knox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandeep More (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KNOX-740) Address new coverity scan issues
Date Fri, 02 Sep 2016 16:39:20 GMT

    [ https://issues.apache.org/jira/browse/KNOX-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15459003#comment-15459003
] 

Sandeep More commented on KNOX-740:
-----------------------------------

That's odd, investigating it.

> Address new coverity scan issues
> --------------------------------
>
>                 Key: KNOX-740
>                 URL: https://issues.apache.org/jira/browse/KNOX-740
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: Sumit Gupta
>            Assignee: Sandeep More
>             Fix For: 0.10.0
>
>         Attachments: KNOX-740.001.patch, KNOX-740.002.patch
>
>
>  New defect(s) Reported-by: Coverity Scan
>     Showing 3 of 3 defect(s)
>     
>     
>     ** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>     
>     
>     ________________________________________________________________________________________________________
>     *** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>     134     			ShiroLog.failedLoginAttempt(e.getCause());
>     135     			throw new AuthenticationException(e);
>     136     		}
>     137     		HashRequest.Builder builder = new HashRequest.Builder();
>     138     		Hash credentialsHash = hashService
>     139     				.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
>     >>>     CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     >>>     Calling a method on null object "credentialsHash".
>     140     		return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(),
credentialsHash.getSalt(),
>     141     				getName());
>     142     	}
>     143    
>     
>     ** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>     
>     
>     ________________________________________________________________________________________________________
>     *** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>     65         Subject subject = SecurityUtils.getSubject();
>     66        
>     67         // trigger call to shiro authorization realm
>     68         // we use shiro authorization realm to look up groups
>     69         subject.hasRole("authenticatedUser");
>     70        
>     >>>     CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     >>>     Calling a method on null object "subject.getPrincipal()".
>     71         final String principalName = (String) subject.getPrincipal().toString();
>     72    
>     73         CallableChain callableChain = new CallableChain(request, response, chain);
>     74         SecurityUtils.getSubject().execute(callableChain);
>     75       }
>     76      
>     
>     ** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>     
>     
>     ________________________________________________________________________________________________________
>     *** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>     113     		UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
>     114     		if (user != null) {
>     115     			roles.addAll(user.getUnixUser().getGroups());
>     116     		}
>     117     		SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES,
roles);
>     118     		SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS,
roles);
>     >>>     CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     >>>     Calling a method on null object "user".
>     119     		GatewayLog.lookedUpUserRoles(roles, user.getName());
>     120     		return new SimpleAuthorizationInfo(roles);
>     121     	}
>     122    
>     123     	@Override
>     124     	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken
token) throws AuthenticationException {
>     
>     



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message