ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kyra Pritzel-Hentley (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9452) [FB] Package org.apache.ofbiz.accounting.tax
Date Fri, 07 Jul 2017 10:21:00 GMT
Kyra Pritzel-Hentley created OFBIZ-9452:
-------------------------------------------

             Summary: [FB] Package org.apache.ofbiz.accounting.tax
                 Key: OFBIZ-9452
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9452
             Project: OFBiz
          Issue Type: Sub-task
          Components: accounting
    Affects Versions: Trunk
            Reporter: Kyra Pritzel-Hentley
            Priority: Minor


TaxAuthorityServices.java:60, MS_SHOULD_BE_FINAL
* MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxFinalDecimals isn't final
but should be
This static field public but not final, and could be changed by malicious code or by accident
from another package. The field could be made final to avoid this vulnerability.

TaxAuthorityServices.java:61, MS_SHOULD_BE_FINAL
* MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxCalcDecimals isn't final
but should be
This static field public but not final, and could be changed by malicious code or by accident
from another package. The field could be made final to avoid this vulnerability.

TaxAuthorityServices.java:62, MS_SHOULD_BE_FINAL
* MS: org.apache.ofbiz.accounting.tax.TaxAuthorityServices.salestaxRounding isn't final but
should be
This static field public but not final, and could be changed by malicious code or by accident
from another package. The field could be made final to avoid this vulnerability.

TaxAuthorityServices.java:168, NP_LOAD_OF_KNOWN_NULL_VALUE
* NP: Load of known null value in org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
Map)
The variable referenced at this point is known to be null due to an earlier check against
null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different
variable, or perhaps the earlier check to see if the variable is null should have been a check
to see if it was non-null).

TaxAuthorityServices.java:213, RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE
* RCN: Redundant nullcheck of shippingAddress, which is known to be non-null in org.apache.ofbiz.accounting.tax.TaxAuthorityServices.rateProductTaxCalc(DispatchContext,
Map)
This method contains a redundant check of a known non-null value against the constant null.

TaxAuthorityServices.java:388,RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
* RCN: Nullcheck of taxAuthorityRateProduct at line 388 of value previously dereferenced in
org.apache.ofbiz.accounting.tax.TaxAuthorityServices.getTaxAdjustments(Delegator, GenericValue,
GenericValue, String, String, Set, BigDecimal, BigDecimal, BigDecimal, BigDecimal, BigDecimal)
A value is checked here to see whether it is null, but this value can't be null because it
was previously dereferenced and if it were null a null pointer exception would have occurred
at the earlier dereference. Essentially, this code and the previous dereference disagree as
to whether this value is allowed to be null. Either the check is redundant or the previous
dereference is erroneous.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message