Details
Description
The Fortify Software "Java Open Review" site lists ICEfaces as having 14 "defects" as of a scan completed against our trunk repository on Jan. 8, 2008. Note that as of the 1.7DR#3 release on Dec. 20th, 2007 ICEfaces was listed as being defect free, so something has changed between then and Jan. 8th to cause these failures.
http://opensource.fortifysoftware.com/welcome.html
http://opensource.fortifysoftware.com/welcome.html
Activity
Ken Fyten
created issue -
Ken Fyten
made changes -
Field | Original Value | New Value |
---|---|---|
Fix Version/s | 1.7 [ 10080 ] | |
Assignee Priority | P2 | |
Assignee | Ted Goddard [ ted.goddard ] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15904 | Mon Mar 03 15:47:02 MST 2008 | frank.ye | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/component-metadata/build.xml
DEL /icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/jsfmeta/eclipse/PropertyClassNameUtil.java DEL /icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/jsfmeta/eclipse/CMProperties.java DEL /icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/jsfmeta/eclipse/CMParserHelper.java DEL /icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/jsfmeta/eclipse/CMGenerator.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15906 | Mon Mar 03 16:07:00 MST 2008 | jack.van.ooststroom | JIRA |
Files Changed | ||||
DEL
/icefaces/trunk/icefaces/ahs/src/com/icesoft/faces/async/server/AsyncServlet.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15910 | Mon Mar 03 17:09:29 MST 2008 | mark.collette | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/effects/CurrentStyle.java
MODIFY /icefaces/trunk/icefaces/samples/component-showcase/src/com/icesoft/icefaces/samples/showcase/navigation/TreeNavigation.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/TagToTagClassElement.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/selectinputdate/SelectInputDate.java MODIFY /icefaces/trunk/icefaces/component/src/com/icesoft/faces/component/panelcollapsible/PanelCollapsible.java MODIFY /icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/metadata/generators/TLDGenerator.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15912 | Mon Mar 03 17:21:06 MST 2008 | jack.van.ooststroom | JIRA |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/ahs/src/com/icesoft/faces/async/server/AsyncHttpServerAdaptingServlet.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15914 | Mon Mar 03 18:00:15 MST 2008 | mark.collette | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/component-metadata/src/main/java/com/icesoft/metadata/generators/TLDGenerator.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15928 | Tue Mar 04 17:36:47 MST 2008 | mark.collette | |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/samples/address-demo/src/com/icesoft/applications/faces/address/MatchAddressDB.java
|
Ken Fyten
made changes -
Assignee | Ted Goddard [ ted.goddard ] | Mircea Toma [ mircea.toma ] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15933 | Wed Mar 05 12:06:46 MST 2008 | mircea.toma | Change clause order. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/AbstractAttributeMap.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15934 | Wed Mar 05 12:07:41 MST 2008 | mircea.toma | Throw exception on null conversion. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/ahs/src/com/icesoft/util/Properties.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15935 | Wed Mar 05 12:08:30 MST 2008 | mircea.toma | Use HEX strings for Etags. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/http/common/standard/CacheControlledServer.java
|
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15936 | Wed Mar 05 12:11:38 MST 2008 | mircea.toma | Use ExternalContext stub for unknown environments. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/View.java
ADD /icefaces/trunk/icefaces/core/src/com/icesoft/faces/context/UnknownExternalContext.java |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15937 | Wed Mar 05 12:12:26 MST 2008 | mircea.toma | Refactor. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/StubPageContext.java
MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/StubHttpServletResponse.java MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/Parser.java |
Mircea Toma
made changes -
Status | Open [ 1 ] | Resolved [ 5 ] |
Resolution | Fixed [ 1 ] |
Repository | Revision | Date | User | Message |
ICEsoft Public SVN Repository | #15943 | Wed Mar 05 16:50:38 MST 2008 | mircea.toma | Replicate previous behavior to return a null when PageContext.getSession() is called. |
Files Changed | ||||
MODIFY
/icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/StubPageContext.java
MODIFY /icefaces/trunk/icefaces/core/src/com/icesoft/faces/webapp/parser/StubHttpServletResponse.java |
Ken Fyten
made changes -
Fix Version/s | 1.7RC1 [ 10123 ] | |
Fix Version/s | 1.7 [ 10080 ] |
Ken Fyten
made changes -
Security | Private [ 10001 ] |
Ken Fyten
made changes -
Fix Version/s | 1.7 [ 10080 ] |
Ken Fyten
made changes -
Status | Resolved [ 5 ] | Closed [ 6 ] |
Assignee Priority | P2 | |
Assignee | Mircea Toma [ mircea.toma ] |
Redundant Comparison to null.
AbstractAttributeMap.java:318 Mircea
318 if (!value.equals(AbstractAttributeMap.this.get(key)) ||
319 key == null || value == null)
320 return false;
Either perform (value == null) first or remove the test; a NullPointerException will be thrown by the first conditional clause.
CMGenerator.java:145 Frank
145 Node testElement = getElementByCategoryName(tagElement, "category",propertyBean.getCategory());
...
150 categoryElement.setAttribute("displaylabel", "%Category.Label."+propertyBean.getCategory());
...
156 if(propertyBean != null && propertyBean.getCategory() != null){
propertyBean != null will already have thrown NullPointerException on line 145 (and 150). Recommend just remove the test for null.
CurrentStyle.java:257 Adnan/Mark
257 Map map = (Map) facesContext.getExternalContext().getSessionMap()
{ 303 log.error("Faces Context is null"); 304 }...
302 if (facesContext == null)
NullPointerException will already have been thrown on line 257. Recommend remove the test on line 302.
SelectInputDate.java:891 Adnan/Mark
891 if (this.highlightWeekClass.indexOf(highlightWeekClass) == -1) {
892 if (this.highlightWeekClass == null || this.highlightWeekClass.length() == 0)
NullPointerException will already have been thrown on line 891. Recommend remove the test for null on line 892.
SelectInputDate.java:900 Adnan/Mark
900 if (this.highlightDayClass.indexOf(highlightDayClass) == -1) {
901 if (this.highlightDayClass == null || this.highlightDayClass.length() == 0)
NullPointerException will already have been thrown on line 900. Recommend remove the test for null on line 901.
TLDGenerator.java:249 Mark
249 if (cb.isSuppressed())
...
256 if(cb == null){
NullPointerException will already have been thrown on line 249. Recommend remove the test for null on line 256.
Bad use of return value.
CacheControlledServer.java:65 Mircea
65 String eTag = String.valueOf(Math.abs(request.getURI().hashCode()));
Fortify claims that Math.abs(Integer.MIN_VALUE) == Integer.MIN_VALUE, so recommend replacing with
Integer.toHexString(request.getURI().hashCode()));
Confusing Method Name.
TagToTagClassElement.java:51 Mark
51 public void TagToTagClassElement() {
remove void and change to a constructor.
Null pointer dereference.
AsynchServlet.java:83 Jack
83 asyncHttpServer.stop();
Class seems to contain unused code. Recommend commenting out line.
AsynchServlet.java:83 Jack
202 out.print( "Server is listening on port: " + asyncHttpServer.getPort() );
Not clear where asyncHttpServer is set. Make Class abstract or check for null asyncHttpServer here?
MatchAddressDB.java:141 Brad
141 xDecode.close();
Test for null xDecode near beginning of function and return if null.
PanelCollapsible.java:269 Adnan/Mark
266 else
{ 267 message = new FacesMessage(messageStr); 268 }269 message.setSeverity(FacesMessage.SEVERITY_ERROR);
Can't construct message in the else block and then use it below. Recommend just construct outside the else block.
Properties.java:581 Mircea
581 return String.valueOf(null);
Recommend static String constant "(null)" for return value.
Properties.java:810 Mircea
808 if (value == null || value instanceof String) {
809 try{
810 return Double.valueOf((String)value).doubleValue();
Recommend adding separate block to test for null value and throw specific PropertyException("value is null")
Properties.java:827 Mircea
825 if (value == null || value instanceof String) {
826 try{
827 return Float.valueOf((String)value).floatValue();
Recommend adding separate block to test for null value and throw specific PropertyException("value is null")
Uncallable method of anonymous class.
AsyncHttpServerAdaptingServlet.java:75 Jack
75 protected void updatedViewsQueueExceeded(
Fortify claims this method is not callable. Recommend removing it.
Uninitialized read of field in constructor
TreeNavigation.java: 91 Adnan/Mark
91 rootObject.setNavigationSelection(navigationBean);
navigationBean is not initialized in the constructor. Recommend initialize to null when declared.
View.java:76 Mircea
76 this.facesContext = new BridgeFacesContext(externalContext, viewIdentifier, sessionID, this, configuration, resourceDispatcher);
externalContext is not initialized here. Recommend initialize to null when declared (strange to pass it, though).
Unwritten field.
AsyncServlet.java:83 Jack
Same problem as above.
StubPageContext.java: 97 Mircea
97 if (httpSession == null) {
httpSession never initialized. Recommend initialize to null when declared;
StubPageContext.java: 212 Mircea
212 return servletRequest;
servletRequest never initialized. Recommend initialize to null when declared;