[
https://issues.apache.org/jira/browse/RANGER-715?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ramesh Mani resolved RANGER-715.
--------------------------------
Resolution: Fixed
> Fix issues reported by coverity test in Ranger Plugin ClassLoader
> -----------------------------------------------------------------
>
> Key: RANGER-715
> URL: https://issues.apache.org/jira/browse/RANGER-715
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 0.5.0
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Fix For: 0.5.0
>
>
> Fix issues reported by coverity test in Ranger Plugin ClassLoader
> ** CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java:
> 266 in ()
> ________________________________________________________________________________________________________
> *** CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java:
> 266 in ()
> 260 @Override
> 261 public Class<?> findClass(String name) throws
> ClassNotFoundException {
> 262 return super.findClass(name);
> 263 }
> 264 }
> 265
> CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> Should
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MergeEnumeration
> be a _static_ inner class?
> 266 class MergeEnumeration implements Enumeration<URL> {
> 267
> 268 Enumeration<URL> e1 = null;
> 269 Enumeration<URL> e2 = null;
> 270
> 271 public MergeEnumeration(Enumeration<URL> e1, Enumeration<URL>
> e2 ) {
> ** CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> /agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java:
> 95 in ()
> ________________________________________________________________________________________________________
> *** CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> /agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java:
> 95 in ()
> 89
> 90 if(LOG.isDebugEnabled()) {
> 91 LOG.debug("<== RangerOptimizedPolicyEvaluator.init()");
> 92 }
> 93 }
> 94
> CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
> Should
> org.apache.ranger.plugin.policyevaluator.RangerOptimizedPolicyEvaluator$LevelResourceNames
> be a _static_ inner class?
> 95 class LevelResourceNames implements Comparable<LevelResourceNames>
> {
> 96 final int level;
> 97 final RangerPolicy.RangerPolicyResource policyResource;
> 98
> 99 public LevelResourceNames(int level,
> RangerPolicy.RangerPolicyResource policyResource) {
> 100 this.level = level;
> *** CID 131854: FindBugs: Malicious code vulnerability
> (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
> /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java:
> 52 in
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(java.lang.String,
> java.lang.Class)()
> 46 public static RangerPluginClassLoader getInstance(String
> pluginType, Class<?> pluginClass ) throws Exception {
> 47 RangerPluginClassLoader ret = me;
> 48 if ( ret == null) {
> 49 synchronized(RangerPluginClassLoader.class) {
> 50 ret = me;
> 51 if ( ret == null){
> CID 131854: FindBugs: Malicious code vulnerability
> (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
>
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(String,
> Class) creates a
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader classloader,
> which should be performed within a doPrivileged block.
> 52 me = ret = new
> RangerPluginClassLoader(pluginType,pluginClass);
> 53 }
> 54 }
> 55 }
> 56 return ret;
> 57 }
> ** CID 131853: FindBugs: Malicious code vulnerability
> (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
> /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java:
> 43 in
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String,
> java.lang.Class)()
> ________________________________________________________________________________________________________
> *** CID 131853: FindBugs: Malicious code vulnerability
> (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
> /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java:
> 43 in
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String,
> java.lang.Class)()
> 37 private static MyClassLoader
> componentClassLoader = null;
> 38 //private static ThreadLocal<MyClassLoader>
> componentClassLoader = new ThreadLocal<MyClassLoader>();
> 39
> 40 public RangerPluginClassLoader(String pluginType, Class<?>
> pluginClass ) throws Exception {
> 41
> super(RangerPluginClassLoaderUtil.getInstance().getPluginFilesForServiceTypeAndPluginclass(pluginType,
> pluginClass), null);
> 42 //componentClassLoader.set(new
> MyClassLoader(Thread.currentThread().getContextClassLoader()));
> CID 131853: FindBugs: Malicious code vulnerability
> (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
> new org.apache.ranger.plugin.classloader.RangerPluginClassLoader(String,
> Class) creates a
> org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MyClassLoader
> classloader, which should be performed within a doPrivileged block.
> 43 componentClassLoader = new
> MyClassLoader(Thread.currentThread().getContextClassLoader());
> 44 }
> 45
> 46 public static RangerPluginClassLoader getInstance(String
> pluginType, Class<?> pluginClass ) throws Exception {
> 47 RangerPluginClassLoader ret = me;
> 48 if ( ret == null) {
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
