Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-5003

Possible bugs in the source code

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 4.0.9, 4.1.1
    • karaf
    • None

    Description

      Hello!

      We've checked your project with static code analyzer AppChecker and it found several possible defects:
      1) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/web/src/main/java/org/apache/karaf/web/internal/WebContainerServiceImpl.java#L85

      contextPath.trim();

      contextPath is not changed. Probably it should be:

      contextPath = contextPath.trim();

      2) https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/shell/RepoRemoveCommand.java#L120

      if (repository.equals(repository)) {

      repository is compared with itself. Probably it should be:

      if (this.repository.equals(repository)) {

      same place - https://github.com/apache/karaf-cellar/blob/d3c028808b20ce09f20c2e6c6eca2cef70a86d15/features/src/main/java/org/apache/karaf/cellar/features/management/internal/CellarFeaturesMBeanImpl.java#L563

      3) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/tooling/karaf-maven-plugin/src/main/java/org/apache/karaf/tooling/features/GenerateDescriptorMojo.java#L320

                      enableGeneration = !"feature".equals(packaging) && !"feature".equals(packaging);

      !"feature".equals(packaging) is checked twice

      4) https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/main/src/main/java/org/apache/karaf/main/lock/DefaultJDBCLock.java#L157

                  return metadata != null && (checkTableExists(tableName.toLowerCase(), metadata) //
                || checkTableExists(tableName.toLowerCase(), metadata));

      checkTableExists(tableName.toLowerCase(), metadata) is checked twice

      5) Not a bug, pedantic remark
      https://github.com/apache/karaf/blob/d2894bfabaa73baa63f73675df1b4ae980528517/shell/core/src/main/java/org/apache/karaf/shell/support/table/ShellTable.java#L166

              if (ps.getClass().getName().equals("org.apache.felix.gogo.runtime.threadio.ThreadPrintStream")) {

      Not recommended to comparising of classes by name. See:
      https://cwe.mitre.org/data/definitions/486.html
      https://www.securecoding.cert.org/confluence/display/java/OBJ09-J.+Compare+classes+and+not+class+names

      We hope this was helpful

      Attachments

        Activity

          People

            jbonofre Jean-Baptiste Onofré
            AppChecker AppChecker
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: