You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Don Bosco Durai <bo...@apache.org> on 2017/10/02 19:10:22 UTC
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix.
Thanks
Bosco
On 10/1/17, 1:07 AM, "scan-admin@coverity.com" <sc...@coverity.com> wrote:
Hi,
Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan.
3 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 167289: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
________________________________________________________________________________________________________
*** CID 167289: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
367 null);
368 searchUtil.extractString(request, searchCriteria, "userRole", "UserRole", null);
369 if (CollectionUtils.isNotEmpty(userRolesList) && CollectionUtils.size(userRolesList) == 1 && userRolesList.get(0).equalsIgnoreCase(UserRoleParamName)) {
370 if (!(searchCriteria.getParamList().containsKey("name"))) {
371 searchCriteria.addParam("name", userName);
372 }
>>> CID 167289: Null pointer dereferences (FORWARD_NULL)
>>> Calling a method on null object "userName".
373 else if ((searchCriteria.getParamList().containsKey("name")) && userName.contains((String) searchCriteria.getParamList().get("name"))) {
374 searchCriteria.addParam("name", userName);
375 }
376 else {
377 String randomString = new Random().toString();
378 searchCriteria.addParam("name", randomString);
** CID 167288: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
________________________________________________________________________________________________________
*** CID 167288: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
351 @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")")
352 public VXUserList searchXUsers(@Context HttpServletRequest request) {
353 String UserRoleParamName = RangerConstants.ROLE_USER;
354 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
355 request, xUserService.sortFields);
356 String userName = null;
>>> CID 167288: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "request" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
357 if(request != null && request.getUserPrincipal() != null){
358 userName = request.getUserPrincipal().getName();
359 }
360 searchUtil.extractString(request, searchCriteria, "name", "User name",null);
361 searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address",
362 null);
** CID 167287: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
________________________________________________________________________________________________________
*** CID 167287: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
351 @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")")
352 public VXUserList searchXUsers(@Context HttpServletRequest request) {
353 String UserRoleParamName = RangerConstants.ROLE_USER;
354 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
355 request, xUserService.sortFields);
356 String userName = null;
>>> CID 167287: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "request" to null implies that "request" might be null.
357 if(request != null && request.getUserPrincipal() != null){
358 userName = request.getUserPrincipal().getName();
359 }
360 searchUtil.extractString(request, searchCriteria, "name", "User name",null);
361 searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address",
362 null);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsm-2Bqcjy6muRdi7IaDRbjxGxQeQePfeRe863kyD6Ke5gd4t7fouGu2W7Wu-2FXUKAGAQqcUi9b-2BFB9niZsyU830q8pbYU-2FSR56epZabNv5uwh9TqXrfKSM9Q2pDSecCU5tczM0wYx6d-2BZ0IrT-2FGRbkPinN1Ra41zgXKG-2FOhVYCwycIw-3D-3D
To manage Coverity Scan email notifications for "bosco@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsm-2Bqcjy6muRdi7IaDRbjxGm-2Bop23c-2BtcVvjDZ-2F17HqaMFWBFbvcgJ7DaUe00H-2FxuRDyi2bie4abnJJ9-2Bd8YrvEJScSJ39bm5Lc7LdkzQi-2B7uQlEDkZBu1-2Bm71zvQ8ebi1Yoetga-2BUsaQ7fhZ8Szy4Z1apFHODropFfzxbMaqK3Fw-3D-3D