[jira] [Updated] (QPID-8553) [Broker-J] Improve NPE checks
[ https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8553: - Fix Version/s: qpid-java-broker-9.0.0 > [Broker-J] Improve NPE checks > - > > Key: QPID-8553 > URL: https://issues.apache.org/jira/browse/QPID-8553 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.5 >Reporter: Daniil Kirilyuk >Priority: Minor > Fix For: qpid-java-broker-9.0.0 > > > HP Fortify complains that classes defining security may be overridden by > sub-classes and thereby by-passing the security features: > broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java > Line 58 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 75 authorise() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java > Line 1022 getConnectionMetaData() - Non-final methods that perform security > checks may be overridden in ways that bypass security checks. > Line 1046 getGroups() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java > Line 79 doGet() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java > Line 699 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java > Line 43 evaluate() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java > Line 444 receive() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 1269 readerIdle() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > Line 1340 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java > Line 78 processAMQPFrames() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > Executes privileged action. > broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java > Line 68 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java > Line 72 received() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java > Line 165 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 182 closed() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java > Line 152 addConsumer() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java > Line 172 getProxyNode() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java > Line 43 decide() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java > Line 303 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java > Line 359 onOpen() - Non-final
[jira] [Updated] (QPID-8553) [Broker-J] Improve NPE checks
[ https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8553: - Fix Version/s: (was: qpid-java-broker-8.0.6) > [Broker-J] Improve NPE checks > - > > Key: QPID-8553 > URL: https://issues.apache.org/jira/browse/QPID-8553 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.5 >Reporter: Daniil Kirilyuk >Priority: Minor > > HP Fortify complains that classes defining security may be overridden by > sub-classes and thereby by-passing the security features: > broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java > Line 58 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 75 authorise() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java > Line 1022 getConnectionMetaData() - Non-final methods that perform security > checks may be overridden in ways that bypass security checks. > Line 1046 getGroups() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java > Line 79 doGet() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java > Line 699 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java > Line 43 evaluate() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java > Line 444 receive() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 1269 readerIdle() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > Line 1340 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java > Line 78 processAMQPFrames() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > Executes privileged action. > broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java > Line 68 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java > Line 72 received() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java > Line 165 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 182 closed() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java > Line 152 addConsumer() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java > Line 172 getProxyNode() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java > Line 43 decide() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java > Line 303 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java > Line 359 onOpen() - Non-final methods that perform security checks may
[jira] [Updated] (QPID-8553) [Broker-J] Improve NPE checks
[ https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8553: - Fix Version/s: qpid-java-broker-8.0.6 > [Broker-J] Improve NPE checks > - > > Key: QPID-8553 > URL: https://issues.apache.org/jira/browse/QPID-8553 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.5 >Reporter: Daniil Kirilyuk >Priority: Minor > Fix For: qpid-java-broker-8.0.6 > > > HP Fortify complains that classes defining security may be overridden by > sub-classes and thereby by-passing the security features: > broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java > Line 58 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 75 authorise() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java > Line 1022 getConnectionMetaData() - Non-final methods that perform security > checks may be overridden in ways that bypass security checks. > Line 1046 getGroups() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java > Line 79 doGet() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java > Line 699 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java > Line 43 evaluate() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java > Line 444 receive() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 1269 readerIdle() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > Line 1340 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java > Line 78 processAMQPFrames() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > Executes privileged action. > broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java > Line 68 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java > Line 72 received() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java > Line 165 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 182 closed() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java > Line 152 addConsumer() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java > Line 172 getProxyNode() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java > Line 43 decide() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java > Line 303 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java > Line 359 onOpen() - Non-final
[jira] [Updated] (QPID-8553) [Broker-J] Improve NPE checks
[ https://issues.apache.org/jira/browse/QPID-8553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Alex Rudyy updated QPID-8553: - Summary: [Broker-J] Improve NPE checks (was: [Broker-J] HP Fortify: Weak SecurityManager Check: Overridable Method) > [Broker-J] Improve NPE checks > - > > Key: QPID-8553 > URL: https://issues.apache.org/jira/browse/QPID-8553 > Project: Qpid > Issue Type: Improvement > Components: Broker-J >Affects Versions: qpid-java-broker-8.0.5 >Reporter: Daniil Kirilyuk >Priority: Minor > > HP Fortify complains that classes defining security may be overridden by > sub-classes and thereby by-passing the security features: > broker-plugins/access-control/src/main/org/apache/qpid/server/security/access/config/RuleBasedAccessControl.java > Line 58 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 75 authorise() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/model/BrokerImpl.java > Line 1022 getConnectionMetaData() - Non-final methods that perform security > checks may be overridden in ways that bypass security checks. > Line 1046 getGroups() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/management-http/src/main/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java > Line 79 doGet() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/org/apache/qpid/server/protocol/v0_8/AMQPConnection_0_8Impl.java > Line 699 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/logging-logback/src/main/org/apache/qpid/server/logging/logback/ConnectionAndUserPredicate.java > Line 43 evaluate() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-1-0-protocol/src/main/org/apache/qpid/server/protocol/v1_0/AMQPConnection_1_0Impl.java > Line 444 receive() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 1269 readerIdle() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > Line 1340 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/org/apache/qpid/server/protocol/v0_8/BrokerDecoder.java > Line 78 processAMQPFrames() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > Executes privileged action. > broker-core/src/main/java/org/apache/qpid/server/security/CompoundAccessControl.java > Line 68 newToken() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/ServerAssembler.java > Line 72 received() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/amqp-0-10-protocol/src/main/java/org/apache/qpid/server/protocol/v0_10/AMQPConnection_0_10Impl.java > Line 165 readerIdle() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Line 182 closed() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > Executes privileged action. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ProxyMessageSource.java > Line 152 addConsumer() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/management-amqp/src/main/java/org/apache/qpid/server/management/amqp/ManagementAddressSpace.java > Line 172 getProxyNode() - Non-final methods that perform security checks may > be overridden in ways that bypass security checks. > broker-plugins/logging-logback/src/main/java/org/apache/qpid/server/logging/logback/PrincipalLogEventFilter.java > Line 43 decide() - Non-final methods that perform security checks may be > overridden in ways that bypass security checks. > broker-plugins/amqp-0-8-protocol/src/main/java/org/apache/qpid/server/protocol/v0_8/AMQChannel.java > Line 303 receivedComplete() - Non-final methods that perform security checks > may be overridden in ways that bypass security checks. > broker-core/src/main/java/org/apache/qpid/server/queue/AbstractQueue.java >
