[jira] [Updated] (OFBIZ-9809) [FB] Package org.apache.ofbiz.product.test

> [FB] Package org.apache.ofbiz.product.test
> ------------------------------------------
>
>                 Key: OFBIZ-9809
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9809
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: product
>    Affects Versions: Trunk
>            Reporter: Julian Leichert
>            Priority: Minor
>         Attachments: OFBIZ-9809_org.apache.ofbiz.product.test_bugfixes.patch
>
>
> InventoryItemTransferTest.java:34, MS_PKGPROTECT
> - MS: org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId should be package protected
> A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
> InventoryItemTransferTest.java:62, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
> - ST: Write to static field org.apache.ofbiz.product.test.InventoryItemTransferTest.inventoryTransferId from instance method org.apache.ofbiz.product.test.InventoryItemTransferTest.testCreateInventoryItemsTransfer()
> This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.
> StockMovesTest.java:56, DLS_DEAD_LOCAL_STORE
> - DLS: Dead store to warningList in org.apache.ofbiz.product.test.StockMovesTest.testStockMoves()
> This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.
> Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.