Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9450 Fixing defects reported by code analysis tools
  3. OFBIZ-9713

[FB] Package org.apache.ofbiz.entity.condition

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Minor
    • Resolution: Implemented
    • Trunk
    • 17.12.01
    • framework
    • None

    Description

      • EntityClause.java:142, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
        RCN: Redundant nullcheck of org.apache.ofbiz.entity.condition.EntityOperator.getCode(), which is known to be non-null in org.apache.ofbiz.entity.condition.EntityClause.toString()

      This method contains a redundant check of a known non-null value against the constant null.

      • EntityClause.java:144, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
        RCN: Redundant nullcheck of Object.toString(), which is known to be non-null in org.apache.ofbiz.entity.condition.EntityClause.toString()

      This method contains a redundant check of a known non-null value against the constant null.

      • EntityConditionBase.java:104, EQ_UNUSUAL
        Eq: org.apache.ofbiz.entity.condition.EntityConditionBase.equals(Object) is unusual

      This class doesn't do any of the patterns we recognize for checking that the type of the argument is compatible with the type of the this object. There might not be anything wrong with this code, but it is worth reviewing.

      • EntityConditionBuilder.java:43, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionBuilder$ConditionHolder is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityConditionBuilder.java:90, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityConditionBuilder.createNode(Object)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityConditionBuilder.java:106, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityConditionBuilder.createNode(Object, Map)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityConditionFunction.java:40, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionFunction$NOT is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityConditionFunction.java:91, RC_REF_COMPARISON
        RC: Suspicious comparison of Integer references in org.apache.ofbiz.entity.condition.EntityConditionFunction.equals(Object)

      This method compares two reference values using the == or != operator, where the correct way to compare instances of this type is generally with the equals() method. It is possible to create distinct instances that are equal but do not compare as == since they are different objects. Examples of classes which should generally not be compared by reference are java.lang.Integer, java.lang.Float, etc.

      • EntityConditionList.java:31, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionList is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityConditionParam.java:34, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionParam is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityConditionSubSelect.java:38, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionSubSelect is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityConditionValue.java:40, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityConditionValue$ConstantNumberValue is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityDateFilterCondition.java:-1, CI_CONFUSED_INHERITANCE
        CI: Class org.apache.ofbiz.entity.condition.EntityDateFilterCondition is final but declares protected field org.apache.ofbiz.entity.condition.EntityDateFilterCondition.fromDateName

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      • EntityDateFilterCondition.java:-1, CI_CONFUSED_INHERITANCE
        CI: Class org.apache.ofbiz.entity.condition.EntityDateFilterCondition is final but declares protected field org.apache.ofbiz.entity.condition.EntityDateFilterCondition.thruDateName

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      • EntityDateFilterCondition.java:42, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityDateFilterCondition is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityExpr.java:44, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityExpr is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityExpr.java:143, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityExpr.addValue(StringBuilder, ModelField, Object, List)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityExpr.java:220, NP_NULL_ON_SOME_PATH_EXCEPTION
        NP: Possible null pointer dereference of valueType in org.apache.ofbiz.entity.condition.EntityExpr.checkRhsType(ModelEntity, Delegator) on exception path

      A reference value which is null on some exception control path is dereferenced here. This may lead to a NullPointerException when the code is executed. Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

      Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

      • EntityExpr.java:244, NP_NULL_ON_SOME_PATH_EXCEPTION
        NP: Possible null pointer dereference of rhsType in org.apache.ofbiz.entity.condition.EntityExpr.checkRhsType(ModelEntity, Delegator) on exception path

      A reference value which is null on some exception control path is dereferenced here. This may lead to a NullPointerException when the code is executed. Note that because FindBugs currently does not prune infeasible exception paths, this may be a false warning.

      Also note that FindBugs considers the default case of a switch statement to be an exception path, since the default case is often infeasible.

      • EntityFieldMap.java:-1, CI_CONFUSED_INHERITANCE
        CI: Class org.apache.ofbiz.entity.condition.EntityFieldMap is final but declares protected field org.apache.ofbiz.entity.condition.EntityFieldMap.fieldMap

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      • EntityFieldMap.java:40, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFieldMap is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFieldValue.java:42, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFieldValue is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFunction.java:66, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFunction$LENGTH is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFunction.java:67, MS_SHOULD_BE_FINAL
        MS: org.apache.ofbiz.entity.condition.EntityFunction$LENGTH.FETCHER isn't final but should be

      This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      • EntityFunction.java:80, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFunction$TRIM is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFunction.java:81, MS_SHOULD_BE_FINAL
        MS: org.apache.ofbiz.entity.condition.EntityFunction$TRIM.FETCHER isn't final but should be

      This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      • EntityFunction.java:94, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFunction$UPPER is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFunction.java:95, MS_SHOULD_BE_FINAL
        MS: org.apache.ofbiz.entity.condition.EntityFunction$UPPER.FETCHER isn't final but should be

      This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      • EntityFunction.java:96, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityFunction$UPPER$1.getValue(Object)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityFunction.java:108, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityFunction$LOWER is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityFunction.java:109, MS_SHOULD_BE_FINAL
        MS: org.apache.ofbiz.entity.condition.EntityFunction$LOWER.FETCHER isn't final but should be

      This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      • EntityFunction.java:110, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityFunction$LOWER$1.getValue(Object)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityFunction.java:158, SE_INNER_CLASS
        Se: org.apache.ofbiz.entity.condition.EntityFunction$1 is serializable and an inner class

      This Serializable class is an inner class. Any attempt to serialize it will also serialize the associated outer instance. The outer instance is serializable, so this won't fail, but it might serialize a lot more data than intended. If possible, making the inner class a static inner class (also known as a nested class) should solve the problem.

