From 6c8aa937d52f12dbc996105c89868dfaf0950c80 Mon Sep 17 00:00:00 2001 From: Kui LIU Date: Sat, 14 Oct 2017 20:15:34 +0200 Subject: [PATCH 1/2] Add the "final" modifier to public static fields. This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability. http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_FINAL --- .../src/org/apache/poi/hssf/view/SVTableCellRenderer.java | 2 +- src/examples/src/org/apache/poi/hssf/view/SVTableUtils.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/examples/src/org/apache/poi/hssf/view/SVTableCellRenderer.java b/src/examples/src/org/apache/poi/hssf/view/SVTableCellRenderer.java index ab8b1faf60d..4e51ba3b725 100644 --- a/src/examples/src/org/apache/poi/hssf/view/SVTableCellRenderer.java +++ b/src/examples/src/org/apache/poi/hssf/view/SVTableCellRenderer.java @@ -52,7 +52,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more public class SVTableCellRenderer extends JLabel implements TableCellRenderer, Serializable { - protected static Border noFocusBorder = new EmptyBorder(1, 1, 1, 1); + protected static final Border noFocusBorder = new EmptyBorder(1, 1, 1, 1); protected SVBorder cellBorder = new SVBorder(); diff --git a/src/examples/src/org/apache/poi/hssf/view/SVTableUtils.java b/src/examples/src/org/apache/poi/hssf/view/SVTableUtils.java index 1a9fbf813af..6a7d2fa3436 100644 --- a/src/examples/src/org/apache/poi/hssf/view/SVTableUtils.java +++ b/src/examples/src/org/apache/poi/hssf/view/SVTableUtils.java @@ -41,7 +41,7 @@ public class SVTableUtils { /** Description of the Field */ public final static Color white = getAWTColor(HSSFColorPredefined.WHITE); /** Description of the Field */ - public static Border noFocusBorder = new EmptyBorder(1, 1, 1, 1); + public static final Border noFocusBorder = new EmptyBorder(1, 1, 1, 1); /** From 6e57586107eb2f06db47d4bb7f5202f953ce017e Mon Sep 17 00:00:00 2001 From: Kui LIU Date: Sat, 14 Oct 2017 20:19:48 +0200 Subject: [PATCH 2/2] Add the "final" modifier to public static fields. This static field public but not final, and could be changed by malicious code or by accident from another package. The field could be made final to avoid this vulnerability. http://findbugs.sourceforge.net/bugDescriptions.html#MS_SHOULD_BE_FINAL --- .../org/apache/poi/hssf/record/common/FeatProtection.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/java/org/apache/poi/hssf/record/common/FeatProtection.java b/src/java/org/apache/poi/hssf/record/common/FeatProtection.java index a8dd9b36cfe..f61d5ae3e43 100644 --- a/src/java/org/apache/poi/hssf/record/common/FeatProtection.java +++ b/src/java/org/apache/poi/hssf/record/common/FeatProtection.java @@ -35,8 +35,8 @@ Licensed to the Apache Software Foundation (ASF) under one or more */ public final class FeatProtection implements SharedFeature { @SuppressWarnings("RedundantFieldInitialization") - public static long NO_SELF_RELATIVE_SECURITY_FEATURE = 0; - public static long HAS_SELF_RELATIVE_SECURITY_FEATURE = 1; + public static final long NO_SELF_RELATIVE_SECURITY_FEATURE = 0; + public static final long HAS_SELF_RELATIVE_SECURITY_FEATURE = 1; private int fSD; @@ -103,4 +103,4 @@ public void setTitle(String title) { public int getFSD() { return fSD; } -} \ No newline at end of file +}