Comments (19)
Rkyzzy
commented on April 28, 2024
1
你好!请问这两个剩余的TODO修复了吗?我能尝试修复吗,谢谢!
from apijson.
TommyLemon
commented on April 28, 2024
感谢,大概看了下,部分问题已确认确实存在,后续将持续改进。
from apijson.
anonymoustoken
commented on April 28, 2024
@mmyjona 您这个 是商业工具吗? 我在网上找了一下 怎么 没有找到呢?
from apijson.
TommyLemon
commented on April 28, 2024
@anonymoustoken 同问,我也没找到哈哈
from apijson.
TommyLemon
commented on April 28, 2024
总结这个报告:
总共 10617 行代码,16 个「可能」的 bug, 24 个改进建议,
平均每行代码 bug 率低至 0.15%,也就是 (1 - bugs/lines) 高达 99.85% 。
可见 APIJSON 代码非常严谨可靠。
from apijson.
anonymoustoken
commented on April 28, 2024
下一个版本说明时候 发布 @TommyLemon
from apijson.
TommyLemon
commented on April 28, 2024
@anonymoustoken APIJSON 3.1.5 已发布
https://github.com/TommyLemon/APIJSON/releases/tag/3.1.5
from apijson.
mmyjona
commented on April 28, 2024
@mmyjona 您这个 是商业工具吗? 我在网上找了一下 怎么 没有找到呢?
https://www.sourcebrella.com/pinpoint/
是商业工具哈。
from apijson.
TommyLemon
commented on April 28, 2024
确实是误判为 bug 的报告用例 1
src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java: 897 (可信度: 65%)
zuo.biao.apijson.server.AbstractSQLConfig.putWhere(String, Object, boolean)中
AbstractSQLConfig.combine 可能的空指针解引用
@Override
public AbstractSQLConfig putWhere(String key, Object value, boolean prior) {
if (key != null) {
if (where == null) {
where = new LinkedHashMap<String, Object>();
}
where.put(key, value);
combine = getCombine();
List<String> andList = combine == null ? null : combine.get("&");
if (value == null) {
andList.remove(key);
}
else if (andList == null || andList.contains(key) == false) {
int i = 0;
if (andList == null) {
andList = new ArrayList<>();
}
else if (prior && andList.isEmpty() == false) {
if (andList.contains(KEY_ID)) {
i ++;
}
if (andList.contains(KEY_ID_IN)) {
i ++;
}
if (andList.contains(KEY_USER_ID)) {
i ++;
}
if (andList.contains(KEY_USER_ID_IN)) {
i ++;
}
}
if (prior) {
andList.add(i, key); //userId的优先级不能比id高 0, key);
} else {
andList.add(key); //AbstractSQLExecutor.onPutColumn里getSQL,要保证缓存的SQL和查询的SQL里 where 的 key:value 顺序一致
}
}
combine.put("&", andList);
}
return this;
}实际上在前面已经用
combine = getCombine();
做了处理,return 的值不会是 null
@NotNull
@Override
public Map<String, List<String>> getCombine() {
List<String> andList = combine == null ? null : combine.get("&");
if (andList == null) {
andList = where == null ? new ArrayList<String>() : new ArrayList<String>(where.keySet());
if (combine == null) {
combine = new HashMap<>();
}
combine.put("&", andList);
}
return combine;
}确实是误判为 bug 的报告用例 2
src/main/java/zuo/biao/apijson/JSONObject.java: 411 (可信度: 95%)
1 这里比较了 clazz 和 null,说明 clazz 可能为空指针
2 调用 clazz 的 java.lang.Class.getName 方法(使用可疑的空指针)
/**put and return value
* @param key StringUtil.isEmpty(key, true) ? key = value.getClass().getSimpleName();
* @param value
* @return value
*/
@Override
public Object put(String key, Object value) {
if (value == null) {
Log.e(TAG, "put value == null >> return null;");
return null;
}
if (StringUtil.isEmpty(key, true)) {
Class<?> clazz = value.getClass();
if (clazz == null || clazz.getAnnotation(MethodAccess.class) == null) {
throw new IllegalArgumentException("puts StringUtil.isNotEmpty(key, true) == false" +
" && clazz == null || clazz.getAnnotation(MethodAccess.class) == null" +
" \n key为空时仅支持 类型被@MethodAccess注解 的value !!!" +
" \n 如果一定要这么用,请对 " + clazz.getName() + " 注解!" +
" \n 如果是类似 key[]:{} 结构的请求,建议用 putsAll(...) !");
}
key = value.getClass().getSimpleName();
}
return super.put(key, value);
}406 行
Class<?> clazz = value.getClass();
Class 是对象声明后就有的,到执行这行前 value 已经判断过,又不会为 null,
所以实际上 clazz 不会为 null,407 行
if (clazz == null || clazz.getAnnotation(MethodAccess.class) == null) {
中 clazz == null 是一个冗余的判断,后面删掉了,实际上 411 行
clazz.getName()
永远不会因为 clazz == null 而导致 throw NullPointerException,
所以这也是一个误判为 bug 的用例。
确实是误判为 bug 的报告用例 3
严重 空指针解引用 src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java:844 (可信度 50%)
/**
* @param key
* @param exactMatch
* @return
*/
@JSONField(serialize = false)
@Override
public Object getWhere(String key, boolean exactMatch) {
if (exactMatch) {
return where == null ? null : where.get(key);
}
Set<String> set = key == null || where == null ? null : where.keySet();
if (set != null) {
synchronized (where) {
if (where != null) {
int index;
for (String k : set) {
index = k.indexOf(key);
if (index >= 0 && StringUtil.isName(k.substring(index)) == false) {
return where.get(k);
}
}
}
}
}
return null;
}843 行已经用 set != null 来判断,而根据 842 行代码,where 为 null 时 set 必定为 null,
永远不会因为 where == null 而导致 throw NullPointerException,
所以这也是一个误判为 bug 的用例。
from apijson.
