You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2016/08/23 17:32:20 UTC

[jira] [Updated] (KARAF-4211) Portability Flaw: Locale Dependent Comparison

     [ https://issues.apache.org/jira/browse/KARAF-4211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Baptiste Onofré updated KARAF-4211:
----------------------------------------
    Fix Version/s:     (was: 4.0.6)
                   4.0.7

> Portability Flaw: Locale Dependent Comparison
> ---------------------------------------------
>
>                 Key: KARAF-4211
>                 URL: https://issues.apache.org/jira/browse/KARAF-4211
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>             Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
> The call to compareTo() on line 109 causes portability problems because it has different locales which may lead to unexpected output. This may also circumvent custom validation routines.
> File: features/command/src/main/java/org/apache/karaf/features/command/ListFeaturesCommand.java
> Line: 109
> ListFeaturesCommand.java, lines 107-111:
> 107 class FeatureComparator implements Comparator<Feature> {
> 108     public int compare(Feature o1, Feature o2) {
> 109         return o1.getName().toLowerCase().compareTo( o2.getName().toLowerCase() );
> 110     }
> 111 }



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)