You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2016/03/08 16:15:41 UTC
[jira] [Created] (KNOX-687) New Coverity Scan issues
Kevin Minder created KNOX-687:
---------------------------------
Summary: New Coverity Scan issues
Key: KNOX-687
URL: https://issues.apache.org/jira/browse/KNOX-687
Project: Apache Knox
Issue Type: Task
Components: Server
Affects Versions: 0.9.0
Reporter: Kevin Minder
Priority: Critical
Fix For: 0.9.0
Please find the latest report on new defect(s) introduced to Apache Knox found with Coverity Scan.
6 new defect(s) introduced to Apache Knox found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
{code}
** CID 1352655: Resource leaks (RESOURCE_LEAK)
/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
________________________________________________________________________________________________________
*** CID 1352655: Resource leaks (RESOURCE_LEAK)
/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
239 }
240
241 private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
242 KeyStore keystore = KeyStore.getInstance(storeType);
243 InputStream is = new FileInputStream(fileName);
244 keystore.load( is, storePass );
>>> CID 1352655: Resource leaks (RESOURCE_LEAK)
>>> Variable "is" going out of scope leaks the resource it refers to.
245 return keystore;
246 }
247
** CID 1352654: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
________________________________________________________________________________________________________
*** CID 1352654: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
285 services = svcs;
286 //}
287 //KM]
288 services.start();
289 DeploymentFactory.setGatewayServices(services);
290 server.start();
>>> CID 1352654: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "org.apache.hadoop.gateway.GatewayServer.server.jetty.getURI()".
291 log.startedGateway( server.jetty.getURI().getPort() );
292 return server;
293 }
294 }
295
296 public GatewayServer( GatewayConfig config ) {
** CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
________________________________________________________________________________________________________
*** CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
238
239 }
240
241 private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
242 KeyStore keystore = KeyStore.getInstance(storeType);
243 InputStream is = new FileInputStream(fileName);
>>> CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
>>> "java.security.KeyStore.load(java.io.InputStream, char[])" uses the constant string as a password.
244 keystore.load( is, storePass );
245 return keystore;
246 }
247
** CID 1324355: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
________________________________________________________________________________________________________
*** CID 1324355: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
61 log.trace( sb.toString() );
62 }
63
64 private void appendHeaders( StringBuilder sb ) {
65 if( headLog.isTraceEnabled() ) {
66 Collection<String> names = getHeaderNames();
>>> CID 1324355: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "names".
67 for( String name : names ) {
68 for( String value : getHeaders( name ) ) {
69 sb.append( String.format( "\n\tHeader[%s]=%s", name, value ) );
70 }
71 }
72 }
73 }
74
** CID 1241749: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
________________________________________________________________________________________________________
*** CID 1241749: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
39 servletName = config.getInitParameter( DISPATCH_SERVLET_PARAM_NAME );
40 }
41
42 @Override
43 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
44 throws IOException, ServletException {
>>> CID 1241749: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "servletContext.getNamedDispatcher(servletName)".
45 servletContext.getNamedDispatcher( servletName ).forward( request, response );
46 }
47
48 @Override
49 public void destroy() {
50 servletContext = null;
51 servletName = null;
52 }
53
** CID 1241641: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
________________________________________________________________________________________________________
*** CID 1241641: Null pointer dereferences (NULL_RETURNS)
/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
93 auditor.audit(
94 AUDIT_ACTION, origPath, ResourceType.URI,
95 ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( request.getMethod(), redirectToContext ) );
96
97 // Perform cross context dispatch to the configured topology context
98 ServletContext ctx = getServletContext().getContext(redirectToContext);
>>> CID 1241641: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "ctx".
99 RequestDispatcher dispatcher = ctx.getRequestDispatcher(origRequest);
100
101 dispatcher.forward(request, response);
102
103 auditor.audit(
104 AUDIT_ACTION, origPath, ResourceType.URI,
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)