams(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:162, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.showPasswordHint(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:222, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.emailPassword(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:417, DMI_INVOKING_TOSTRING_ON_ARRAY
> USELESS_STRING: Invocation of toString on cookies in 
> org.apache.ofbiz.securityext.login.LoginEvents.getUsername(HttpServletRequest)
> The code invokes toString on an array, which will generate a fairly useless 
> result such as [C@16f0472. Consider using Arrays.toString to convert the 
> array into a readable String that gives the contents of the array. See 
> Programming Puzzlers, chapter 3, puzzle 12.
> - LoginEvents.java:437, HRS_REQUEST_PARAMETER_TO_COOKIE
> HRS: HTTP cookie formed from untrusted input in 
> org.apache.ofbiz.securityext.login.LoginEvents.setUsername(HttpServletRequest,
>  HttpServletResponse)
> This code constructs an HTTP Cookie using an untrusted HTTP parameter. If 
> this cookie is added to an HTTP response, it will allow a HTTP response 
> splitting vulnerability. See 
> http://en.wikipedia.org/wiki/HTTP_response_splitting for more information.
> FindBugs looks only for the most blatant, obvious cases of HTTP response 
> splitting. If FindBugs found any, you almost certainly have more 
> vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP 
> response splitting, you should seriously consider using a commercial static 
> analysis or pen-testing tool.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9634) [FB] Package org.apache.ofbiz.common.uom

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9634?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9634.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811428. 

> [FB] Package org.apache.ofbiz.common.uom
> 
>
> Key: OFBIZ-9634
> URL: https://issues.apache.org/jira/browse/OFBIZ-9634
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9634_org.apache.ofbiz.common.uom_bugfixes.patch
>
>
> - UomWorker.java:70, PZLA_PREFER_ZERO_LENGTH_ARRAYS
> PZLA: Should org.apache.ofbiz.common.uom.UomWorker.uomTimeToCalTime(String) 
> return a zero length array rather than null?
> It is often a better design to return a length zero array rather than a null 
> reference to indicate that there are no results (i.e., an empty list of 
> results). This way, no explicit check for null is needed by clients of the 
> method.
> On the other hand, using null to indicate "there is no answer to this 
> question" is probably appropriate. For example, File.listFiles() returns an 
> empty list if given a directory containing no files, and returns null if the 
> file is not a directory.
> - UomWorker.java:107, DLS_DEAD_LOCAL_STORE
> DLS: Dead store to svcOutMap in 
> org.apache.ofbiz.common.uom.UomWorker.convertUom(BigDecimal, String, String, 
> LocalDispatcher)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9638) [FB] Package org.apache.ofbiz.service

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9638:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.service
> -
>
> Key: OFBIZ-9638
> URL: https://issues.apache.org/jira/browse/OFBIZ-9638
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9638_org.apache.ofbiz.service_bugfixes.patch
>
>
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.loader is transient 
> but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class, 
> thus it seems to be part of the state of the class. However, since the field 
> is marked as transient and not set in readObject or readResolve, it will 
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.dispatcher is 
> transient but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class, 
> thus it seems to be part of the state of the class. However, since the field 
> is marked as transient and not set in readObject or readResolve, it will 
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:56, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.DispatchContext is Serializable; consider 
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - DispatchContext.java:209, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in 
> org.apache.ofbiz.service.DispatchContext.getModelService(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - DispatchContext.java:273, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in 
> org.apache.ofbiz.service.DispatchContext.getGlobalServiceMap()
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - GeneralServiceException.java:63, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of 
> org.apache.ofbiz.base.util.GeneralException.getNested(), which is known to be 
> non-null in 
> org.apache.ofbiz.service.GeneralServiceException.returnError(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - GenericAbstractDispatcher.java:86, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.GenericAbstractDispatcher.schedule(String, String, 
> String, Map, long, int, int, int, long, int)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - GenericDispatcherFactory.java:32, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled should be 
> package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.
> - GenericDispatcherFactory.java:49, SIC_INNER_SHOULD_BE_STATIC
> SIC: Should 
> org.apache.ofbiz.service.GenericDispatche

[jira] [Closed] (OFBIZ-9635) [FB] Package org.apache.ofbiz.security

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9635?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9635.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811429.


> [FB] Package org.apache.ofbiz.security
> --
>
> Key: OFBIZ-9635
> URL: https://issues.apache.org/jira/browse/OFBIZ-9635
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9635_org.apache.ofbiz.security_bugfixes.patch
>
>
> SecurityFactory.java:-1, CI_CONFUSED_INHERITANCE, Priorität: Niedrig
> CI: Class org.apache.ofbiz.security.SecurityFactory$OFBizSecurity is final 
> but declares protected field 
> org.apache.ofbiz.security.SecurityFactory$OFBizSecurity.simpleRoleEntity
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9637) [FB] Package org.apache.ofbiz.securityext.login

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9637?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9637.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811430.


> [FB] Package org.apache.ofbiz.securityext.login
> ---
>
> Key: OFBIZ-9637
> URL: https://issues.apache.org/jira/browse/OFBIZ-9637
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: securityext
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9637_org.apache.ofbiz.securityext_bugfixes.patch
>
>
> - LoginEvents.java:88, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.saveEntryParams(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:162, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.showPasswordHint(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:222, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.securityext.login.LoginEvents.emailPassword(HttpServletRequest,
>  HttpServletResponse)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - LoginEvents.java:417, DMI_INVOKING_TOSTRING_ON_ARRAY
> USELESS_STRING: Invocation of toString on cookies in 
> org.apache.ofbiz.securityext.login.LoginEvents.getUsername(HttpServletRequest)
> The code invokes toString on an array, which will generate a fairly useless 
> result such as [C@16f0472. Consider using Arrays.toString to convert the 
> array into a readable String that gives the contents of the array. See 
> Programming Puzzlers, chapter 3, puzzle 12.
> - LoginEvents.java:437, HRS_REQUEST_PARAMETER_TO_COOKIE
> HRS: HTTP cookie formed from untrusted input in 
> org.apache.ofbiz.securityext.login.LoginEvents.setUsername(HttpServletRequest,
>  HttpServletResponse)
> This code constructs an HTTP Cookie using an untrusted HTTP parameter. If 
> this cookie is added to an HTTP response, it will allow a HTTP response 
> splitting vulnerability. See 
> http://en.wikipedia.org/wiki/HTTP_response_splitting for more information.
> FindBugs looks only for the most blatant, obvious cases of HTTP response 
> splitting. If FindBugs found any, you almost certainly have more 
> vulnerabilities that FindBugs doesn't report. If you are concerned about HTTP 
> response splitting, you should seriously consider using a commercial static 
> analysis or pen-testing tool.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9638) [FB] Package org.apache.ofbiz.service

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9638?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9638.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811431.


> [FB] Package org.apache.ofbiz.service
> -
>
> Key: OFBIZ-9638
> URL: https://issues.apache.org/jira/browse/OFBIZ-9638
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9638_org.apache.ofbiz.service_bugfixes.patch
>
>
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.loader is transient 
> but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class, 
> thus it seems to be part of the state of the class. However, since the field 
> is marked as transient and not set in readObject or readResolve, it will 
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:-1, SE_TRANSIENT_FIELD_NOT_RESTORED
> Se: The field org.apache.ofbiz.service.DispatchContext.dispatcher is 
> transient but isn't set by deserialization
> This class contains a field that is updated at multiple places in the class, 
> thus it seems to be part of the state of the class. However, since the field 
> is marked as transient and not set in readObject or readResolve, it will 
> contain the default value in any deserialized instance of the class.
> - DispatchContext.java:56, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.service.DispatchContext is Serializable; consider 
> declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - DispatchContext.java:209, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in 
> org.apache.ofbiz.service.DispatchContext.getModelService(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - DispatchContext.java:273, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of serviceMap, which is known to be non-null in 
> org.apache.ofbiz.service.DispatchContext.getGlobalServiceMap()
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - GeneralServiceException.java:63, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of 
> org.apache.ofbiz.base.util.GeneralException.getNested(), which is known to be 
> non-null in 
> org.apache.ofbiz.service.GeneralServiceException.returnError(String)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> - GenericAbstractDispatcher.java:86, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.GenericAbstractDispatcher.schedule(String, String, 
> String, Map, long, int, int, int, long, int)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - GenericDispatcherFactory.java:32, MS_PKGPROTECT
> MS: org.apache.ofbiz.service.GenericDispatcherFactory.ecasDisabled should be 
> package protected
> A mutable static field could be changed by malicious code or by accident. The 
> field could be made package protected to avoid this vulnerability.

[jira] [Assigned] (OFBIZ-9639) [FB] Package org.apache.ofbiz.catalina.container

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9639:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.catalina.container
> 
>
> Key: OFBIZ-9639
> URL: https://issues.apache.org/jira/browse/OFBIZ-9639
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9639_org.apache.ofbiz.catalina_bugfixes.patch
>
>
> - CatalinaContainer.java:248, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of clusterProps, which is known to be non-null in 
> org.apache.ofbiz.catalina.container.CatalinaContainer.prepareTomcatClustering(Host,
>  ContainerConfig$Configuration$Property)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9684) [FB] Package org.apache.ofbiz.service.group

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9684:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.service.group
> ---
>
> Key: OFBIZ-9684
> URL: https://issues.apache.org/jira/browse/OFBIZ-9684
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9684_org.apache.ofbiz.service.group_bugfixes.patch
>
>
> GroupModel.java:55, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of 
> org.apache.ofbiz.service.group.GroupModel.groupName, which is known to be 
> non-null in new org.apache.ofbiz.service.group.GroupModel(Element)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> GroupServiceModel.java:107, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of model, which is known to be non-null in 
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(ServiceDispatcher, 
> String, Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ServiceGroupReader.java:43, MS_SHOULD_BE_FINAL, Priorität: Hoch
> - MS: org.apache.ofbiz.service.group.ServiceGroupReader.groupsCache isn't 
> final but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> ServiceGroupReader.java:78, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of groupName, which is known to be non-null in 
> org.apache.ofbiz.service.group.ServiceGroupReader.addGroupDefinitions(ResourceHandler)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9640) [FB] Package org.apache.ofbiz.common.preferences

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9640:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common.preferences
> 
>
> Key: OFBIZ-9640
> URL: https://issues.apache.org/jira/browse/OFBIZ-9640
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9640_org.apache.ofbiz.common.preferences_bugfixes.patch
>
>
> - PreferenceWorker.java:90, RpC_REPEATED_CONDITIONAL_TEST
> RpC: Repeated conditional test in 
> org.apache.ofbiz.common.preferences.PreferenceWorker.checkCopyPermission(DispatchContext,
>  Map)
> The code contains a conditional test is performed twice, one right after the 
> other (e.g., x == 0 || x == 0). Perhaps the second occurrence is intended to 
> be something else (e.g., x == 0 || y == 0).
> - PreferenceWorker.java:90, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of userLoginIdArg, which is known to be non-null in 
> org.apache.ofbiz.common.preferences.PreferenceWorker.checkCopyPermission(DispatchContext,
>  Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9683) [FB] Package org.apache.ofbiz.service.eca

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9683?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9683:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.service.eca
> -
>
> Key: OFBIZ-9683
> URL: https://issues.apache.org/jira/browse/OFBIZ-9683
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9683_org.apache.ofbiz.service.eca_bugfixes.patch
>
>
> ServiceEcaAction.java:43, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.service.eca.ServiceEcaAction is Serializable; 
> consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> ServiceEcaAction.java:237, HE_EQUALS_USE_HASHCODE
> - HE: org.apache.ofbiz.service.eca.ServiceEcaAction defines equals and uses 
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM).  Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrary constant will do
>   }
> ServiceEcaCondition.java:42, SE_NO_SERIALVERSIONID
> - SnVI: org.apache.ofbiz.service.eca.ServiceEcaCondition is Serializable; 
> consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field.  A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> ServiceEcaCondition.java:78, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of 
> org.apache.ofbiz.service.eca.ServiceEcaCondition.lhsValueName, which is known 
> to be non-null in new 
> org.apache.ofbiz.service.eca.ServiceEcaCondition(Element, boolean, boolean)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ServiceEcaCondition.java:81, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of 
> org.apache.ofbiz.service.eca.ServiceEcaCondition.rhsValueName, which is known 
> to be non-null in new 
> org.apache.ofbiz.service.eca.ServiceEcaCondition(Element, boolean, boolean)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ServiceEcaCondition.java:219, HE_EQUALS_USE_HASHCODE
> - HE: org.apache.ofbiz.service.eca.ServiceEcaCondition defines equals and 
> uses Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM).  Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
>   assert false : "hashCode not designed";
>   return 42; // any arbitrary constant will do
>   }
> ServiceEcaRule.java:-1, CI_CONFUSED_INHERITANCE, Priorität: Niedrig
> CI: Class org.apache.ofbiz.service.eca.ServiceEcaRule is final but declares 
> protected field org.apache.ofbiz.service.eca.ServiceEcaRule.actionsAndSets
> This class is declared to be

[jira] [Assigned] (OFBIZ-9681) [FB] Package org.apache.ofbiz.common

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9681:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.common
> 
>
> Key: OFBIZ-9681
> URL: https://issues.apache.org/jira/browse/OFBIZ-9681
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-No_org.apache.ofbiz.common_bugfixes.patch
>
>
> CommonEvents.java:173, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to followerListStr in 
> org.apache.ofbiz.common.CommonEvents.setAppletFollower(HttpServletRequest, 
> HttpServletResponse)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> CommonEvents.java:292, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.CommonEvents.jsonResponseFromRequestAttributes(HttpServletRequest,
>  HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> CommonEvents.java:300, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of jsonStr, which is known to be non-null in 
> org.apache.ofbiz.common.CommonEvents.writeJSONtoResponse(JSON, 
> HttpServletRequest, HttpServletResponse)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> CommonEvents.java:488, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.CommonEvents.getCaptcha(HttpServletRequest, 
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> CommonServices.java:220, DM_GC
> - Dm: org.apache.ofbiz.common.CommonServices.forceGc(DispatchContext, Map) 
> forces garbage collection; extremely dubious except in benchmarking code
> Code explicitly invokes garbage collection. Except for specific use in 
> benchmarking, this is very dubious.
> In the past, situations where people have explicitly invoked the garbage 
> collector in routines such as close or finalize methods has led to huge 
> performance black holes. Garbage collection can be expensive. Any situation 
> that forces hundreds or thousands of garbage collections will bring the 
> machine to a crawl.
> CommonServices.java:474, OS_OPEN_STREAM
> - OS: org.apache.ofbiz.common.CommonServices.streamTest(DispatchContext, Map) 
> may fail to close stream
> The method creates an IO stream object, does not assign it to any fields, 
> pass it to other methods that might close it, or return it, and does not 
> appear to close the stream on all paths out of the method.  This may result 
> in a file descriptor leak.  It is generally a good idea to use a finally 
> block to ensure that streams are closed.
> CommonServices.java:474, DM_DEFAULT_ENCODING
> - Dm: Found reliance on default encoding in 
> org.apache.ofbiz

