Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Minor
    • Resolution: Implemented
    • Affects Version/s: Trunk
    • Fix Version/s: 17.12.01
    • Component/s: framework
    • Labels:
      None

      Description

      • ServiceEngineTestServices.java:316, REC_CATCH_EXCEPTION
        REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.test.ServiceEngineTestServices.testServiceOwnTxSubServiceAfterSetRollbackOnlyInParent(DispatchContext, Map)

      This method uses a try-catch block that catches Exception objects, but Exception is not thrown within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern to say try

      { ... }

      catch (Exception e)

      { something }

      as a shorthand for catching a number of types of exception each of whose catch blocks is identical, but this construct also accidentally catches RuntimeException as well, masking potential bugs.

      A better approach is to either explicitly catch the specific exceptions that are thrown, or to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime Exceptions, as shown below:

      try

      { ... }

      catch (RuntimeException e)

      { throw e; }

      catch (Exception e)

      { ... deal with all non-runtime exceptions ... }
      • ServiceSOAPTests.java:41, DM_FP_NUMBER_CTOR
        Bx: org.apache.ofbiz.service.test.ServiceSOAPTests.testSOAPSimpleService() invokes inefficient new Double(String) constructor; use Double.valueOf(String) instead

      Using new Double(double) is guaranteed to always result in a new object whereas Double.valueOf(double) allows caching of values to be done by the compiler, class library, or JVM. Using of cached values avoids object allocation and the code will be faster.

      Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or the valueOf() method when creating instances of Double and Float.

      • XmlRpcTests.java:41, MS_PKGPROTECT
        MS: org.apache.ofbiz.service.test.XmlRpcTests.url should be package protected

      A mutable static field could be changed by malicious code or by accident. The field could be made package protected to avoid this vulnerability.

      • XmlRpcTests.java:47, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
        ST: Write to static field org.apache.ofbiz.service.test.XmlRpcTests.url from instance method new org.apache.ofbiz.service.test.XmlRpcTests(String)

      This instance method writes to a static field. This is tricky to get correct if multiple instances are being manipulated, and generally bad practice.

        Attachments

          Activity

            People

            • Assignee:
              mbrohl Michael Brohl
              Reporter:
              Dennis Balkir Dennis Balkir
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: