directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xu Yaning (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRKRB-379) Fix findbugs for kerby-kerb module
Date Fri, 17 Jul 2015 03:03:04 GMT

     [ https://issues.apache.org/jira/browse/DIRKRB-379?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Xu Yaning updated DIRKRB-379:
-----------------------------
    Description: 
Maven findbugs plugin reports the some problems in this module, some problems are caused for
the reason that this module is still under development, like "Unread public/protected field"
and "Unused public or protected field". "unconditionally sets the field" problem happens in
some classes implements KOption interface, and will be fixed in DIRKRB-367. 
So the following problems are required to be solved here:
# *org.apache.kerby.kerberos.kerb.integration.test.AppClient.usage(String[])* invokes System.exit(...),
which shuts down the entire virtual machine;
# *org.apache.kerby.kerberos.kerb.integration.test.AppServer.usage(String[])* invokes System.exit(...),
which shuts down the entire virtual machine;
# Found reliance on default encoding in new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String,
byte[])*: String.getBytes();
# new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[])*
may expose internal representation by storing an externally mutable object into Transport$Message.body;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.withConnection(Transport$Connection)*:
String.getBytes();
# *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.doWith(GSSContext,
Transport$Connection)*: new String(byte[]);
# *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isContinue(Transport$Message)*:
new String(byte[]);
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isOK(Transport$Message)*:
new String(byte[]);
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.withConnection(Transport$Connection)*:
String.getBytes();
# *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.doWith(SaslServer,
Map, Transport$Connection)*: new String(byte[]);
# *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Null pointer dereference of identity in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
# Load of known null value in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
# Unread public/protected field: *org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin.context*;
# Dead store to paType in *org.apache.kerby.kerberos.kerb.client.preauth.pkinit.PkinitPreauth.makePaPkAsReq(PkinitContext,
PkinitRequestContext, KerberosTime, int, int, byte[], PrincipalName, PrincipalName)*;
# *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.getOuterRequestBody()* may expose
internal representation by returning KdcRequest.outerRequestBody;
# *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.setOuterRequestBody(byte[])* may
expose internal representation by storing an externally mutable object into KdcRequest.outerRequestBody;
# *org.apache.kerby.kerberos.kerb.common.EncryptionUtil.getAlgoNameFromEncType(EncryptionType)*
makes inefficient use of keySet iterator instead of entrySet iterator;
# *org.apache.kerby.kerberos.kerb.preauth.builtin.EncTsPreauthMeta.getPaTypes()* may expose
internal representation by returning EncTsPreauthMeta.PA_TYPES;
# *org.apache.kerby.kerberos.kerb.preauth.builtin.TgtPreauthMeta.getPaTypes()* may expose
internal representation by returning TgtPreauthMeta.PA_TYPES;
# Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.loadCerts(IdentityOpts,
PrincipalName)* where default case is missing;
# Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.processIdentityOption(IdentityOpts,
String)* where default case is missing;
# *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta.getPaTypes()* may expose
internal representation by returning PkinitPreauthMeta.PA_TYPES;
# *org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta.getPaTypes()* may expose
internal representation by returning TokenPreauthMeta.PA_TYPES;
# Comparison of String parameter using == or != in *org.apache.kerby.kerberos.kerb.spec.base.CheckSumType.fromName(String)*;
# Invocation of hashCode on array in *org.apache.kerby.kerberos.kerb.spec.base.HostAddress.hashCode()*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.cksum.HmacMd5Rc4CheckSum.doChecksumWithKey(byte[],
int, int, byte[], int)*: String.getBytes();
# *org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider.output()* may expose
internal representation by returning Crc32Provider.output;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiCmacEnc.prf(byte[],
byte[])*: String.getBytes();
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiHmacSha1Enc.prf(byte[],
byte[])*: String.getBytes();
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.fast.FastUtil.prfPlus(EncryptionKey,
String, int)*: String.getBytes();
# *org.apache.kerby.kerberos.kerb.crypto.key.AbstractKeyMaker.KERBEROS_CONSTANT* should be
package protected;
# *org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker*, Return value of removeMSBits(byte[])
ignored, but method has no side effect;
# *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.setSeed(byte[])* may fail to
clean up java.io.OutputStream;
# *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.nextBytes(byte[])* ignores result
of java.io.InputStream.read(byte[]);
# Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.decrypt(byte[],
byte[])*;
# Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.encrypt(byte[],
byte[])*;
# *org.apache.kerby.kerberos.kerb.crypto.util.CamelliaKey.SBOX1* should be package protected;
# Nullcheck of identity at line 143 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.addIdentity(KrbIdentity)*;
# Nullcheck of identity at line 168 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.updateIdentity(KrbIdentity)*;
# Possible null pointer dereference of kdcRequest in *org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(ByteBuffer,
boolean, InetAddress)*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedString():
new String(byte[])*;
# *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedOctets()* ignores result of *org.apache.kerby.kerberos.kerb.KrbInputStream.read(byte[])*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbOutputStream.writeCountedString(String)*:
String.getBytes();
# Unwritten field: *org.apache.kerby.kerberos.kerb.ccache.Credential.clientRealm*;
# *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.load(File)* may fail to clean up
java.io.InputStream;
# *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.store(File)* may fail to clean up
java.io.OutputStream;
# org.apache.kerby.kerberos.kerb.ccache.CredentialCache.readTags(CredCacheInputStream) ignores
result of *org.apache.kerby.kerberos.kerb.ccache.CredCacheInputStream.read(byte[], int, int)*;
# Unread field: *org.apache.kerby.kerberos.kerb.ccache.Tag.tagLen*;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.load(File)* may fail to clean up java.io.InputStream;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.store(File)* may fail to clean up java.io.OutputStream;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.writeEntries(KeytabOutputStream)* makes inefficient
use of keySet iterator instead of entrySet iterator;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.keytab.KeytabInputStream.readCountedString()*:
new String(byte[]).


  was:
Maven findbugs plugin reports the some problems in this module, some problems are caused for
the reason that this module is still under development, like "Unread public/protected field"
and Unused public or protected field. "unconditionally sets the field" problem happens in
some classes implements KOption interface. 
So the following problems are required to be solved here:
# *org.apache.kerby.kerberos.kerb.integration.test.AppClient.usage(String[])* invokes System.exit(...),
which shuts down the entire virtual machine;
# *org.apache.kerby.kerberos.kerb.integration.test.AppServer.usage(String[])* invokes System.exit(...),
which shuts down the entire virtual machine;
# Found reliance on default encoding in new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String,
byte[])*: String.getBytes();
# new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[])*
may expose internal representation by storing an externally mutable object into Transport$Message.body;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.withConnection(Transport$Connection)*:
String.getBytes();
# *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.doWith(GSSContext,
Transport$Connection)*: new String(byte[]);
# *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isContinue(Transport$Message)*:
new String(byte[]);
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isOK(Transport$Message)*:
new String(byte[]);
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.withConnection(Transport$Connection)*:
String.getBytes();
# *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.doWith(SaslServer,
Map, Transport$Connection)*: new String(byte[]);
# *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
# Null pointer dereference of identity in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
# Load of known null value in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
# Unread public/protected field: *org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin.context*;
# Dead store to paType in *org.apache.kerby.kerberos.kerb.client.preauth.pkinit.PkinitPreauth.makePaPkAsReq(PkinitContext,
PkinitRequestContext, KerberosTime, int, int, byte[], PrincipalName, PrincipalName)*;
# *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.getOuterRequestBody()* may expose
internal representation by returning KdcRequest.outerRequestBody;
# *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.setOuterRequestBody(byte[])* may
expose internal representation by storing an externally mutable object into KdcRequest.outerRequestBody;
