(ofbiz-framework) branch trunk updated: Improved: Fix some bugs SpotBugs reports (OFBIZ-12386)

Tue, 29 Oct 2024 03:42:24 -0700 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new cadd22050a Improved: Fix some bugs SpotBugs reports (OFBIZ-12386)
cadd22050a is described below

commit cadd22050a54cae061c3ab498d153b70652a84eb
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Tue Oct 29 11:39:29 2024 +0100

    Improved: Fix some bugs SpotBugs reports (OFBIZ-12386)
    
    Fixes
    
    Bug: Invoking toString on an array in
    org.apache.ofbiz.security.SecuredUpload.isValidEncodedText(String, List)
    The code invokes toString on an array, which will generate a rather useless
    result like [C@16f0472.
    
    Consider using String.valueOf to convert an array to a readable string
    containing the values ​​of the array.
    Rank: Scary (8), confidence: High
    Pattern: DMI_INVOKING_TOSTRING_ON_ARRAY
---
 .../src/main/java/org/apache/ofbiz/security/SecuredUpload.java      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index 0b80473b75..3a01307bb6 100644
--- 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -129,9 +129,9 @@ public class SecuredUpload {
      */
     public static boolean isValidEncodedText(String content, List<String> 
allowed) throws IOException {
         try {
-            return 
!isValidText(Base64.getDecoder().decode(content).toString(), allowed, false)
-                    || 
!isValidText(Base64.getMimeDecoder().decode(content).toString(), allowed, false)
-                    || 
!isValidText(Base64.getUrlDecoder().decode(content).toString(), allowed, false);
+            return 
!isValidText(String.valueOf(Base64.getDecoder().decode(content)), allowed)
+                    || 
!isValidText(String.valueOf(Base64.getMimeDecoder().decode(content)), allowed)
+                    || 
!isValidText(String.valueOf(Base64.getUrlDecoder().decode(content)), allowed);
         } catch (IllegalArgumentException e) {
             // the encoded text isn't a Base64, allow it because there is no 
security risk
             return true;

Reply via email to