[jira] [Created] (AXIS2-5865) Missing JSTL files on axis2-1.7.6-bin.zip
Danilo G. Baio created AXIS2-5865: - Summary: Missing JSTL files on axis2-1.7.6-bin.zip Key: AXIS2-5865 URL: https://issues.apache.org/jira/browse/AXIS2-5865 Project: Axis2 Issue Type: Bug Components: admin console, samples, build,site Affects Versions: 1.7.6 Reporter: Danilo G. Baio Priority: Minor >From the release notes: {quote}The JSTL is now packaged into the Axis2 Web application. This fixes issues with the Admin consoles on servlet containers that don’t provide the JSTL.{quote} This was not included in axis2-1.7.6-bin.zip. Thank you. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Reopened] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak reopened AXIS2-5863: Universe is broken: The diff patch was not correctly applied. I can still see the old code in 'trunk' and the issue is still present in 1.7.6. > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Commented] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118944#comment-16118944 ] Andreas Veithen commented on AXIS2-5863: That's because I didn't apply your patch. Instead I implemented a different solution, namely I changed the code so that _messageContext can't be null in the first place (by simply creating the MessageContext instance earlier). That indeed means that the piece of code you posted in the bug description remains unchanged. Note that similar code is produced in multiple locations in the template. I may have missed one instance. If that's the case, let me know. > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Resolved] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak resolved AXIS2-5863. Resolution: Fixed > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Commented] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16118962#comment-16118962 ] Petr Dvorak commented on AXIS2-5863: You are right - I have run the static code analyzer and there are no issues. Sorry for the confusion, I was eagerly checking the generated code and acted too soon... > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org
[jira] [Closed] (AXIS2-5863) Possible null dereference in ServiceStub class
[ https://issues.apache.org/jira/browse/AXIS2-5863?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Petr Dvorak closed AXIS2-5863. -- Confirming fix in 1.7.6. > Possible null dereference in ServiceStub class > -- > > Key: AXIS2-5863 > URL: https://issues.apache.org/jira/browse/AXIS2-5863 > Project: Axis2 > Issue Type: Bug > Components: codegen >Affects Versions: 1.7.5 >Reporter: Petr Dvorak >Priority: Minor > Labels: security > Fix For: 1.7.6 > > Attachments: diff.patch > > > We use Coverity Scan tool to audit our open-source code against security > vulnerabilities. Possible NullPointerException was detected in Axis2 > generated ServiceStub class code. The issue occurs in following generated > code: > {code:java} > } finally { > if (_messageContext.getTransportOut() != null) { > _messageContext.getTransportOut().getSender() > .cleanup(_messageContext); > } > } > {code} > In case "_messageContext" is set to null, the if condition throws NPE. Also, > we can see the path on how this variable value actually may become null, so > we believe the issue is valid and null check should be present... > Here are possible implications of the issue from the security perspective: > http://cwe.mitre.org/data/definitions/476.html -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org For additional commands, e-mail: java-dev-h...@axis.apache.org