      • EntityFunction.java:160, SE_INNER_CLASS
        Se: org.apache.ofbiz.entity.condition.EntityFunction$2 is serializable and an inner class

      This Serializable class is an inner class. Any attempt to serialize it will also serialize the associated outer instance. The outer instance is serializable, so this won't fail, but it might serialize a lot more data than intended. If possible, making the inner class a static inner class (also known as a nested class) should solve the problem.

      • EntityJoinOperator.java:39, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityJoinOperator is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • EntityOperator.java:63, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.EntityOperator.registerCase(String, EntityOperator)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • EntityOperator.java:303, EQ_COMPARETO_USE_OBJECT_EQUALS
        Eq: org.apache.ofbiz.entity.condition.EntityOperator$13 defines compareTo(Object) and uses Object.equals()

      This class defines a compareTo(...) method but inherits its equals() method from java.lang.Object. Generally, the value of compareTo should return zero if and only if equals returns true. If this is violated, weird and unpredictable failures will occur in classes such as PriorityQueue. In Java 5 the PriorityQueue.remove method uses the compareTo method, while in Java 6 it uses the equals method.

      From the JavaDoc for the compareTo method in the Comparable interface:

      It is strongly recommended, but not strictly required that (x.compareTo==0) == (x.equals). Generally speaking, any class that implements the Comparable interface and violates this condition should clearly indicate this fact. The recommended language is "Note: this class has a natural ordering that is inconsistent with equals."

      • EntityWhereString.java:-1, CI_CONFUSED_INHERITANCE
        CI: Class org.apache.ofbiz.entity.condition.EntityWhereString is final but declares protected field org.apache.ofbiz.entity.condition.EntityWhereString.sqlString

      This class is declared to be final, but declares fields to be protected. Since the class is final, it can not be derived from, and the use of protected is confusing. The access modifier for the field should be changed to private or public to represent the true use for the field.

      • EntityWhereString.java:47, SE_NO_SERIALVERSIONID
        SnVI: org.apache.ofbiz.entity.condition.EntityWhereString is Serializable; consider declaring a serialVersionUID

      This class implements the Serializable interface, but does not define a serialVersionUID field. A change as simple as adding a reference to a .class object will add synthetic fields to the class, which will unfortunately change the implicit serialVersionUID (e.g., adding a reference to String.class will generate a static field class$java$lang$String). Also, different source code to bytecode compilers may use different naming conventions for synthetic variables generated for references to class objects or inner classes. To ensure interoperability of Serializable across versions, consider adding an explicit serialVersionUID.

      • OrderByItem.java:30, SE_COMPARATOR_SHOULD_BE_SERIALIZABLE
        Se: org.apache.ofbiz.entity.condition.OrderByItem implements Comparator but not Serializable

      This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

      • OrderByItem.java:81, DM_CONVERT_CASE
        Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.entity.condition.OrderByItem.parse(String)

      A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the

      String.toUpperCase( Locale l )
      String.toLowerCase( Locale l )
      versions instead.

      • OrderByItem.java:135, DLS_DEAD_LOCAL_STORE
        DLS: Dead store to endIndex in org.apache.ofbiz.entity.condition.OrderByItem.parse(String)

      This instruction assigns a value to a local variable, but the value is not read or used in any subsequent instruction. Often, this indicates an error, because the value computed is never used.

      Note that Sun's javac compiler often generates dead stores for final local variables. Because FindBugs is a bytecode-based tool, there is no easy way to eliminate these false positives.

      • OrderByItem.java:138, SF_SWITCH_NO_DEFAULT
        SF: Switch statement found in org.apache.ofbiz.entity.condition.OrderByItem.parse(String) where default case is missing

      This method contains a switch statement where default case is missing. Usually you need to provide a default case.

      Because the analysis only looks at the generated bytecode, this warning can be incorrect triggered if the default case is at the end of the switch statement and the switch statement doesn't contain break statements for other cases.

      • OrderByItem.java:196, HE_EQUALS_USE_HASHCODE
        HE: org.apache.ofbiz.entity.condition.OrderByItem defines equals and uses Object.hashCode()

      This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM). Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

      If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

      public int hashCode()

      { assert false : "hashCode not designed"; return 42; // any arbitrary constant will do }
      • OrderByList.java:32, SE_COMPARATOR_SHOULD_BE_SERIALIZABLE
        Se: org.apache.ofbiz.entity.condition.OrderByList implements Comparator but not Serializable

      This class implements the Comparator interface. You should consider whether or not it should also implement the Serializable interface. If a comparator is used to construct an ordered collection such as a TreeMap, then the TreeMap will be serializable only if the comparator is also serializable. As most comparators have little or no state, making them serializable is generally easy and good defensive programming.

      • OrderByList.java:108, HE_EQUALS_USE_HASHCODE
        HE: org.apache.ofbiz.entity.condition.OrderByList defines equals and uses Object.hashCode()

      This class overrides equals(Object), but does not override hashCode(), and inherits the implementation of hashCode() from java.lang.Object (which returns the identity hash code, an arbitrary value assigned to the object by the VM). Therefore, the class is very likely to violate the invariant that equal objects must have equal hashcodes.

      If you don't think instances of this class will ever be inserted into a HashMap/HashTable, the recommended hashCode implementation to use is:

      public int hashCode()

      { assert false : "hashCode not designed"; return 42; // any arbitrary constant will do }

      Attachments

        Activity

          People

            mbrohl Michael Brohl
            Dennis Balkir Dennis Balkir
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: