- QRCodeEvents.java:76, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
RCN: Redundant nullcheck of mimeType, which is known to be non-null in org.apache.ofbiz.common.qrcode.QRCodeEvents.serveQRCodeImage(HttpServletRequest, HttpServletResponse)
This method contains a redundant check of a known non-null value against the constant null.
- QRCodeServices.java:77, MS_PKGPROTECT
MS: org.apache.ofbiz.common.qrcode.QRCodeServices.FORMAT_NAMES should be package protected
A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.
- QRCodeServices.java:79, MS_MUTABLE_COLLECTION_PKGPROTECT
Field is a mutable collection which should be package protected
A mutable collection instance is assigned to a final static field, thus can be changed by malicious code or by accident from another package. The field could be made package protected to avoid this vulnerability. Alternatively you may wrap this field into Collections.unmodifiableSet/List/Map/etc. to avoid this vulnerability.
- QRCodeServices.java:93, MS_SHOULD_BE_REFACTORED_TO_BE_FINAL
MS: org.apache.ofbiz.common.qrcode.QRCodeServices.defaultLogoImage isn't final but should be refactored to be so
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability. However, the static initializer contains more than one write to the field, so doing so will require some refactoring.
- QRCodeServices.java:252, DM_CONVERT_CASE
Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.common.qrcode.QRCodeServices.toBufferedImage(BitMatrix, String)
A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )