Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9450 Fixing defects reported by code analysis tools
  3. OFBIZ-9452

[FB] Package org.apache.ofbiz.accounting.tax

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • Trunk
    • 17.12.01
    • accounting
    • None
    • Patch

    Description

      TaxAuthorityServices.java:60, MS_SHOULD_BE_FINAL

      • MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxFinalDecimals isn't final but should be
        This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      TaxAuthorityServices.java:61, MS_SHOULD_BE_FINAL

      • MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxCalcDecimals isn't final but should be
        This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      TaxAuthorityServices.java:62, MS_SHOULD_BE_FINAL

      • MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxRounding isn't final but should be
        This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      TaxAuthorityServices.java:168, NP_LOAD_OF_KNOWN_NULL_VALUE

      • NP: Load of known null value in org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext, Map)
        The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was non-null).

      TaxAuthorityServices.java:213, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of shippingAddress, which is known to be non-null in org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext, Map)
        This method contains a redundant check of a known non-null value against the constant null.

      TaxAuthorityServices.java:388,RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE

      • RCN: Nullcheck of taxAuthorityRateProduct at line 388 of value previously dereferenced in org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator, GenericValue, GenericValue, String, String, Set, BigDecimal, BigDecimal, BigDecimal, BigDecimal, BigDecimal)
        A value is checked here to see whether it is null, but this value can't be null because it was previously dereferenced and if it were null a null pointer exception would have occurred at the earlier dereference. Essentially, this code and the previous dereference disagree as to whether this value is allowed to be null. Either the check is redundant or the previous dereference is erroneous.

      Attachments

        Activity

          People

            mbrohl Michael Brohl
            Kyra Pritzel-Hentley Kyra Pritzel-Hentley
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: