[ https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Rudyy resolved QPID-8553. ------------------------------ Resolution: Fixed > [Broker-J] Improve NPE checks > ----------------------------- > > Key: QPID-8553 > URL: https://issues.apache.org/jira/browse/QPID-8553 > Project: Qpid > Issue Type: Improvement > Components: Broker-J > Affects Versions: qpid-java-broker-8.0.5 > Reporter: Daniil Kirilyuk > Priority: Minor > Fix For: qpid-java-broker-9.0.0 > > > HP Fortify complains that classes defining security may be overridden by > sub-classes and thereby by-passing the security features: > broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java > Line 58 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 75 authorise() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java > Line 1022 getConnectionMetaData() - Non-final methods that perform security > checks may be overridden in ways that bypass security checks. > Line 1046 getGroups() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java > Line 79 doGet() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java > Line 699 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java > Line 43 evaluate() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java > Line 444 receive() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 1269 readerIdle() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > Line 1340 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java > Line 78 processAMQPFrames() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > Executes privileged action. > broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java > Line 68 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java > Line 72 received() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java > Line 165 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 182 closed() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java > Line 152 addConsumer() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java > Line 172 getProxyNode() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java > Line 43 decide() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java > Line 303 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java > Line 359 onOpen() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org