[jira] [Resolved] (KNOX-687) Address new Coverity Scan issues

Kevin Minder (JIRA) Tue, 29 Mar 2016 12:59:00 -0700

     [ 
https://issues.apache.org/jira/browse/KNOX-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kevin Minder resolved KNOX-687.
-------------------------------
    Resolution: Fixed

Resolved via the following commit.  Not sure why this wasn't noted 
automatically.
7edeac5d80e161663fea14bafd4d7f662d25d767 | 2016-03-14 15:47:26 -0400 | Kevin 
Minder | [KNOX-687] - Address new Coverity Scan issues

> Address new Coverity Scan issues
> --------------------------------
>
>                 Key: KNOX-687
>                 URL: https://issues.apache.org/jira/browse/KNOX-687
>             Project: Apache Knox
>          Issue Type: Task
>          Components: Server
>    Affects Versions: 0.9.0
>            Reporter: Kevin Minder
>            Assignee: Kevin Minder
>            Priority: Critical
>             Fix For: 0.9.0
>
>
> Please find the latest report on new defect(s) introduced to Apache Knox 
> found with Coverity Scan.
> 6 new defect(s) introduced to Apache Knox found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
> recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
> {code}
> ** CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java:
>  245 in 
> org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String,
>  java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java:
>  245 in 
> org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String,
>  java.lang.String, char[])()
> 239       }
> 240
> 241       private static KeyStore loadKeyStore( String fileName, String 
> storeType, char[] storePass ) throws CertificateException, 
> NoSuchAlgorithmException, IOException, KeyStoreException {
> 242         KeyStore keystore = KeyStore.getInstance(storeType);
> 243         InputStream is = new FileInputStream(fileName);
> 244         keystore.load( is, storePass );
> >>>     CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> >>>     Variable "is" going out of scope leaks the resource it refers to.
> 245         return keystore;
> 246       }
> 247
> ** CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 
> 291 in 
> org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig,
>  org.apache.hadoop.gateway.services.GatewayServices)()
> ________________________________________________________________________________________________________
> *** CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 
> 291 in 
> org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig,
>  org.apache.hadoop.gateway.services.GatewayServices)()
> 285           services = svcs;
> 286           //}
> 287           //KM]
> 288           services.start();
> 289           DeploymentFactory.setGatewayServices(services);
> 290           server.start();
> >>>     CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object 
> >>> "org.apache.hadoop.gateway.GatewayServer.server.jetty.getURI()".
> 291           log.startedGateway( server.jetty.getURI().getPort() );
> 292           return server;
> 293         }
> 294       }
> 295
> 296       public GatewayServer( GatewayConfig config ) {
> ** CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java:
>  244 in 
> org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String,
>  java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java:
>  244 in 
> org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String,
>  java.lang.String, char[])()
> 238
> 239       }
> 240
> 241       private static KeyStore loadKeyStore( String fileName, String 
> storeType, char[] storePass ) throws CertificateException, 
> NoSuchAlgorithmException, IOException, KeyStoreException {
> 242         KeyStore keystore = KeyStore.getInstance(storeType);
> 243         InputStream is = new FileInputStream(fileName);
> >>>     CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> >>>     "java.security.KeyStore.load(java.io.InputStream, char[])" uses the 
> >>> constant string as a password.
> 244         keystore.load( is, storePass );
> 245         return keystore;
> 246       }
> 247
> ** CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java:
>  67 in 
> org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> ________________________________________________________________________________________________________
> *** CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java:
>  67 in 
> org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> 61         log.trace( sb.toString() );
> 62       }
> 63
> 64       private void appendHeaders( StringBuilder sb ) {
> 65         if( headLog.isTraceEnabled() ) {
> 66           Collection<String> names = getHeaderNames();
> >>>     CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "names".
> 67           for( String name : names ) {
> 68             for( String value : getHeaders( name ) ) {
> 69               sb.append( String.format( "\n\tHeader[%s]=%s", name, value ) 
> );
> 70             }
> 71           }
> 72         }
> 73       }
> 74
> ** CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java:
>  45 in 
> org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest,
>  javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> ________________________________________________________________________________________________________
> *** CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java:
>  45 in 
> org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest,
>  javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 39         servletName = config.getInitParameter( DISPATCH_SERVLET_PARAM_NAME 
> );
> 40       }
> 41
> 42       @Override
> 43       public void doFilter( ServletRequest request, ServletResponse 
> response, FilterChain chain )
> 44           throws IOException, ServletException {
> >>>     CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object 
> >>> "servletContext.getNamedDispatcher(servletName)".
> 45         servletContext.getNamedDispatcher( servletName ).forward( request, 
> response );
> 46       }
> 47
> 48       @Override
> 49       public void destroy() {
> 50         servletContext = null;
> 51         servletName = null;
> 52       }
> 53
> ** CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java:
>  99 in 
> org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest,
>  javax.servlet.http.HttpServletResponse)()
> ________________________________________________________________________________________________________
> *** CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java:
>  99 in 
> org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest,
>  javax.servlet.http.HttpServletResponse)()
> 93           auditor.audit(
> 94                   AUDIT_ACTION, origPath, ResourceType.URI,
> 95                   ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( 
> request.getMethod(), redirectToContext ) );
> 96
> 97           // Perform cross context dispatch to the configured topology 
> context
> 98           ServletContext ctx = 
> getServletContext().getContext(redirectToContext);
> >>>     CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "ctx".
> 99           RequestDispatcher dispatcher = 
> ctx.getRequestDispatcher(origRequest);
> 100
> 101           dispatcher.forward(request, response);
> 102
> 103           auditor.audit(
> 104                   AUDIT_ACTION, origPath, ResourceType.URI,
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (KNOX-687) Address new Coverity Scan issues

Reply via email to