You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "Ramesh Mani (JIRA)" <ji...@apache.org> on 2015/11/02 16:22:27 UTC
[jira] [Commented] (RANGER-715) Fix issues reported by coverity
test in Ranger Plugin ClassLoader
[ https://issues.apache.org/jira/browse/RANGER-715?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985380#comment-14985380 ]
Ramesh Mani commented on RANGER-715:
------------------------------------
** CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 266 in ()
________________________________________________________________________________________________________
*** CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 266 in ()
260 @Override
261 public Class<?> findClass(String name) throws ClassNotFoundException {
262 return super.findClass(name);
263 }
264 }
265
CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
Should org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MergeEnumeration be a _static_ inner class?
266 class MergeEnumeration implements Enumeration<URL> {
267
268 Enumeration<URL> e1 = null;
269 Enumeration<URL> e2 = null;
270
271 public MergeEnumeration(Enumeration<URL> e1, Enumeration<URL> e2 ) {
** CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java: 95 in ()
________________________________________________________________________________________________________
*** CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java: 95 in ()
89
90 if(LOG.isDebugEnabled()) {
91 LOG.debug("<== RangerOptimizedPolicyEvaluator.init()");
92 }
93 }
94
CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
Should org.apache.ranger.plugin.policyevaluator.RangerOptimizedPolicyEvaluator$LevelResourceNames be a _static_ inner class?
95 class LevelResourceNames implements Comparable<LevelResourceNames> {
96 final int level;
97 final RangerPolicy.RangerPolicyResource policyResource;
98
99 public LevelResourceNames(int level, RangerPolicy.RangerPolicyResource policyResource) {
100 this.level = level;
*** CID 131854: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 52 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(java.lang.String, java.lang.Class)()
46 public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception {
47 RangerPluginClassLoader ret = me;
48 if ( ret == null) {
49 synchronized(RangerPluginClassLoader.class) {
50 ret = me;
51 if ( ret == null){
CID 131854: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(String, Class) creates a org.apache.ranger.plugin.classloader.RangerPluginClassLoader classloader, which should be performed within a doPrivileged block.
52 me = ret = new RangerPluginClassLoader(pluginType,pluginClass);
53 }
54 }
55 }
56 return ret;
57 }
** CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 43 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String, java.lang.Class)()
________________________________________________________________________________________________________
*** CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
/ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 43 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String, java.lang.Class)()
37 private static MyClassLoader componentClassLoader = null;
38 //private static ThreadLocal<MyClassLoader> componentClassLoader = new ThreadLocal<MyClassLoader>();
39
40 public RangerPluginClassLoader(String pluginType, Class<?> pluginClass ) throws Exception {
41 super(RangerPluginClassLoaderUtil.getInstance().getPluginFilesForServiceTypeAndPluginclass(pluginType, pluginClass), null);
42 //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader()));
CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
new org.apache.ranger.plugin.classloader.RangerPluginClassLoader(String, Class) creates a org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MyClassLoader classloader, which should be performed within a doPrivileged block.
43 componentClassLoader = new MyClassLoader(Thread.currentThread().getContextClassLoader());
44 }
45
46 public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception {
47 RangerPluginClassLoader ret = me;
48 if ( ret == null) {
> Fix issues reported by coverity test in Ranger Plugin ClassLoader
> -----------------------------------------------------------------
>
> Key: RANGER-715
> URL: https://issues.apache.org/jira/browse/RANGER-715
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 0.5.0
> Reporter: Ramesh Mani
> Assignee: Ramesh Mani
> Fix For: 0.5.0
>
>
> Fix issues reported by coverity test in Ranger Plugin ClassLoader
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)