Minor Description
FinAccountHelper.java:49, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.decimals isn't final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
FinAccountHelper.java:50, MS_SHOULD_BE_FINAL
- MS: org.apache.ofbiz.order.finaccount.FinAccountHelper.rounding isn't final but should be
This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability.
FinAccountHelper.java:139, DM_CONVERT_CASE
- Dm: Use of non-localized String.toUpperCase() or String.toLowerCase() in org.apache.ofbiz.order.finaccount.FinAccountHelper.getFinAccountFromCode(String, Delegator)
A String is being converted to upper or lowercase, using the platform's default encoding. This may result in improper conversions when used with international characters. Use the
String.toUpperCase( Locale l )
String.toLowerCase( Locale l )
versions instead.
FinAccountHelper.java:278, SBSC_USE_STRINGBUFFER_CONCATENATION
- SBSC: org.apache.ofbiz.order.finaccount.FinAccountHelper.generateRandomFinNumber(Delegator, int, boolean) concatenates strings using + in a loop
The method seems to be building a String using concatenation in a loop. In each iteration, the String is converted to a StringBuffer/StringBuilder, appended to, and converted back to a String. This can lead to a cost quadratic in the number of iterations, as the growing string is recopied in each iteration.
Better performance can be obtained by using a StringBuffer (or StringBuilder in Java 1.5) explicitly.
For example:
// This is bad
String s = "";
for (int i = 0; i < field.length; ++i)
// This is better
StringBuffer buf = new StringBuffer();
for (int i = 0; i < field.length; ++i)
String s = buf.toString();