[jira] [Commented] (KARAF-4207) Poor Error Handling: Empty Catch Block

Mon, 27 Jun 2016 02:27:08 -0700 

    [ 
https://issues.apache.org/jira/browse/KARAF-4207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15350697#comment-15350697
 ] 

ASF subversion and git services commented on KARAF-4207:
--------------------------------------------------------

Commit 9d3676a6601b58402cfc71ace2626392ac627b82 in karaf's branch 
refs/heads/master from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=9d3676a ]

[KARAF-4207] Logging errors


> Poor Error Handling: Empty Catch Block
> --------------------------------------
>
>                 Key: KARAF-4207
>                 URL: https://issues.apache.org/jira/browse/KARAF-4207
>             Project: Karaf
>          Issue Type: Bug
>    Affects Versions: 4.0.3
>            Reporter: Eduardo Aguinaga
>             Fix For: 4.1.0, 4.0.6
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application 
> security analysis on the karaf source code.
> The method authenticate() in JaasSecurityProvider.java ignores an exception 
> on line 199, which could cause the program to overlook unexpected states and 
> conditions. In this case the attempt to authenticate is ignored which is 
> never a good idea.
> File: 
> webconsole/console/src/main/java/org/apache/felix/webconsole/internal/servlet/JaasSecurityProvider.java
> Line: 199
> JaasSecurityProvider.java, lines 155-205:
> {code}
> 155 public boolean authenticate( HttpServletRequest request, 
> HttpServletResponse response )
> 156 {
> 157     // Return immediately if the header is missing
> 158     String authHeader = request.getHeader( HEADER_AUTHORIZATION );
> 159     if ( authHeader != null && authHeader.length() > 0 )
> 160     {
> . . .
> 166         if ( blank > 0 )
> 167         {
> . . .
> 171             // Check whether authorization type matches
> 172             if ( authType.equalsIgnoreCase( AUTHENTICATION_SCHEME_BASIC ) 
> )
> 173             {
> 174                 try
> 175                 {
> . . .
> 181                     // authenticate
> 182                     Subject subject = doAuthenticate( username, password 
> );
> 183                     if ( subject != null )
> 184                     {
> . . .
> 198                 }
> 199                 catch ( Exception e )
> 200                 {
> 201                     // Ignore
> 202                 }
> 203             }
> 204         }
> 205     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to