TommyLemon
commented on April 28, 2024
确实是验证为 bug 的报告用例 1
缺陷位置:
src/main/java/zuo/biao/apijson/server/AbstractParser.java: 1077
标注: 确认
时间: 2018-11-16 10:25:54
可信度: 98%
缺陷ID: 551386e3a9a5cb4d8d4f43e32105174e
确实是验证为 bug 的报告用例 2
已在新版通过 Log.DEBUG 判断,false 时不返回数据库对应的 SQLException 真实信息来解决
https://github.com/Tencent/APIJSON/blob/bbcf05e01c724894a5ba0dcddd49a14bbfeb5346/APIJSONORM/src/main/java/apijson/orm/AbstractParser.java
from apijson.
TommyLemon
commented on April 28, 2024
确实是验证为 bug 的报告用例 1
缺陷位置:
src/main/java/zuo/biao/apijson/server/AbstractParser.java: 1077
标注: 确认
时间: 2018-11-16 10:25:54
可信度: 98%
缺陷ID: 551386e3a9a5cb4d8d4f43e32105174e
已解决
bbcf05e
from apijson.
TommyLemon
commented on April 28, 2024
这两个摘要有点奇怪
对应的代码行只是简单的一个 setter 方法给成员变量赋值,并没有加锁,这里也不需要加锁
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractParser.java
from apijson.
TommyLemon
commented on April 28, 2024
这个看起来没必要改
因为写 default 也只是不做任何处理就直接 break
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
from apijson.
TommyLemon
commented on April 28, 2024
from apijson.
TommyLemon
commented on April 28, 2024
from apijson.
TommyLemon
commented on April 28, 2024
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
已优化
https://github.com/Tencent/APIJSON/blob/bbcf05e01c724894a5ba0dcddd49a14bbfeb5346/APIJSONORM/src/main/java/apijson/orm/AbstractSQLConfig.java
from apijson.
TommyLemon
commented on April 28, 2024
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractObjectParser.java
已优化
https://github.com/Tencent/APIJSON/blob/master/APIJSONORM/src/main/java/apijson/orm/AbstractObjectParser.java
from apijson.
TommyLemon
commented on April 28, 2024
TODO 待优化
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractParser.java
https://github.com/Tencent/APIJSON/blob/master/APIJSONORM/src/main/java/apijson/orm/AbstractParser.java
TODO 待优化
https://github.com/Tencent/APIJSON/blob/d8cfc9e6be87bd6116ecf8a125a52021f0154761/APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java
https://github.com/Tencent/APIJSON/blob/master/APIJSONORM/src/main/java/apijson/orm/AbstractSQLConfig.java
from apijson.
TommyLemon
commented on April 28, 2024
你好!请问这两个剩余的TODO修复了吗?我能尝试修复吗,谢谢!
还没有哦,可以的,非常感谢👍
from apijson.
Related Issues (20)
- [Bug] APIJSON-DEMO中的Function.sql父类方法名错误 HOT 3
- APIJSON 是否可以集成 dynamic-datasource 作为多数据源的注入 HOT 6
- 【SHEIN】全球跨境电商巨头 SHEIN 内网链接了 APIJSON, apijson-framework, APIJSON-Demo
- 不能生成admin角色的用户 HOT 2
- 希望对apijson事务有一个系统的介绍 HOT 2
- 【Lenovo 联想】【500 强】全球最大电脑厂商联想内网链接了 APIJSON
- [SHEIN] The intranet of China's biggest cross-border e-commerce company SHEIN linked APIJSON and apijson-framework
- [Lenovo][Fortune 500] The intranet of the biggest PC company Lenovo linked APIJSON
- 【Xiaomi 小米】【500 强】内网部署的飞书内部文档链接了 APIJSON-Demo
- [Xiaomi][Fortune 500] Linked APIJSON-Demo in its official Lark(by ByteDance) website
- [CHINA TELECOM][Fortune 500] China's biggest network provider CHINA TELECOM applied an OpenAPI patent for a low-code platform using APIJSON
- 两张表进行内链查询时,第二张表查询生成的库为默认sys HOT 7
- [Bug]字符 getMethodDefination(method,arguments,type,exceptions,language) 对应的远程函数 getMethodDefination(JSONObject request, String method, String arguments, String type, String exceptions, String language) 不在后端 apijson.demo.DemoFunctionParser 内,也不在父类中!如果需要则先新增对应方法! 请检查函数名和参数数量是否与已定义的函数一致! HOT 1
- [ORACLE] 子查询内部默认添加分页语句,导致in函数无法实现,提示Error Msg = ORA-00913: 值过多的报错 HOT 2
- 【AtlasMap】官网链接了 apijson-column
- [AtlasMap] official website linked apijson-column
- 文档醒目位置没有Getting started,没有说明如何运行这个项目 HOT 1
- [Bug] 达梦数据库做表左关联时提示有歧义的列名[RN] HOT 2
- 【Alibaba 阿里巴巴】【淘天集团】淘宝内网文档链接了 APIJSON
- [Alibaba][Fortune 500] taobao.com internal doc site linked APIJSON
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apijson.