You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Karsten Tymann (JIRA)" <ji...@apache.org> on 2017/07/31 14:01:14 UTC
[jira] [Comment Edited] (OFBIZ-9545) [FB] Package
org.apache.ofbiz.accounting.thirdparty.sagepay
[ https://issues.apache.org/jira/browse/OFBIZ-9545?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16107338#comment-16107338 ]
Karsten Tymann edited comment on OFBIZ-9545 at 7/31/17 2:01 PM:
----------------------------------------------------------------
The patch fixes the problems given by the FindBugs tool.
However while refactoring the code a potential NPE was found that might be problematic for the SagePayPayment Transaction. Maybe someone with more knowledge about the SagePay Transaction can help and provide insight for the patch and whether the implementation is correct.
The concerning classes/files are the following:
* SagePayServices.java
* services_sagepay.xml
*SagePayServices*
{code:java}
buildSagePayProperties(Map<String, Object> context, Delegator delegator)
{code}
The method constructs the sagepay-configuration as a map via the "PaymentGatewaySagePay" entity.
While iterating through the map the value is not checked for being initialized and therefore a NullPointerException can occur when the .toString() operation is called.
I fixed this behavior by checking the Object being null.
This lead to the following problem which I need help on.
{code:java}
paymentAuthentication(DispatchContext ctx, Map<String, Object> context)
{code}
The method states with an inline-comment that the following parameters are required:
{code:java}
//start - required parameters
String vpsProtocol = props.get("protocolVersion");
String vendor = props.get("vendor");
String txType = props.get("authenticationTransType");
...
resultMap.put("transactionType", txType);
{code}
And checking back on the Service-Method inside *services_sagepay.xml*
{code:java}
SagePayPaymentAuthentication
{code}
one can see that especially the transactionType is expected as an OUT parameter.
Because of this I figured that if one of the 3 parameters stated as required is null, an error should be returned and the service should stop.
In my opinion the thought process and the patch is correct but someone with a better knowledge of the SagePayTransaction should check the patch for being correct.
was (Author: karsten tymann):
The patch fixes the problems given by the FindBugs tool.
However while refactoring the code a potential NPE was found that might be problematic for the SagePayPayment Transaction. Maybe someone with more knowledge about the SagePay Transaction can help and provide insight for the patch and whether the implementation is correct.
The concerning classes/files are the following:
* SagePayServices.java
* services_sagepay.xml
*SagePayServices*
{code:java}
buildSagePayProperties(Map<String, Object> context, Delegator delegator)
{code}
The method constructs the sagepay-configuration as a map via the "PaymentGatewaySagePay" entity.
While iterating through the map the value is not checked for being initialized and therefore a NullPointerException can occur when the .toString() operation is called.
I fixed this behavior by checking the Object being null.
This lead to the following problem which I need help on.
{code:java}
paymentAuthentication(DispatchContext ctx, Map<String, Object> context)
{code}
The method states with an inline-comment that the following parameters are required:
{code:java}
//start - required parameters
String vpsProtocol = props.get("protocolVersion");
String vendor = props.get("vendor");
String txType = props.get("authenticationTransType");
...
resultMap.put("transactionType", txType);
{code}
And checking back on the Service-Method
{code:java}
SagePayPaymentAuthentication
{code}
one can see that especially the transactionType is expected as an OUT parameter.
Because of this I figured that if one of the 3 parameters stated as required is null, an error should be returned and the service should stop.
In my opinion the thought process and the patch is correct but someone with a better knowledge of the SagePayTransaction should check the patch for being correct.
> [FB] Package org.apache.ofbiz.accounting.thirdparty.sagepay
> -----------------------------------------------------------
>
> Key: OFBIZ-9545
> URL: https://issues.apache.org/jira/browse/OFBIZ-9545
> Project: OFBiz
> Issue Type: Sub-task
> Components: accounting
> Affects Versions: Trunk
> Reporter: Karsten Tymann
> Priority: Minor
> Attachments: OFBIZ-number_FB_accounting_sagepay.patch
>
>
> SagePayPaymentServices.java:133, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of processAmount in org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.buildCustomerBillingInfo(Map)
> There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.
> SagePayPaymentServices.java:159, NP_LOAD_OF_KNOWN_NULL_VALUE
> * NP: Load of known null value in org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayPaymentServices.ccAuth(DispatchContext, Map)
> The variable referenced at this point is known to be null due to an earlier check against null. Although this is valid, it might be a mistake (perhaps you intended to refer to a different variable, or perhaps the earlier check to see if the variable is null should have been a check to see if it was non-null).
> SagePayServices.java:64, WMI_WRONG_MAP_ITERATOR
> * WMI: org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayServices.buildSagePayProperties(Map, Delegator) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
> SagePayUtil.java:124, NP_NULL_ON_SOME_PATH
> * NP: Possible null pointer dereference of hostUrl in org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHost(Map)
> There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the null pointer exception can't ever be executed; deciding that is beyond the ability of FindBugs.
> SagePayUtil.java:141, DM_DEFAULT_ENCODING
> * Dm: Found reliance on default encoding in org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse): new java.io.InputStreamReader(InputStream)
> Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable. This will cause the application behaviour to vary between platforms. Use an alternative API and specify a charset name or Charset object explicitly.
> SagePayUtil.java:141, OS_OPEN_STREAM
> * OS: org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getResponseData(HttpResponse) may fail to close stream
> The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method. This may result in a file descriptor leak. It is generally a good idea to use a finally block to ensure that streams are closed.
> SagePayUtil.java:164, WMI_WRONG_MAP_ITERATOR
> * WMI: org.apache.ofbiz.accounting.thirdparty.sagepay.SagePayUtil.getHttpPost(String, Map) makes inefficient use of keySet iterator instead of entrySet iterator
> This method accesses the value of a Map entry, using a key that was retrieved from a keySet iterator. It is more efficient to use an iterator on the entrySet of the map, to avoid the Map.get(key) lookup.
> While doing the changes some potential problems with the current behavior of the SagePayPaymentAuthentication occurred which I will describe in the following comment.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)