[ https://issues.apache.org/jira/browse/OFBIZ-9452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Brohl reassigned OFBIZ-9452: ------------------------------------ Assignee: Michael Brohl > [FB] Package org.apache.ofbiz.accounting.tax > -------------------------------------------- > > Key: OFBIZ-9452 > URL: https://issues.apache.org/jira/browse/OFBIZ-9452 > Project: OFBiz > Issue Type: Sub-task > Components: accounting > Affects Versions: Trunk > Reporter: Kyra Pritzel-Hentley > Assignee: Michael Brohl > Priority: Minor > Attachments: OFBIZ-9452_tax.TaxAuthorityServices_bugfixes.patch > > > TaxAuthorityServices.java:60, MS_SHOULD_BE_FINAL > * MS: > org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxFinalDecimals > isn't final but should be > This static field public but not final, and could be changed by malicious > code or by accident from another package. The field could be made final to > avoid this vulnerability. > TaxAuthorityServices.java:61, MS_SHOULD_BE_FINAL > * MS: > org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxCalcDecimals > isn't final but should be > This static field public but not final, and could be changed by malicious > code or by accident from another package. The field could be made final to > avoid this vulnerability. > TaxAuthorityServices.java:62, MS_SHOULD_BE_FINAL > * MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxRounding > isn't final but should be > This static field public but not final, and could be changed by malicious > code or by accident from another package. The field could be made final to > avoid this vulnerability. > TaxAuthorityServices.java:168, NP_LOAD_OF_KNOWN_NULL_VALUE > * NP: Load of known null value in > org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext, > Map) > The variable referenced at this point is known to be null due to an earlier > check against null. Although this is valid, it might be a mistake (perhaps > you intended to refer to a different variable, or perhaps the earlier check > to see if the variable is null should have been a check to see if it was > non-null). > TaxAuthorityServices.java:213, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE > * RCN: Redundant nullcheck of shippingAddress, which is known to be non-null > in > org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext, > Map) > This method contains a redundant check of a known non-null value against the > constant null. > TaxAuthorityServices.java:388,RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE > * RCN: Nullcheck of taxAuthorityRateProduct at line 388 of value previously > dereferenced in > org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator, > GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal, > BigDecimal, BigDecimal, BigDecimal) > A value is checked here to see whether it is null, but this value can't be > null because it was previously dereferenced and if it were null a null > pointer exception would have occurred at the earlier dereference. > Essentially, this code and the previous dereference disagree as to whether > this value is allowed to be null. Either the check is redundant or the > previous dereference is erroneous. -- This message was sent by Atlassian JIRA (v6.4.14#64029)