Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-9450 Fixing defects reported by code analysis tools
  3. OFBIZ-9723

[FB] Package org.apache.ofbiz.entity.datasource

    XMLWordPrintableJSON

Details

    Description

      GenericDAO.java:108, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.insert(GenericEntity)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:171, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleInsert(GenericEntity, ModelEntity, List, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:187, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.updateAll(GenericEntity)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:197, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.update(GenericEntity)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:277, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.singleUpdate(GenericEntity, ModelEntity, List, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:331, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.updateByCondition(ModelEntity, Map, EntityCondition, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:501, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity, SQLProcessor)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:521, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.select(GenericEntity, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:547, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: Normal

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity, Set)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:592, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.partialSelect(GenericEntity, Set)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:763, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectListIteratorByCondition(Delegator, ModelEntity, EntityCondition, EntityCondition, Collection, List, EntityFindOptions)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:854, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE

      • RCN: Redundant nullcheck of viewHavingEntityCondition, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.makeConditionHavingString(StringBuilder, String, ModelEntity, EntityCondition, List, List)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:913, UC_USELESS_OBJECT
      Useless object created

      Our analysis shows that this object is useless. It's created and modified, but its value never go outside of the method or produce any side-effect. Either there is a mistake and object was intended to be used or it can be removed.

      This analysis rarely produces false-positives. Common false-positive cases include:

      • This object used to implicitly throw some obscure exception.
      • This object used as a stub to generalize the code.
      • This object used to hold strong references to weak/soft-referenced objects.

      GenericDAO.java:976, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectByMultiRelation(GenericValue, ModelRelation, ModelEntity, ModelRelation, ModelEntity, List)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:1106, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.selectCountByCondition(Delegator, ModelEntity, EntityCondition, EntityCondition, List, EntityFindOptions)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:1161, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE, Priorität: Normal

      • RCN: Redundant nullcheck of modelEntity, which is known to be non-null in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity, SQLProcessor)

      This method contains a redundant check of a known non-null value against the constant null.

      GenericDAO.java:1174, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.delete(GenericEntity, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericDAO.java:1212, SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING

      • SQL: A prepared statement is generated from a nonconstant String in org.apache.ofbiz.entity.datasource.GenericDAO.deleteByCondition(ModelEntity, EntityCondition, SQLProcessor)

      The code creates an SQL prepared statement from a nonconstant String. If unchecked, tainted data from a user is used in building this String, SQL injection could be used to make the prepared statement do something unexpected and undesirable.

      GenericHelperFactory.java:38, MS_SHOULD_BE_FINAL

      • MS: org.apache.ofbiz.entity.datasource.GenericHelperFactory.helperCache isn't final but should be

      This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.

      GenericHelperFactory.java:81, NP_NULL_ON_SOME_PATH

      • NP: Possible null pointer dereference of helperConstructor in org.apache.ofbiz.entity.datasource.GenericHelperFactory.getHelper(GenericHelperInfo)

      There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.

      Attachments

        Activity

          People

            mbrohl Michael Brohl
            jleichert Julian Leichert
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: