[
https://issues.apache.org/jira/browse/KNOX-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456926#comment-15456926
]
Larry McCay commented on KNOX-740:
----------------------------------
Hi [~smore] - thanks for the patch!
I've applied it, built and ran the unit tests and all looks good.
Couple nits:
1. The use of tabs in the KnoxPamRealm should be replaced with spaces. I see
that you were only following the existing use of tabs in the file from the
original contribution. Let's actually reformat that whole file to use two
spaces instead of tabs.
2. line 146 there is a misplaced curly brace. Just move that up to the previous
line.
Provide a v002 version and click Submit Patch once it is attached.
That will kick off the precommit jenkins job.
thanks again!
> Address new coverity scan issues
> --------------------------------
>
> Key: KNOX-740
> URL: https://issues.apache.org/jira/browse/KNOX-740
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Sumit Gupta
> Assignee: Sandeep More
> Fix For: 0.10.0
>
> Attachments: KNOX-740.001.patch
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
>
> ** CID 1361684: Null pointer dereferences (NULL_RETURNS)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
> 140 in
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 1361684: Null pointer dereferences (NULL_RETURNS)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
> 140 in
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
> 134 ShiroLog.failedLoginAttempt(e.getCause());
> 135 throw new AuthenticationException(e);
> 136 }
> 137 HashRequest.Builder builder = new HashRequest.Builder();
> 138 Hash credentialsHash = hashService
> 139
> .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
> >>> CID 1361684: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "credentialsHash".
> 140 return new SimpleAuthenticationInfo(new
> UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
> 141 getName());
> 142 }
> 143
>
> ** CID 1361683: Null pointer dereferences (NULL_RETURNS)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
> 71 in
> org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
> javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 1361683: Null pointer dereferences (NULL_RETURNS)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java:
> 71 in
> org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest,
> javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 65 Subject subject = SecurityUtils.getSubject();
> 66
> 67 // trigger call to shiro authorization realm
> 68 // we use shiro authorization realm to look up groups
> 69 subject.hasRole("authenticatedUser");
> 70
> >>> CID 1361683: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "subject.getPrincipal()".
> 71 final String principalName = (String)
> subject.getPrincipal().toString();
> 72
> 73 CallableChain callableChain = new CallableChain(request,
> response, chain);
> 74 SecurityUtils.getSubject().execute(callableChain);
> 75 }
> 76
>
> ** CID 1361682: Null pointer dereferences (FORWARD_NULL)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
> 119 in
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 1361682: Null pointer dereferences (FORWARD_NULL)
>
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java:
> 119 in
> org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
> 113 UnixUserPrincipal user =
> principals.oneByType(UnixUserPrincipal.class);
> 114 if (user != null) {
> 115 roles.addAll(user.getUnixUser().getGroups());
> 116 }
> 117
> SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES,
> roles);
> 118
> SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS,
> roles);
> >>> CID 1361682: Null pointer dereferences (FORWARD_NULL)
> >>> Calling a method on null object "user".
> 119 GatewayLog.lookedUpUserRoles(roles, user.getName());
> 120 return new SimpleAuthorizationInfo(roles);
> 121 }
> 122
> 123 @Override
> 124 protected AuthenticationInfo
> doGetAuthenticationInfo(AuthenticationToken token) throws
> AuthenticationException {
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
