You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2016/03/29 21:58:25 UTC

[jira] [Resolved] (KNOX-687) Address new Coverity Scan issues

     [ https://issues.apache.org/jira/browse/KNOX-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Minder resolved KNOX-687.
-------------------------------
    Resolution: Fixed

Resolved via the following commit.  Not sure why this wasn't noted automatically.
7edeac5d80e161663fea14bafd4d7f662d25d767 | 2016-03-14 15:47:26 -0400 | Kevin Minder | [KNOX-687] - Address new Coverity Scan issues

> Address new Coverity Scan issues
> --------------------------------
>
>                 Key: KNOX-687
>                 URL: https://issues.apache.org/jira/browse/KNOX-687
>             Project: Apache Knox
>          Issue Type: Task
>          Components: Server
>    Affects Versions: 0.9.0
>            Reporter: Kevin Minder
>            Assignee: Kevin Minder
>            Priority: Critical
>             Fix For: 0.9.0
>
>
> Please find the latest report on new defect(s) introduced to Apache Knox found with Coverity Scan.
> 6 new defect(s) introduced to Apache Knox found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
> {code}
> ** CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> 239       }
> 240
> 241       private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
> 242         KeyStore keystore = KeyStore.getInstance(storeType);
> 243         InputStream is = new FileInputStream(fileName);
> 244         keystore.load( is, storePass );
> >>>     CID 1352655:  Resource leaks  (RESOURCE_LEAK)
> >>>     Variable "is" going out of scope leaks the resource it refers to.
> 245         return keystore;
> 246       }
> 247
> ** CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
> ________________________________________________________________________________________________________
> *** CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
> 285           services = svcs;
> 286           //}
> 287           //KM]
> 288           services.start();
> 289           DeploymentFactory.setGatewayServices(services);
> 290           server.start();
> >>>     CID 1352654:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "org.apache.hadoop.gateway.GatewayServer.server.jetty.getURI()".
> 291           log.startedGateway( server.jetty.getURI().getPort() );
> 292           return server;
> 293         }
> 294       }
> 295
> 296       public GatewayServer( GatewayConfig config ) {
> ** CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> 238
> 239       }
> 240
> 241       private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
> 242         KeyStore keystore = KeyStore.getInstance(storeType);
> 243         InputStream is = new FileInputStream(fileName);
> >>>     CID 1352651:  Medium impact security  (HARDCODED_CREDENTIALS)
> >>>     "java.security.KeyStore.load(java.io.InputStream, char[])" uses the constant string as a password.
> 244         keystore.load( is, storePass );
> 245         return keystore;
> 246       }
> 247
> ** CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> ________________________________________________________________________________________________________
> *** CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> 61         log.trace( sb.toString() );
> 62       }
> 63
> 64       private void appendHeaders( StringBuilder sb ) {
> 65         if( headLog.isTraceEnabled() ) {
> 66           Collection<String> names = getHeaderNames();
> >>>     CID 1324355:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "names".
> 67           for( String name : names ) {
> 68             for( String value : getHeaders( name ) ) {
> 69               sb.append( String.format( "\n\tHeader[%s]=%s", name, value ) );
> 70             }
> 71           }
> 72         }
> 73       }
> 74
> ** CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> ________________________________________________________________________________________________________
> *** CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 39         servletName = config.getInitParameter( DISPATCH_SERVLET_PARAM_NAME );
> 40       }
> 41
> 42       @Override
> 43       public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
> 44           throws IOException, ServletException {
> >>>     CID 1241749:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "servletContext.getNamedDispatcher(servletName)".
> 45         servletContext.getNamedDispatcher( servletName ).forward( request, response );
> 46       }
> 47
> 48       @Override
> 49       public void destroy() {
> 50         servletContext = null;
> 51         servletName = null;
> 52       }
> 53
> ** CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
> ________________________________________________________________________________________________________
> *** CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
> 93           auditor.audit(
> 94                   AUDIT_ACTION, origPath, ResourceType.URI,
> 95                   ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( request.getMethod(), redirectToContext ) );
> 96
> 97           // Perform cross context dispatch to the configured topology context
> 98           ServletContext ctx = getServletContext().getContext(redirectToContext);
> >>>     CID 1241641:  Null pointer dereferences  (NULL_RETURNS)
> >>>     Calling a method on null object "ctx".
> 99           RequestDispatcher dispatcher = ctx.getRequestDispatcher(origRequest);
> 100
> 101           dispatcher.forward(request, response);
> 102
> 103           auditor.audit(
> 104                   AUDIT_ACTION, origPath, ResourceType.URI,
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)