[jira] [Updated] (KNOX-740) Address new coverity scan issues

Sandeep More (JIRA) Wed, 31 Aug 2016 15:07:19 -0700

     [ 
https://issues.apache.org/jira/browse/KNOX-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Sandeep More updated KNOX-740:
------------------------------
    Attachment: KNOX-740.001.patch

Initial patch aiming to fix the 3 reported defects.

> Address new coverity scan issues
> --------------------------------
>
>                 Key: KNOX-740
>                 URL: https://issues.apache.org/jira/browse/KNOX-740
>             Project: Apache Knox
>          Issue Type: Bug
>            Reporter: Sumit Gupta
>             Fix For: 0.10.0
>
>         Attachments: KNOX-740.001.patch
>
>
>  New defect(s) Reported-by: Coverity Scan
>     Showing 3 of 3 defect(s)
>     
>     
>     ** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
>  140 in 
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>     
>     
>     
> ________________________________________________________________________________________________________
>     *** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
>  140 in 
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>     134                       ShiroLog.failedLoginAttempt(e.getCause());
>     135                       throw new AuthenticationException(e);
>     136               }
>     137               HashRequest.Builder builder = new HashRequest.Builder();
>     138               Hash credentialsHash = hashService
>     139                               
> .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
>     >>>     CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
>     >>>     Calling a method on null object "credentialsHash".
>     140               return new SimpleAuthenticationInfo(new 
> UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
>     141                               getName());
>     142       }
>     143    
>     
>     ** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
>  71 in 
> org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
>  javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>     
>     
>     
> ________________________________________________________________________________________________________
>     *** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
>  71 in 
> org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
>  javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>     65         Subject subject = SecurityUtils.getSubject();
>     66        
>     67         // trigger call to shiro authorization realm
>     68         // we use shiro authorization realm to look up groups
>     69         subject.hasRole("authenticatedUser");
>     70        
>     >>>     CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
>     >>>     Calling a method on null object "subject.getPrincipal()".
>     71         final String principalName = (String) 
> subject.getPrincipal().toString();
>     72    
>     73         CallableChain callableChain = new CallableChain(request, 
> response, chain);
>     74         SecurityUtils.getSubject().execute(callableChain);
>     75       }
>     76      
>     
>     ** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
>  119 in 
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>     
>     
>     
> ________________________________________________________________________________________________________
>     *** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
>  119 in 
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>     113               UnixUserPrincipal user = 
> principals.oneByType(UnixUserPrincipal.class);
>     114               if (user != null) {
>     115                       roles.addAll(user.getUnixUser().getGroups());
>     116               }
>     117               
> SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, 
> roles);
>     118               
> SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, 
> roles);
>     >>>     CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
>     >>>     Calling a method on null object "user".
>     119               GatewayLog.lookedUpUserRoles(roles, user.getName());
>     120               return new SimpleAuthorizationInfo(roles);
>     121       }
>     122    
>     123       @Override
>     124       protected AuthenticationInfo 
> doGetAuthenticationInfo(AuthenticationToken token) throws 
> AuthenticationException {
>     
>     



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KNOX-740) Address new coverity scan issues

Reply via email to