OFBiz OFBiz - Notifications

[jira] [Updated] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Nicolas Malin (Jira)
Reply | Threaded
Open this post in threaded view
|

[jira] [Updated] (OFBIZ-9486) [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware

Nicolas Malin (Jira)

     [ https://issues.apache.org/jira/browse/OFBIZ-9486?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kyra Pritzel-Hentley updated OFBIZ-9486:
----------------------------------------
    Description:
PcChargeApi.java:81: 82, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.


PcChargeApi.java:189, DM_DEFAULT_ENCODING
* Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new java.io.PrintStream(OutputStream)
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

PcChargeApi.java:198, DM_DEFAULT_ENCODING
* Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new String(byte[], int, int)

PcChargeServices.java:94: 180: 246: 306, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of out, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
This method contains a redundant check of a known non-null value against the constant null.

RitaApi.java:80, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

RitaApi.java:84, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of api, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
This method contains a redundant check of a known non-null value against the constant null.

  was:
PcChargeApi.java:81: 82, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.


PcChargeApi.java:189, DM_DEFAULT_ENCODING
* Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new java.io.PrintStream(OutputStream)
Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.

PcChargeApi.java:198, DM_DEFAULT_ENCODING
* Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new String(byte[], int, int)

PcChargeServices.java:94: 180: 246: 306, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of out, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices.ccAuth(DispatchContext, Map)
This method contains a redundant check of a known non-null value against the constant null.

RitaApi.java:80, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

RitaApi.java:84, MS_PKGPROTECT
* MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of api, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices.ccAuth(DispatchContext, Map)
This method contains a redundant check of a known non-null value against the constant null.


> [FB] Package org.apache.ofbiz.accounting.thirdparty.gosoftware
> --------------------------------------------------------------
>
>                 Key: OFBIZ-9486
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9486
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Kyra Pritzel-Hentley
>            Priority: Minor
>
> PcChargeApi.java:81: 82, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.validOut should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
> PcChargeApi.java:189, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new java.io.PrintStream(OutputStream)
> Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
> PcChargeApi.java:198, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeApi.send(): new String(byte[], int, int)
> PcChargeServices.java:94: 180: 246: 306, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of out, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.PcChargeServices
> This method contains a redundant check of a known non-null value against the constant null.
> RitaApi.java:80, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validOut should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
> RitaApi.java:84, MS_PKGPROTECT
> * MS: org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaApi.validIn should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
> RitaServices.java:61: 98: 164: 184: 233: 260: 301: 329, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
> * RCN: Redundant nullcheck of api, which is known to be non-null in org.apache.ofbiz.accounting.thirdparty.gosoftware.RitaServices
> This method contains a redundant check of a known non-null value against the constant null.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Free forum by Nabble Edit this page