Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9450 Fixing defects reported by code analysis tools
  3. OFBIZ-9566

[FB] Package org.apache.ofbiz.base.config

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Implemented
    • Trunk
    • 17.12.01
    • base
    • None

    Description

      FileLoader.java:30, SE_NO_SERIALVERSIONID,

      SnVI: org.apache.ofbiz.base.config.FileLoader is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      MainResourceHandler.java:-1, CI_CONFUSED_INHERITANCE,

      CI: Class org.apache.ofbiz.base.config.MainResourceHandler is final but declares protected field org.apache.ofbiz.base.config.MainResourceHandler.xmlFilename

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      MainResourceHandler.java:-1, CI_CONFUSED_INHERITANCE,

      CI: Class org.apache.ofbiz.base.config.MainResourceHandler is final but declares protected field org.apache.ofbiz.base.config.MainResourceHandler.location

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      MainResourceHandler.java:-1, CI_CONFUSED_INHERITANCE,

      CI: Class org.apache.ofbiz.base.config.MainResourceHandler is final but declares protected field org.apache.ofbiz.base.config.MainResourceHandler.loaderName

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      MainResourceHandler.java:37, SE_NO_SERIALVERSIONID,

      SnVI: org.apache.ofbiz.base.config.MainResourceHandler is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      ResourceLoader.java:159, REC_CATCH_EXCEPTION,

      REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.base.config.ResourceLoader.makeLoader(Element)

      This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try

      { ... }

      catch (Exception e)

      { something }

      as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

      A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

      try

      { ... }

      catch (RuntimeException e)

      { throw e; }

      catch (Exception e)

      { ... deal with all non-runtime exceptions ... }

      UrlLoader.java:30, SE_NO_SERIALVERSIONID,

      SnVI: org.apache.ofbiz.base.config.UrlLoader is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      Attachments

        1. OFBIZ-9566.patch
          9 kB
          Tobias Laufkötter

        Activity

          People

            jleroux Jacques Le Roux
            tlaufkoetter Tobias Laufkötter
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: