[ https://issues.apache.org/jira/browse/KARAF-4216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4216: ---------------------------------------- Fix Version/s: (was: 4.0.8) 4.0.9 > Poor Error Handling: Return Inside Finally > ------------------------------------------ > > Key: KARAF-4216 > URL: https://issues.apache.org/jira/browse/KARAF-4216 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.0.3 > Reporter: Eduardo Aguinaga > Fix For: 4.1.0, 4.0.9 > > > HP Fortify SCA and SciTools Understand were used to perform an application > security analysis on the karaf source code. > The method build() in PublickeyBackingEngineFactory.java returns from inside > a finally block on line 52, which will cause exceptions to be lost. > File: > jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngineFactory.java > Line: 52 > PublickeyBackingEngineFactory.java, lines 40-54: > {code} > 40 public BackingEngine build(Map options) { > 41 PublickeyBackingEngine engine = null; > 42 String usersFile = (String) options.get(USER_FILE); > 43 > 44 File f = new File(usersFile); > 45 Properties users; > 46 try { > 47 users = new Properties(f); > 48 engine = new PublickeyBackingEngine(users); > 49 } catch (IOException ioe) { > 50 logger.warn("Cannot open keys file:" + usersFile); > 51 } finally { > 52 return engine; > 53 } > 54 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)