# *org.apache.kerby.kerberos.kerb.common.EncryptionUtil.getAlgoNameFromEncType(EncryptionType)*
makes inefficient use of keySet iterator instead of entrySet iterator;
# *org.apache.kerby.kerberos.kerb.preauth.builtin.EncTsPreauthMeta.getPaTypes()* may expose
internal representation by returning EncTsPreauthMeta.PA_TYPES;
# *org.apache.kerby.kerberos.kerb.preauth.builtin.TgtPreauthMeta.getPaTypes()* may expose
internal representation by returning TgtPreauthMeta.PA_TYPES;
# Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.loadCerts(IdentityOpts,
PrincipalName)* where default case is missing;
# Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.processIdentityOption(IdentityOpts,
String)* where default case is missing;
# *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta.getPaTypes()* may expose
internal representation by returning PkinitPreauthMeta.PA_TYPES;
# *org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta.getPaTypes()* may expose
internal representation by returning TokenPreauthMeta.PA_TYPES;
# Comparison of String parameter using == or != in *org.apache.kerby.kerberos.kerb.spec.base.CheckSumType.fromName(String)*;
# Invocation of hashCode on array in *org.apache.kerby.kerberos.kerb.spec.base.HostAddress.hashCode()*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.cksum.HmacMd5Rc4CheckSum.doChecksumWithKey(byte[],
int, int, byte[], int)*: String.getBytes();
# *org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider.output()* may expose
internal representation by returning Crc32Provider.output;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiCmacEnc.prf(byte[],
byte[])*: String.getBytes();
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiHmacSha1Enc.prf(byte[],
byte[])*: String.getBytes();
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.fast.FastUtil.prfPlus(EncryptionKey,
String, int)*: String.getBytes();
# *org.apache.kerby.kerberos.kerb.crypto.key.AbstractKeyMaker.KERBEROS_CONSTANT* should be
package protected;
# *org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker*, Return value of removeMSBits(byte[])
ignored, but method has no side effect;
# *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.setSeed(byte[])* may fail to
clean up java.io.OutputStream;
# *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.nextBytes(byte[])* ignores result
of java.io.InputStream.read(byte[]);
# Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.decrypt(byte[],
byte[])*;
# Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.encrypt(byte[],
byte[])*;
# *org.apache.kerby.kerberos.kerb.crypto.util.CamelliaKey.SBOX1* should be package protected;
# Nullcheck of identity at line 143 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.addIdentity(KrbIdentity)*;
# Nullcheck of identity at line 168 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.updateIdentity(KrbIdentity)*;
# Possible null pointer dereference of kdcRequest in *org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(ByteBuffer,
boolean, InetAddress)*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedString():
new String(byte[])*;
# *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedOctets()* ignores result of *org.apache.kerby.kerberos.kerb.KrbInputStream.read(byte[])*;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbOutputStream.writeCountedString(String)*:
String.getBytes();
# Unwritten field: *org.apache.kerby.kerberos.kerb.ccache.Credential.clientRealm*;
# *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.load(File)* may fail to clean up
java.io.InputStream;
# *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.store(File)* may fail to clean up
java.io.OutputStream;
# org.apache.kerby.kerberos.kerb.ccache.CredentialCache.readTags(CredCacheInputStream) ignores
result of *org.apache.kerby.kerberos.kerb.ccache.CredCacheInputStream.read(byte[], int, int)*;
# Unread field: *org.apache.kerby.kerberos.kerb.ccache.Tag.tagLen*;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.load(File)* may fail to clean up java.io.InputStream;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.store(File)* may fail to clean up java.io.OutputStream;
# *org.apache.kerby.kerberos.kerb.keytab.Keytab.writeEntries(KeytabOutputStream)* makes inefficient
use of keySet iterator instead of entrySet iterator;
# Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.keytab.KeytabInputStream.readCountedString()*:
new String(byte[]).



> Fix findbugs for kerby-kerb module
> ----------------------------------
>
>                 Key: DIRKRB-379
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-379
>             Project: Directory Kerberos
>          Issue Type: Sub-task
>            Reporter: Xu Yaning
>
> Maven findbugs plugin reports the some problems in this module, some problems are caused
for the reason that this module is still under development, like "Unread public/protected
field" and "Unused public or protected field". "unconditionally sets the field" problem happens
in some classes implements KOption interface, and will be fixed in DIRKRB-367. 