[jira] [Assigned] (OFBIZ-9679) [FB] Package org.apache.ofbiz.base.conversion

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9679:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.base.conversion
> -
>
> Key: OFBIZ-9679
> URL: https://issues.apache.org/jira/browse/OFBIZ-9679
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch, 
> OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch
>
>
> - BooleanConverters.java:72, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.conversion.BooleanConverters$StringToBoolean.convert(String)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - CollectionConverters.java:46, BC_VACUOUS_INSTANCEOF
> BC: instanceof will always return true for all nonnull values in 
> org.apache.ofbiz.base.conversion.CollectionConverters$ArrayCreator.createConverter(Class,
>  Class), since all Class are instances of Object
> This instanceof test will always return true (unless the value being tested 
> is null). Although this is safe, make sure it isn't an indication of some 
> misunderstanding or some other logic error. If you really want to test the 
> value for being null, perhaps it would be clearer to do better to do a null 
> test rather than an instanceof test.
> - Converters.java:39, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - Converters.java:40, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - Converters.java:154, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.base.conversion.Converters.loadContainedConverters(Class)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - MiscConverters.java:90, PZLA_PREFER_ZERO_LENGTH_ARRAYS
> PZLA: Should 
> org.apache.ofbiz.base.conversion.MiscConverters$ByteBufferToByteArray.convert(ByteBuffer)
>  return a zero length array rather than null?
> It is often a better design to return a length zero array rather than a null 
> reference to indicate that there are no results (i.e., an empty list of 
> results). This way, no explicit check for null is needed by clients of the 
> method.
> On the other hand, using null to indicate "there is no answer to this 
> question" is probably appropriate. For example, File.listFiles() returns an 
> empty list if given a directory containing no files, and returns null if the 
> file is not a directory.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9682) [FB] Package org.apache.ofbiz.service.config.model

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9682:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.service.config.model
> --
>
> Key: OFBIZ-9682
> URL: https://issues.apache.org/jira/browse/OFBIZ-9682
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9682_org.apache.ofbiz.service.config.model_bugfixes.patch
>
>
> ThreadPool.java:135, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in new 
> org.apache.ofbiz.service.config.model.ThreadPool(Element)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9639) [FB] Package org.apache.ofbiz.catalina.container

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9639?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9639.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811432.


> [FB] Package org.apache.ofbiz.catalina.container
> 
>
> Key: OFBIZ-9639
> URL: https://issues.apache.org/jira/browse/OFBIZ-9639
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9639_org.apache.ofbiz.catalina_bugfixes.patch
>
>
> - CatalinaContainer.java:248, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of clusterProps, which is known to be non-null in 
> org.apache.ofbiz.catalina.container.CatalinaContainer.prepareTomcatClustering(Host,
>  ContainerConfig$Configuration$Property)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9640) [FB] Package org.apache.ofbiz.common.preferences

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9640.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811433.


> [FB] Package org.apache.ofbiz.common.preferences
> 
>
> Key: OFBIZ-9640
> URL: https://issues.apache.org/jira/browse/OFBIZ-9640
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9640_org.apache.ofbiz.common.preferences_bugfixes.patch
>
>
> - PreferenceWorker.java:90, RpC_REPEATED_CONDITIONAL_TEST
> RpC: Repeated conditional test in 
> org.apache.ofbiz.common.preferences.PreferenceWorker.checkCopyPermission(DispatchContext,
>  Map)
> The code contains a conditional test is performed twice, one right after the 
> other (e.g., x == 0 || x == 0). Perhaps the second occurrence is intended to 
> be something else (e.g., x == 0 || y == 0).
> - PreferenceWorker.java:90, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> RCN: Redundant nullcheck of userLoginIdArg, which is known to be non-null in 
> org.apache.ofbiz.common.preferences.PreferenceWorker.checkCopyPermission(DispatchContext,
>  Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9679) [FB] Package org.apache.ofbiz.base.conversion

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9679.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811434.


> [FB] Package org.apache.ofbiz.base.conversion
> -
>
> Key: OFBIZ-9679
> URL: https://issues.apache.org/jira/browse/OFBIZ-9679
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch, 
> OFBIZ-9679_org.apache.ofbiz.base.conversion_bugfixes.patch
>
>
> - BooleanConverters.java:72, DM_CONVERT_CASE
> Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in 
> org.apache.ofbiz.base.conversion.BooleanConverters$StringToBoolean.convert(String)
> A String is being converted to upper or lowercase, using the platform's 
> default encoding. This may result in improper conversions when used with 
> international characters. Use the
> String.toUpperCase( Locale l )
> String.toLowerCase( Locale l )
> versions instead.
> - CollectionConverters.java:46, BC_VACUOUS_INSTANCEOF
> BC: instanceof will always return true for all nonnull values in 
> org.apache.ofbiz.base.conversion.CollectionConverters$ArrayCreator.createConverter(Class,
>  Class), since all Class are instances of Object
> This instanceof test will always return true (unless the value being tested 
> is null). Although this is safe, make sure it isn't an indication of some 
> misunderstanding or some other logic error. If you really want to test the 
> value for being null, perhaps it would be clearer to do better to do a null 
> test rather than an instanceof test.
> - Converters.java:39, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - Converters.java:40, MS_MUTABLE_COLLECTION_PKGPROTECT
> Field is a mutable collection which should be package protected
> A mutable collection instance is assigned to a final static field, thus can 
> be changed by malicious code or by accident from another package. The field 
> could be made package protected to avoid this vulnerability. Alternatively 
> you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to 
> avoid this vulnerability.
> - Converters.java:154, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.base.conversion.Converters.loadContainedConverters(Class)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - MiscConverters.java:90, PZLA_PREFER_ZERO_LENGTH_ARRAYS
> PZLA: Should 
> org.apache.ofbiz.base.conversion.MiscConverters$ByteBufferToByteArray.convert(ByteBuffer)
>  return a zero length array rather than null?
> It is often a better design to return a length zero array rather than a null 
> reference to indicate that there are no results (i.e., an empty list of 
> results). This way, no explicit check for null is needed by clients of the 
> method.
> On the other hand, using null to indicate "there is no answer to this 
> question" is probably appropriate. For example, File.listFiles() returns an 
> empty list if given a directory containing no files, and returns null if the 
> file is not a directory.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9681) [FB] Package org.apache.ofbiz.common

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9681?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9681.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Julian,

your patch is in trunk r1811438.


> [FB] Package org.apache.ofbiz.common
> 
>
> Key: OFBIZ-9681
> URL: https://issues.apache.org/jira/browse/OFBIZ-9681
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-No_org.apache.ofbiz.common_bugfixes.patch
>
>
> CommonEvents.java:173, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to followerListStr in 
> org.apache.ofbiz.common.CommonEvents.setAppletFollower(HttpServletRequest, 
> HttpServletResponse)
> This instruction assigns a value to a local variable, but the value is not 
> read or used in any subsequent instruction. Often, this indicates an error, 
> because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local 
> variables. Because FindBugs is a bytecode-based tool, there is no easy way to 
> eliminate these false positives.
> CommonEvents.java:292, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.CommonEvents.jsonResponseFromRequestAttributes(HttpServletRequest,
>  HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> CommonEvents.java:300, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of jsonStr, which is known to be non-null in 
> org.apache.ofbiz.common.CommonEvents.writeJSONtoResponse(JSON, 
> HttpServletRequest, HttpServletResponse)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> CommonEvents.java:488, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.common.CommonEvents.getCaptcha(HttpServletRequest, 
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> CommonServices.java:220, DM_GC
> - Dm: org.apache.ofbiz.common.CommonServices.forceGc(DispatchContext, Map) 
> forces garbage collection; extremely dubious except in benchmarking code
> Code explicitly invokes garbage collection. Except for specific use in 
> benchmarking, this is very dubious.
> In the past, situations where people have explicitly invoked the garbage 
> collector in routines such as close or finalize methods has led to huge 
> performance black holes. Garbage collection can be expensive. Any situation 
> that forces hundreds or thousands of garbage collections will bring the 
> machine to a crawl.
> CommonServices.java:474, OS_OPEN_STREAM
> - OS: org.apache.ofbiz.common.CommonServices.streamTest(DispatchContext, Map) 
> may fail to close stream
> The method creates an IO stream object, does not assign it to any fields, 
> pass it to other methods that might close it, or return it, and does not 
> appear to close the stream on all paths out of the method.  This may result 
> in a file descriptor leak.  It is generally a good idea to use a finally 
> block to ensure that streams a

[jira] [Commented] (OFBIZ-9685) [FB] Package org.apache.ofbiz.widget.renderer.fo

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195768#comment-16195768
 ] 

Michael Brohl commented on OFBIZ-9685:
--

Hi [~jleichert],

thanks for your contribution.

Due to changes in the class, the patch cannot be applied to the current 
codebase. Can you provide an updated patch?

Thanks and regards,
Michael

> [FB] Package org.apache.ofbiz.widget.renderer.fo
> 
>
> Key: OFBIZ-9685
> URL: https://issues.apache.org/jira/browse/OFBIZ-9685
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Priority: Minor
> Attachments: 
> OFBIZ-9685_org.apache.ofbiz.widget.renderer.fo_bugfixes.patch
>
>
> ScreenFopViewHandler.java:93, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.widget.renderer.fo.ScreenFopViewHandler.render(String, 
> String, String, String, String, HttpServletRequest, HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> ScreenFopViewHandler.java:193, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.widget.renderer.fo.ScreenFopViewHandler.renderError(String, 
> Exception, String, HttpServletRequest, HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9685) [FB] Package org.apache.ofbiz.widget.renderer.fo

