[jira] [Updated] (OFBIZ-10061) [FB] Package org.apache.ofbiz.service.jms

> [FB] Package org.apache.ofbiz.service.jms
> -----------------------------------------
>
>                 Key: OFBIZ-10061
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10061
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL APPLICATIONS, ALL COMPONENTS
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Priority: Minor
>         Attachments: OFBIZ-No_org.apache.ofbiz.service.jms_bugfixes.patch
>
>
> JmsListenerFactory.java:47, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.service.jms.JmsListenerFactory.listeners isn't final but should be
> This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
> JmsListenerFactory.java:48, MS_SHOULD_BE_FINAL
> - MS: org.apache.ofbiz.service.jms.JmsListenerFactory.servers isn't final but should be
> This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
> JmsListenerFactory.java:74, SC_START_IN_CTOR
> - SC: new org.apache.ofbiz.service.jms.JmsListenerFactory(Delegator) invokes Thread.start()
> The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.
> JmsListenerFactory.java:126, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsListenerFactory.loadListeners()
> This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> JmsListenerFactory.java:160, REC_CATCH_EXCEPTION
> - REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsListenerFactory.loadListener(String, Server)
> This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> JmsServiceEngine.java:97, REC_CATCH_EXCEPTION, Priorität: Niedrig
> REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsServiceEngine.makeMessage(Session, ModelService, Map)
> This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
> A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
>   try {
>     ...
>   } catch (RuntimeException e) {
>     throw e;
>   } catch (Exception e) {
>     ... deal with all non-runtime exceptions ...
>   }
> JmsServiceEngine.java:269, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> - RCN: Redundant nullcheck of clientId, which is known to be non-null in org.apache.ofbiz.service.jms.JmsServiceEngine.runXaQueue(ModelService, Map, Element)
> This method contains a redundant check of a known non-null value against the constant null.