- Bx: org.apache.ofbiz.bi.util.DimensionServices.loadDateDimension(DispatchContext, Map) invokes inefficient new Long(long) constructor; use Long.valueOf(long) instead
Using new Integer(int) is guaranteed to always result in a new object whereas Integer.valueOf(int) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.
Values between -128 and 127 are guaranteed to have corresponding cached instances and using valueOf is approximately 3.5 times faster than using constructor. For values outside the constant range the performance of both styles is the same.
Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Long, Integer, Short, Character, and Byte.
- MS: org.apache.ofbiz.birt.BirtFactory.engine should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
- Field is a mutable collection which should be package protected
A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.
- Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.birt.BirtWorker.exportReport(IReportRunnable, Map, String, OutputStream)
A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
- DLS: Dead store to writeFilters in org.apache.ofbiz.birt.BirtWorker.recordReportContent(Delegator, LocalDispatcher, Map)
This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.
Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.
- RV: new org.apache.ofbiz.base.util.GeneralException(String) not thrown in org.apache.ofbiz.birt.BirtWorker.recordReportContent(Delegator, LocalDispatcher, Map)
This code creates an exception (or error) object, but doesn't do anything with it. For example, something like
if (x < 0)
new IllegalArgumentException("x must be nonnegative");
It was probably the intent of the programmer to throw the created exception:
if (x < 0)
throw new IllegalArgumentException("x must be nonnegative");
- RCN: Redundant nullcheck of cc, which is known to be non-null in org.apache.ofbiz.birt.container.BirtContainer.start()
This method contains a redundant check of a known non-null value against the constant null.