Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Implemented
    • Affects Version/s: Trunk
    • Fix Version/s: Upcoming Release
    • Component/s: framework
    • Labels:
      None

      Description

      • ServiceEngineTestServices.java:316, REC_CATCH_EXCEPTION
        REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.test.ServiceEngineTestServices.testServiceOwnTxSubServiceAfterSetRollbackOnlyInParent(DispatchContext, Map)

      This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try

      { ... }

      catch (Exception e)

      { something }

      as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

      A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

      try

      { ... }

      catch (RuntimeException e)

      { throw e; }

      catch (Exception e)

      { ... deal with all non-runtime exceptions ... }
      • ServiceSOAPTests.java:41, DM_FP_NUMBER_CTOR
        Bx: org.apache.ofbiz.service.test.ServiceSOAPTests.testSOAPSimpleService() invokes inefficient new Double(String) constructor; use Double.valueOf(String) instead

      Using new Double(double) is guaranteed to always result in a new object whereas Double.valueOf(double) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.

      Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Double and Float.

      • XmlRpcTests.java:41, MS_PKGPROTECT
        MS: org.apache.ofbiz.service.test.XmlRpcTests.url should be package protected

      A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

      • XmlRpcTests.java:47, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
        ST: Write to static field org.apache.ofbiz.service.test.XmlRpcTests.url from instance method new org.apache.ofbiz.service.test.XmlRpcTests(String)

      This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

        Activity

        Hide
        Dennis Balkir Dennis Balkir added a comment -
        • Diamond Operators fixed

        class ServiceSOAPTests:

        • Line 41: changed the new operator to Double.valueOf() because is faster

        class XmlRpcTests:

        • Line 41: changed the parameter to private
        • Line 47: it is possible to refactor this into a new method, but it doesn’t really make sense
        Show
        Dennis Balkir Dennis Balkir added a comment - Diamond Operators fixed class ServiceSOAPTests: Line 41: changed the new operator to Double.valueOf() because is faster class XmlRpcTests: Line 41: changed the parameter to private Line 47: it is possible to refactor this into a new method, but it doesn’t really make sense
        Hide
        mbrohl Michael Brohl added a comment -

        Thanks Dennis,

        your patch is in trunk r1812061.

        Show
        mbrohl Michael Brohl added a comment - Thanks Dennis, your patch is in trunk r1812061.

          People

          • Assignee:
            mbrohl Michael Brohl
            Reporter:
            Dennis Balkir Dennis Balkir
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development