[jira] [Created] (AXIS2-5865) Missing JSTL files on axis2-1.7.6-bin.zip

2017-08-08 Thread Danilo G. Baio (JIRA) 
Danilo G. Baio created AXIS2-5865:
-

 Summary: Missing JSTL files on axis2-1.7.6-bin.zip
 Key: AXIS2-5865
 URL: https://issues.apache.org/jira/browse/AXIS2-5865
 Project: Axis2
  Issue Type: Bug
  Components: admin console, samples, build,site
Affects Versions: 1.7.6
Reporter: Danilo G. Baio
Priority: Minor


>From the release notes:
{quote}The JSTL is now packaged into the Axis2 Web application. This fixes 
issues with the Admin consoles on servlet containers that don’t provide the 
JSTL.{quote}

This was not included in axis2-1.7.6-bin.zip.

Thank you.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Reopened] (AXIS2-5863) Possible null dereference in ServiceStub class

2017-08-08 Thread Petr Dvorak (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Petr Dvorak reopened AXIS2-5863:


Universe is broken: The diff patch was not correctly applied. I can still see 
the old code in 'trunk' and the issue is still present in 1.7.6.

> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
>  Issue Type: Bug
>  Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
>  Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security 
> vulnerabilities. Possible NullPointerException was detected in Axis2 
> generated ServiceStub class code. The issue occurs in following generated 
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, 
> we can see the path on how this variable value actually may become null, so 
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Commented] (AXIS2-5863) Possible null dereference in ServiceStub class

2017-08-08 Thread Andreas Veithen (JIRA) 

[ 
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118944#comment-16118944
 ] 

Andreas Veithen commented on AXIS2-5863:


That's because I didn't apply your patch. Instead I implemented a different 
solution, namely I changed the code so that _messageContext can't be null in 
the first place (by simply creating the MessageContext instance earlier). That 
indeed means that the piece of code you posted in the bug description remains 
unchanged. Note that similar code is produced in multiple locations in the 
template. I may have missed one instance. If that's the case, let me know.

> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
>  Issue Type: Bug
>  Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
>  Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security 
> vulnerabilities. Possible NullPointerException was detected in Axis2 
> generated ServiceStub class code. The issue occurs in following generated 
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, 
> we can see the path on how this variable value actually may become null, so 
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Resolved] (AXIS2-5863) Possible null dereference in ServiceStub class

2017-08-08 Thread Petr Dvorak (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Petr Dvorak resolved AXIS2-5863.

Resolution: Fixed

> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
>  Issue Type: Bug
>  Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
>  Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security 
> vulnerabilities. Possible NullPointerException was detected in Axis2 
> generated ServiceStub class code. The issue occurs in following generated 
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, 
> we can see the path on how this variable value actually may become null, so 
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Commented] (AXIS2-5863) Possible null dereference in ServiceStub class

2017-08-08 Thread Petr Dvorak (JIRA) 

[ 
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118962#comment-16118962
 ] 

Petr Dvorak commented on AXIS2-5863:


You are right - I have run the static code analyzer and there are no issues. 
Sorry for the confusion, I was eagerly checking the generated code and acted 
too soon...

> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
>  Issue Type: Bug
>  Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
>  Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security 
> vulnerabilities. Possible NullPointerException was detected in Axis2 
> generated ServiceStub class code. The issue occurs in following generated 
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, 
> we can see the path on how this variable value actually may become null, so 
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

[jira] [Closed] (AXIS2-5863) Possible null dereference in ServiceStub class

2017-08-08 Thread Petr Dvorak (JIRA) 

 [ 
https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Petr Dvorak closed AXIS2-5863.
--

Confirming fix in 1.7.6.

> Possible null dereference in ServiceStub class
> --
>
> Key: AXIS2-5863
> URL: https://issues.apache.org/jira/browse/AXIS2-5863
> Project: Axis2
>  Issue Type: Bug
>  Components: codegen
>Affects Versions: 1.7.5
>Reporter: Petr Dvorak
>Priority: Minor
>  Labels: security
> Fix For: 1.7.6
>
> Attachments: diff.patch
>
>
> We use Coverity Scan tool to audit our open-source code against security 
> vulnerabilities. Possible NullPointerException was detected in Axis2 
> generated ServiceStub class code. The issue occurs in following generated 
> code:
> {code:java}
> } finally {
> if (_messageContext.getTransportOut() != null) {
> _messageContext.getTransportOut().getSender()
> .cleanup(_messageContext);
> }
> }
> {code}
> In case "_messageContext" is set to null, the if condition throws NPE. Also, 
> we can see the path on how this variable value actually may become null, so 
> we believe the issue is valid and null check should be present...
> Here are possible implications of the issue from the security perspective:
> http://cwe.mitre.org/data/definitions/476.html



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

-
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org