> So the following problems are required to be solved here:
> # *org.apache.kerby.kerberos.kerb.integration.test.AppClient.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
> # *org.apache.kerby.kerberos.kerb.integration.test.AppServer.usage(String[])* invokes
System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String,
byte[])*: String.getBytes();
> # new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[])*
may expose internal representation by storing an externally mutable object into Transport$Message.body;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.withConnection(Transport$Connection)*:
String.getBytes();
> # *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.usage(String[])*
invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.doWith(GSSContext,
Transport$Connection)*: new String(byte[]);
> # *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.usage(String[])*
invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isContinue(Transport$Message)*:
new String(byte[]);
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isOK(Transport$Message)*:
new String(byte[]);
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.withConnection(Transport$Connection)*:
String.getBytes();
> # *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.usage(String[])*
invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.doWith(SaslServer,
Map, Transport$Connection)*: new String(byte[]);
> # *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.usage(String[])*
invokes System.exit(...), which shuts down the entire virtual machine;
> # Null pointer dereference of identity in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
> # Load of known null value in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String,
KOptions)*;
> # Unread public/protected field: *org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin.context*;
> # Dead store to paType in *org.apache.kerby.kerberos.kerb.client.preauth.pkinit.PkinitPreauth.makePaPkAsReq(PkinitContext,
PkinitRequestContext, KerberosTime, int, int, byte[], PrincipalName, PrincipalName)*;
> # *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.getOuterRequestBody()* may
expose internal representation by returning KdcRequest.outerRequestBody;
> # *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.setOuterRequestBody(byte[])*
may expose internal representation by storing an externally mutable object into KdcRequest.outerRequestBody;
> # *org.apache.kerby.kerberos.kerb.common.EncryptionUtil.getAlgoNameFromEncType(EncryptionType)*
makes inefficient use of keySet iterator instead of entrySet iterator;
> # *org.apache.kerby.kerberos.kerb.preauth.builtin.EncTsPreauthMeta.getPaTypes()* may
expose internal representation by returning EncTsPreauthMeta.PA_TYPES;
> # *org.apache.kerby.kerberos.kerb.preauth.builtin.TgtPreauthMeta.getPaTypes()* may expose
internal representation by returning TgtPreauthMeta.PA_TYPES;
> # Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.loadCerts(IdentityOpts,
PrincipalName)* where default case is missing;
> # Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.processIdentityOption(IdentityOpts,
String)* where default case is missing;
> # *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta.getPaTypes()* may
expose internal representation by returning PkinitPreauthMeta.PA_TYPES;
> # *org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta.getPaTypes()* may expose
internal representation by returning TokenPreauthMeta.PA_TYPES;
> # Comparison of String parameter using == or != in *org.apache.kerby.kerberos.kerb.spec.base.CheckSumType.fromName(String)*;
> # Invocation of hashCode on array in *org.apache.kerby.kerberos.kerb.spec.base.HostAddress.hashCode()*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.cksum.HmacMd5Rc4CheckSum.doChecksumWithKey(byte[],
int, int, byte[], int)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider.output()* may expose
internal representation by returning Crc32Provider.output;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiCmacEnc.prf(byte[],
byte[])*: String.getBytes();
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiHmacSha1Enc.prf(byte[],
byte[])*: String.getBytes();
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.fast.FastUtil.prfPlus(EncryptionKey,
String, int)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.crypto.key.AbstractKeyMaker.KERBEROS_CONSTANT* should
be package protected;
> # *org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker*, Return value of removeMSBits(byte[])
ignored, but method has no side effect;
> # *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.setSeed(byte[])* may fail
to clean up java.io.OutputStream;
> # *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.nextBytes(byte[])* ignores
result of java.io.InputStream.read(byte[]);
> # Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.decrypt(byte[],
byte[])*;
> # Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.encrypt(byte[],
byte[])*;
> # *org.apache.kerby.kerberos.kerb.crypto.util.CamelliaKey.SBOX1* should be package protected;
> # Nullcheck of identity at line 143 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.addIdentity(KrbIdentity)*;
> # Nullcheck of identity at line 168 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.updateIdentity(KrbIdentity)*;
> # Possible null pointer dereference of kdcRequest in *org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(ByteBuffer,
boolean, InetAddress)*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedString():
new String(byte[])*;
> # *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedOctets()* ignores result
of *org.apache.kerby.kerberos.kerb.KrbInputStream.read(byte[])*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbOutputStream.writeCountedString(String)*:
String.getBytes();
> # Unwritten field: *org.apache.kerby.kerberos.kerb.ccache.Credential.clientRealm*;
> # *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.load(File)* may fail to clean
up java.io.InputStream;
> # *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.store(File)* may fail to clean
up java.io.OutputStream;
> # org.apache.kerby.kerberos.kerb.ccache.CredentialCache.readTags(CredCacheInputStream)
ignores result of *org.apache.kerby.kerberos.kerb.ccache.CredCacheInputStream.read(byte[],
int, int)*;
> # Unread field: *org.apache.kerby.kerberos.kerb.ccache.Tag.tagLen*;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.load(File)* may fail to clean up java.io.InputStream;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.store(File)* may fail to clean up java.io.OutputStream;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.writeEntries(KeytabOutputStream)* makes
inefficient use of keySet iterator instead of entrySet iterator;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.keytab.KeytabInputStream.readCountedString()*:
new String(byte[]).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message