Julian Leichert created OFBIZ-9809:
--------------------------------------
Summary: [FB] Package org.apache.ofbiz.product.test
Key: OFBIZ-9809
URL:
https://issues.apache.org/jira/browse/OFBIZ-9809 Project: OFBiz
Issue Type: Sub-task
Components: product
Affects Versions: Trunk
Reporter: Julian Leichert
Priority: Minor
InventoryItemTransferTest.java:34, MS_PKGPROTECT
- MS: org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
InventoryItemTransferTest.java:62, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
- ST: Write to static field org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId from instance method org.apache.ofbiz.product.test.InventoryItemTransferTest.testCreateInventoryItemsTransfer()
This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
StockMovesTest.java:56, DLS_DEAD_LOCAL_STORE
- DLS: Dead store to warningList in org.apache.ofbiz.product.test.StockMovesTest.testStockMoves()
This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Locked
