Details
-
Sub-task
-
Status: Closed
-
Minor
-
Resolution: Implemented
-
Trunk
-
None
Description
JmsListenerFactory.java:47, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.service.jms.JmsListenerFactory.listeners isn't final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
JmsListenerFactory.java:48, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.service.jms.JmsListenerFactory.servers isn't final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
JmsListenerFactory.java:74, SC_START_IN_CTOR
- SC: new org.apache.ofbiz.service.jms.JmsListenerFactory(Delegator) invokes Thread.start()
The constructor starts a thread. This is likely to be wrong if the class is ever extended/subclassed, since the thread will be started before the subclass constructor is started.
JmsListenerFactory.java:126, REC_CATCH_EXCEPTION
- REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsListenerFactory.loadListeners()
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try
{ ... } catch (Exception e) { something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
try { ... } catch (RuntimeException e) { throw e; } catch (Exception e) { ... deal with all non-runtime exceptions ... }
JmsListenerFactory.java:160, REC_CATCH_EXCEPTION
- REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsListenerFactory.loadListener(String, Server)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... }
catch (Exception e)
{ something } as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
try { ... } catch (RuntimeException e) { throw e; } catch (Exception e) { ... deal with all non-runtime exceptions ... }
JmsServiceEngine.java:97, REC_CATCH_EXCEPTION, Priorität: Niedrig
REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.jms.JmsServiceEngine.makeMessage(Session, ModelService, Map)
This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try { ... } catch (Exception e) { something }
as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.
A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:
try
{ ... }catch (RuntimeException e)
{ throw e; }catch (Exception e)
{ ... deal with all non-runtime exceptions ... }JmsServiceEngine.java:269, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
- RCN: Redundant nullcheck of clientId, which is known to be non-null in org.apache.ofbiz.service.jms.JmsServiceEngine.runXaQueue(ModelService, Map, Element)
This method contains a redundant check of a known non-null value against the constant null.