[
https://issues.apache.org/jira/browse/STORM-3049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Richard Zowalla closed STORM-3049.
----------------------------------
Resolution: Won't Fix
We are in the process of migrating our issue tracking system to GitHub issues.
This issue has been stale for the last 5 years, and STORM has evolved with many
dependency updates since this issue was last updated.
If the issue persists in the latest version of Storm, please feel free to
reopen it or provide new context. Thank you very much!
> a potential NPE in SupervisorSimpleACLAuthorizer#permit
> SimpleACLAuthorizer#permit
> ----------------------------------------------------------------------------------
>
> Key: STORM-3049
> URL: https://issues.apache.org/jira/browse/STORM-3049
> Project: Apache Storm
> Issue Type: Bug
> Reporter: lujie
> Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> We have developed a static analysis tool
> [NPEDetector|https://github.com/lujiefsi/NPEDetector] to find some potential
> NPE. Our analysis shows that some callees may return null in corner case(e.g.
> node crash , IO exception), some of their callers have _!=null_ check but
> some do not have.
> *Bug:*
> callee ReqContext#principal have 12 callers, 10 of them have null checker
> like:
> {code:java}
> public boolean permit(ReqContext context, String operation, Map<String,
> Object> topoConf) {
> return context.principal() != null ?
> users.contains(context.principal().getName()) : false;
> }
> {code}
> but SupervisorSimpleACLAuthorizer#permit and SimpleACLAuthorizer#permit have
> no, just like:
> {code:java}
> //SupervisorSimpleACLAuthorizer#permit
> String principal = context.principal().getName();{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
