GitHub user lujiefsi opened a pull request:
https://github.com/apache/storm/pull/2656
STORM-3049:a potential NPE in SupervisorSimpleACLAuthorizer#permit
SimpleACLAuthorizer#permit
We have developed a static analysis tool NPEDetector to find some potential
NPE. Our analysis shows that some callees may return null in corner case(e.g.
node crash , IO exception), some of their callers have !=null check but some
do not have.
Bug:
callee ReqContext#principal have 12 callers, 10 of them have null checker
like:
<pre>
public boolean permit(ReqContext context, String operation, Map<String,
Object> topoConf) {
return context.principal() != null ?
users.contains(context.principal().getName()) : false;
}
</pre>
but SupervisorSimpleACLAuthorizer#permit and SimpleACLAuthorizer#permit
have no, just like:
<pre>
//SupervisorSimpleACLAuthorizer#permit
String principal = context.principal().getName();
</pre>
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/lujiefsi/storm STORM-3049
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/storm/pull/2656.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2656
----
commit 173f232889bc0cea69f5693ff2c7417951dbae88
Author: LJ1043041006 <1239497420@...>
Date: 2018-05-02T11:18:45Z
Fix STORM-3049
commit afd0b07ae3b2b981a73a5632521e68bc00e93103
Author: LJ1043041006 <1239497420@...>
Date: 2018-05-02T11:20:08Z
Fix STORM-3049
----
---
