ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis Balkir (JIRA)" <j...@apache.org>
Subject [jira] [Created] (OFBIZ-9694) [FB] Package org.apache.ofbiz.service.test
Date Fri, 08 Sep 2017 12:18:00 GMT
Dennis Balkir created OFBIZ-9694:
------------------------------------

             Summary: [FB] Package org.apache.ofbiz.service.test
                 Key: OFBIZ-9694
                 URL: https://issues.apache.org/jira/browse/OFBIZ-9694
             Project: OFBiz
          Issue Type: Sub-task
          Components: framework
    Affects Versions: Trunk
            Reporter: Dennis Balkir
            Priority: Minor


- ServiceEngineTestServices.java:316, REC_CATCH_EXCEPTION
REC: Exception is caught when Exception is not thrown in org.apache.ofbiz.service.test.ServiceEngineTestServices.testServiceOwnTxSubServiceAfterSetRollbackOnlyInParent(DispatchContext,
Map)

This method uses a try-catch block that catches Exception objects, but Exception is not thrown
within the try block, and RuntimeException is not explicitly caught. It is a common bug pattern
to say try { ... } catch (Exception e) { something } as a shorthand for catching a number
of types of exception each of whose catch blocks is identical, but this construct also accidentally
catches RuntimeException as well, masking potential bugs.

A better approach is to either explicitly catch the specific exceptions that are thrown, or
to explicitly catch RuntimeException exception, rethrow it, and then catch all non-Runtime
Exceptions, as shown below:

  try {
    ...
  } catch (RuntimeException e) {
    throw e;
  } catch (Exception e) {
    ... deal with all non-runtime exceptions ...
  }

- ServiceSOAPTests.java:41, DM_FP_NUMBER_CTOR
Bx: org.apache.ofbiz.service.test.ServiceSOAPTests.testSOAPSimpleService() invokes inefficient
new Double(String) constructor; use Double.valueOf(String) instead

Using new Double(double) is guaranteed to always result in a new object whereas Double.valueOf(double)
allows caching of values to be done by the compiler, class library, or JVM. Using of cached
values avoids object allocation and the code will be faster.

Unless the class must be compatible with JVMs predating Java 1.5, use either autoboxing or
the valueOf() method when creating instances of Double and Float.

- XmlRpcTests.java:41, MS_PKGPROTECT
MS: org.apache.ofbiz.service.test.XmlRpcTests.url should be package protected

A mutable static field could be changed by malicious code or by accident. The field could
be made package protected to avoid this vulnerability.

- XmlRpcTests.java:47, ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD
ST: Write to static field org.apache.ofbiz.service.test.XmlRpcTests.url from instance method
new org.apache.ofbiz.service.test.XmlRpcTests(String)

This instance method writes to a static field. This is tricky to get correct if multiple instances
are being manipulated, and generally bad practice.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message