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9685:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.widget.renderer.fo
> 
>
> Key: OFBIZ-9685
> URL: https://issues.apache.org/jira/browse/OFBIZ-9685
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9685_org.apache.ofbiz.widget.renderer.fo_bugfixes.patch
>
>
> ScreenFopViewHandler.java:93, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.widget.renderer.fo.ScreenFopViewHandler.render(String, 
> String, String, String, String, HttpServletRequest, HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> ScreenFopViewHandler.java:193, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.widget.renderer.fo.ScreenFopViewHandler.renderError(String, 
> Exception, String, HttpServletRequest, HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9686) [FB] Package org.apache.ofbiz.widget.renderer.html

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9686?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9686:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.widget.renderer.html
> --
>
> Key: OFBIZ-9686
> URL: https://issues.apache.org/jira/browse/OFBIZ-9686
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9686_org.apache.ofbiz.widget.renderer.html_bugfixes.patch
>
>
> HtmlMenuRenderer.java:82, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.appendOfbizUrl(Appendable,
>  String)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. For example, this is caused by having an empty statement block for an 
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> HtmlMenuRenderer.java:111, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.appendContentUrl(Appendable,
>  String)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. For example, this is caused by having an empty statement block for an 
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> HtmlMenuRenderer.java:470, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.renderLink(Appendable, 
> Map, ModelMenuItem$MenuLink)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9686) [FB] Package org.apache.ofbiz.widget.renderer.html

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9686?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9686.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Julian,

your modified patch is in trunk r1811439.

I additionally removed all commented out code.


> [FB] Package org.apache.ofbiz.widget.renderer.html
> --
>
> Key: OFBIZ-9686
> URL: https://issues.apache.org/jira/browse/OFBIZ-9686
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9686_org.apache.ofbiz.widget.renderer.html_bugfixes.patch
>
>
> HtmlMenuRenderer.java:82, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.appendOfbizUrl(Appendable,
>  String)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. For example, this is caused by having an empty statement block for an 
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> HtmlMenuRenderer.java:111, UCF_USELESS_CONTROL_FLOW
> - UCF: Useless control flow in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.appendContentUrl(Appendable,
>  String)
> This method contains a useless control flow statement, where control flow 
> continues onto the same place regardless of whether or not the branch is 
> taken. For example, this is caused by having an empty statement block for an 
> if statement:
> if (argv.length == 0) {
> // TODO: handle this case
> }
> HtmlMenuRenderer.java:470, NP_LOAD_OF_KNOWN_NULL_VALUE
> - NP: Load of known null value in 
> org.apache.ofbiz.widget.renderer.html.HtmlMenuRenderer.renderLink(Appendable, 
> Map, ModelMenuItem$MenuLink)
> The variable referenced at this point is known to be null due to an earlier 
> check against null. Although this is valid, it might be a mistake (perhaps 
> you intended to refer to a different variable, or perhaps the earlier check 
> to see if the variable is null should have been a check to see if it was 
> non-null).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (OFBIZ-9682) [FB] Package org.apache.ofbiz.service.config.model

[Michael Brohl (JIRA)]

[ 
https://issues.apache.org/jira/browse/OFBIZ-9682?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16196040#comment-16196040
 ] 

Michael Brohl commented on OFBIZ-9682:
--

Hi Julian,

this patch wrongly changes the exception messages, please check and provide a 
correct patch.

> [FB] Package org.apache.ofbiz.service.config.model
> --
>
> Key: OFBIZ-9682
> URL: https://issues.apache.org/jira/browse/OFBIZ-9682
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: 
> OFBIZ-9682_org.apache.ofbiz.service.config.model_bugfixes.patch
>
>
> ThreadPool.java:135, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in new 
> org.apache.ofbiz.service.config.model.ThreadPool(Element)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Closed] (OFBIZ-9684) [FB] Package org.apache.ofbiz.service.group

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9684?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9684.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Julian,

your patch is in trunk r1811467.


> [FB] Package org.apache.ofbiz.service.group
> ---
>
> Key: OFBIZ-9684
> URL: https://issues.apache.org/jira/browse/OFBIZ-9684
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: ALL APPLICATIONS, ALL COMPONENTS
>Affects Versions: Trunk
>Reporter: Julian Leichert
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9684_org.apache.ofbiz.service.group_bugfixes.patch
>
>
> GroupModel.java:55, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of 
> org.apache.ofbiz.service.group.GroupModel.groupName, which is known to be 
> non-null in new org.apache.ofbiz.service.group.GroupModel(Element)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> GroupServiceModel.java:107, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of model, which is known to be non-null in 
> org.apache.ofbiz.service.group.GroupServiceModel.invoke(ServiceDispatcher, 
> String, Map)
> This method contains a redundant check of a known non-null value against the 
> constant null.
> ServiceGroupReader.java:43, MS_SHOULD_BE_FINAL, Priorität: Hoch
> - MS: org.apache.ofbiz.service.group.ServiceGroupReader.groupsCache isn't 
> final but should be
> This static field public but not final, and could be changed by malicious 
> code or by accident from another package. The field could be made final to 
> avoid this vulnerability.
> ServiceGroupReader.java:78, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of groupName, which is known to be non-null in 
> org.apache.ofbiz.service.group.ServiceGroupReader.addGroupDefinitions(ResourceHandler)
> This method contains a redundant check of a known non-null value against the 
> constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Assigned] (OFBIZ-9688) [FB] Package org.apache.ofbiz.service.engine

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl reassigned OFBIZ-9688:


Assignee: Michael Brohl

> [FB] Package org.apache.ofbiz.service.engine
> 
>
> Key: OFBIZ-9688
> URL: https://issues.apache.org/jira/browse/OFBIZ-9688
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Attachments: OFBIZ-9688_org.apache.ofbiz.service.engine_bugfixes.patch
>
>
> - GenericEngineFactory.java:67, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.GenericEngineFactory.getGenericEngine(String)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - GroovyEngine.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.service.engine.GroovyEngine is final but declares 
> protected field org.apache.ofbiz.service.engine.GroovyEngine.EMPTY_ARGS
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - HttpEngine.java:64, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.HttpEngine.runSync(String, ModelService, Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - HttpEngine.java:137, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.HttpEngine.httpEngine(HttpServletRequest, 
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - HttpEngine.java:185, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.service.engine.HttpEngine.httpEngine(HttpServletRequest, 
> HttpServletResponse): String.getBytes()
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - SOAPClientEngine.java:135, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.SOAPClientEn

[jira] [Closed] (OFBIZ-9688) [FB] Package org.apache.ofbiz.service.engine

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9688.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811468.


> [FB] Package org.apache.ofbiz.service.engine
> 
>
> Key: OFBIZ-9688
> URL: https://issues.apache.org/jira/browse/OFBIZ-9688
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: framework
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9688_org.apache.ofbiz.service.engine_bugfixes.patch
>
>
> - GenericEngineFactory.java:67, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.GenericEngineFactory.getGenericEngine(String)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - GroovyEngine.java:-1, CI_CONFUSED_INHERITANCE
> CI: Class org.apache.ofbiz.service.engine.GroovyEngine is final but declares 
> protected field org.apache.ofbiz.service.engine.GroovyEngine.EMPTY_ARGS
> This class is declared to be final, but declares fields to be protected. 
> Since the class is final, it can not be derived from, and the use of 
> protected is confusing. The access modifier for the field should be changed 
> to private or public to represent the true use for the field.
> - HttpEngine.java:64, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.HttpEngine.runSync(String, ModelService, Map)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - HttpEngine.java:137, REC_CATCH_EXCEPTION
> REC: Exception is caught when Exception is not thrown in 
> org.apache.ofbiz.service.engine.HttpEngine.httpEngine(HttpServletRequest, 
> HttpServletResponse)
> This method uses a try-catch block that catches Exception objects, but 
> Exception is not thrown within the try block, and RuntimeException is not 
> explicitly caught. It is a common bug pattern to say try { ... } catch 
> (Exception e) { something } as a shorthand for catching a number of types of 
> exception each of whose catch blocks is identical, but this construct also 
> accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that 
> are thrown, or to explicitly catch RuntimeException exception, rethrow it, 
> and then catch all non-Runtime Exceptions, as shown below:
>   try {
> ...
>   } catch (RuntimeException e) {
> throw e;
>   } catch (Exception e) {
> ... deal with all non-runtime exceptions ...
>   }
> - HttpEngine.java:185, DM_DEFAULT_ENCODING
> Dm: Found reliance on default encoding in 
> org.apache.ofbiz.service.engine.HttpEngine.httpEngine(HttpServletRequest, 
> HttpServletResponse): String.getBytes()
> Found a call to a method which will perform a byte to String (or String to 
> byte) conversion, and will assume that the default platform encoding is 
> suitable. This will cause the application behaviour to vary between 
> platforms. Use an alternative API and specify a charset name or Charset 
> object explicitly.
> - SOAPClientEngine.java:135, REC

[jira] [Closed] (OFBIZ-9590) [FB] Package org.apache.ofbiz.base.util.collections

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9590.

   Resolution: Implemented
Fix Version/s: Upcoming Release

Thanks Dennis,

your patch is in trunk r1811685. 

> [FB] Package org.apache.ofbiz.base.util.collections
> ---
>
> Key: OFBIZ-9590
> URL: https://issues.apache.org/jira/browse/OFBIZ-9590
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: base
>Affects Versions: Trunk
>Reporter: Dennis Balkir
>Assignee: Michael Brohl
>Priority: Minor
> Fix For: Upcoming Release
>
> Attachments: 
> OFBIZ-9590_org.apache.ofbiz.base.util.collections_bugfixes.patch
>
>
> FlexibleMapAccessor.java:44, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleMapAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:47, SE_NO_SERIALVERSIONID
> SnVI: org.apache.ofbiz.base.util.collections.FlexibleServletAccessor is 
> Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - FlexibleServletAccessor.java:181, 
> EQ_CHECK_FOR_OPERAND_NOT_COMPATIBLE_WITH_THIS
> Eq: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor.equals(Object) 
> checks for operand being a String
> This equals method is checking to see if the argument is some incompatible 
> type (i.e., a class that is neither a supertype nor subtype of the class that 
> defines the equals method). For example, the Foo class might have an equals 
> method that looks like:
> public boolean equals(Object o) {
> if (o instanceof Foo)
> return name.equals(((Foo)o).name);
> else if (o instanceof String)
> return name.equals(o);
> else return false;
> This is considered bad practice, as it makes it very hard to implement an 
> equals method that is symmetric and transitive. Without those properties, 
> very unexpected behavoirs are possible.
> - FlexibleServletAccessor.java:208, SE_NO_SERIALVERSIONID
> SnVI: 
> org.apache.ofbiz.base.util.collections.FlexibleServletAccessor$AttributeAccessor
>  is Serializable; consider declaring a serialVersionUID
> This class implements the Serializable interface, but does not define a 
> serialVersionUID field. A change as simple as adding a reference to a .class 
> object will add synthetic fields to the class, which will unfortunately 
> change the implicit serialVersionUID (e.g., adding a reference to 
> String.class will generate a static field class$java$lang$String). Also, 
> different source code to bytecode compilers may use different naming 
> conventions for synthetic variables generated for references to class objects 
> or inner classes. To ensure interoperability of Serializable across versions, 
> consider adding an explicit serialVersionUID.
> - GenericMap.java:68, HE_EQUALS_USE_HASHCODE
> HE: org.apache.ofbiz.base.util.collections.GenericMap defines equals and uses 
> Object.hashCode()
> This class overrides equals(Object), but does not override hashCode(), and 
> inherits the implementation of hashCode() from java.lang.Object (which 
> returns the identity hash code, an arbitrary value assigned to the object by 
> the VM). Therefore, the class is very likely to violate the invariant that 
> equal objects must have equal hashcodes.
> If you don't think instances of this class will ever be inserted into a 
> HashMap/HashTable, the recommended hashCode implementation to use is:
> public int hashCode() {
> assert false : "hashCode not designed";
> r

[jira] [Closed] (OFBIZ-9444) Dependency problem between Solr 6.6.0 and Guava

[Michael Brohl (JIRA)]

 [ 
https://issues.apache.org/jira/browse/OFBIZ-9444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Brohl closed OFBIZ-9444.

   Resolution: Fixed
Fix Version/s: Upcoming Release

Thanks Julian,

your patch is in trunk r1811688. 

> Dependency problem between Solr 6.6.0 and Guava
> ---
>
> Key: OFBIZ-9444
> URL: https://issues.apache.org/jira/browse/OFBIZ-9444
> Project: OFBiz
>  Issue Type: Sub-task
>  Components: solr
>Affects Versions: Trunk
>Reporter: Michael Brohl
>Assignee: Michael Brohl
> Fix For: Upcoming Release
>
> Attachments: OFBIZ-9444.patch, OFBIZ-9444_intermediate.patch, 
> OFBIZ-9444_intermediate_clean.patch, dependencies.txt
>
>
> It seems we have a dependency problem in our codebase.
> The Solr code needs access to a method 
> com.google.common.base.Objects.firstNonNull, which was removed from Guava 
> from version 21 (see [1]).
> I tried to add the dependency both through the Solr build.gradle with
> {code:java}
> dependencies {
> pluginLibsCompile 'org.apache.solr:solr-core:6.6.0'
> pluginLibsCompile 'com.google.guava:guava:20.0'
> }
> {code}
> and also as a runtime dependency in main build.gradle
> {code:java}
> dependencies {
> // ofbiz compile libs
> ...
> runtime 'com.google.guava:guava:20.0'
> ...
> }
> {code}
> Both did not work. Running my Solo tests I get the error
> {code:java}
> 2017-07-01 14:25:18,049 |jsse-nio-8443-exec-4 |HttpSolrCall  
> |E| null:java.lang.RuntimeException: java.lang.NoSuchMethodError: 
> com.google.common.base.Objects.firstNonNull(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
> at 
> org.apache.solr.servlet.HttpSolrCall.sendError(HttpSolrCall.java:676)
> at org.apache.solr.servlet.HttpSolrCall.call(HttpSolrCall.java:544)
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:361)
> at 
> org.apache.solr.servlet.SolrDispatchFilter.doFilter(SolrDispatchFilter.java:305)
> at 
> org.apache.ofbiz.solr.webapp.OFBizSolrContextFilter.doFilter(OFBizSolrContextFilter.java:151)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.ofbiz.webapp.control.ControlFilter.doFilter(ControlFilter.java:156)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624)
> at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
> at 
> org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
> at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
> at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
> at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.NoSuchMethodError: 
> com.google.common.base.Objects.firstNonNull(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
> at 
> org.apache.solr.handler.component.HighlightComponent.prepare(HighlightComponent.java:118)
> at 
> org.apache.solr.handler.component.SearchHandler.handleRequestBody(SearchHandler.java:270)
> at 
> org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:173)
> at org.apache.solr.core.SolrCore.execute(SolrCore.java:2477)
> at org.apache.solr.