You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2016/03/29 21:58:25 UTC
[jira] [Resolved] (KNOX-687) Address new Coverity Scan issues
[ https://issues.apache.org/jira/browse/KNOX-687?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Minder resolved KNOX-687.
-------------------------------
Resolution: Fixed
Resolved via the following commit. Not sure why this wasn't noted automatically.
7edeac5d80e161663fea14bafd4d7f662d25d767 | 2016-03-14 15:47:26 -0400 | Kevin Minder | [KNOX-687] - Address new Coverity Scan issues
> Address new Coverity Scan issues
> --------------------------------
>
> Key: KNOX-687
> URL: https://issues.apache.org/jira/browse/KNOX-687
> Project: Apache Knox
> Issue Type: Task
> Components: Server
> Affects Versions: 0.9.0
> Reporter: Kevin Minder
> Assignee: Kevin Minder
> Priority: Critical
> Fix For: 0.9.0
>
>
> Please find the latest report on new defect(s) introduced to Apache Knox found with Coverity Scan.
> 6 new defect(s) introduced to Apache Knox found with Coverity Scan.
> 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
> {code}
> ** CID 1352655: Resource leaks (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352655: Resource leaks (RESOURCE_LEAK)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 245 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> 239 }
> 240
> 241 private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
> 242 KeyStore keystore = KeyStore.getInstance(storeType);
> 243 InputStream is = new FileInputStream(fileName);
> 244 keystore.load( is, storePass );
> >>> CID 1352655: Resource leaks (RESOURCE_LEAK)
> >>> Variable "is" going out of scope leaks the resource it refers to.
> 245 return keystore;
> 246 }
> 247
> ** CID 1352654: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
> ________________________________________________________________________________________________________
> *** CID 1352654: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java: 291 in org.apache.hadoop.gateway.GatewayServer.startGateway(org.apache.hadoop.gateway.config.GatewayConfig, org.apache.hadoop.gateway.services.GatewayServices)()
> 285 services = svcs;
> 286 //}
> 287 //KM]
> 288 services.start();
> 289 DeploymentFactory.setGatewayServices(services);
> 290 server.start();
> >>> CID 1352654: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "org.apache.hadoop.gateway.GatewayServer.server.jetty.getURI()".
> 291 log.startedGateway( server.jetty.getURI().getPort() );
> 292 return server;
> 293 }
> 294 }
> 295
> 296 public GatewayServer( GatewayConfig config ) {
> ** CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> ________________________________________________________________________________________________________
> *** CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java: 244 in org.apache.hadoop.gateway.services.security.impl.JettySSLService.loadKeyStore(java.lang.String, java.lang.String, char[])()
> 238
> 239 }
> 240
> 241 private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass ) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
> 242 KeyStore keystore = KeyStore.getInstance(storeType);
> 243 InputStream is = new FileInputStream(fileName);
> >>> CID 1352651: Medium impact security (HARDCODED_CREDENTIALS)
> >>> "java.security.KeyStore.load(java.io.InputStream, char[])" uses the constant string as a password.
> 244 keystore.load( is, storePass );
> 245 return keystore;
> 246 }
> 247
> ** CID 1324355: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> ________________________________________________________________________________________________________
> *** CID 1324355: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/trace/TraceResponse.java: 67 in org.apache.hadoop.gateway.trace.TraceResponse.appendHeaders(java.lang.StringBuilder)()
> 61 log.trace( sb.toString() );
> 62 }
> 63
> 64 private void appendHeaders( StringBuilder sb ) {
> 65 if( headLog.isTraceEnabled() ) {
> 66 Collection<String> names = getHeaderNames();
> >>> CID 1324355: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "names".
> 67 for( String name : names ) {
> 68 for( String value : getHeaders( name ) ) {
> 69 sb.append( String.format( "\n\tHeader[%s]=%s", name, value ) );
> 70 }
> 71 }
> 72 }
> 73 }
> 74
> ** CID 1241749: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> ________________________________________________________________________________________________________
> *** CID 1241749: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/dispatch/ServletDispatch.java: 45 in org.apache.hadoop.gateway.dispatch.ServletDispatch.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 39 servletName = config.getInitParameter( DISPATCH_SERVLET_PARAM_NAME );
> 40 }
> 41
> 42 @Override
> 43 public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain )
> 44 throws IOException, ServletException {
> >>> CID 1241749: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "servletContext.getNamedDispatcher(servletName)".
> 45 servletContext.getNamedDispatcher( servletName ).forward( request, response );
> 46 }
> 47
> 48 @Override
> 49 public void destroy() {
> 50 servletContext = null;
> 51 servletName = null;
> 52 }
> 53
> ** CID 1241641: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
> ________________________________________________________________________________________________________
> *** CID 1241641: Null pointer dereferences (NULL_RETURNS)
> /gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayForwardingServlet.java: 99 in org.apache.hadoop.gateway.GatewayForwardingServlet.doGet(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)()
> 93 auditor.audit(
> 94 AUDIT_ACTION, origPath, ResourceType.URI,
> 95 ActionOutcome.UNAVAILABLE, RES.forwardToDefaultTopology( request.getMethod(), redirectToContext ) );
> 96
> 97 // Perform cross context dispatch to the configured topology context
> 98 ServletContext ctx = getServletContext().getContext(redirectToContext);
> >>> CID 1241641: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "ctx".
> 99 RequestDispatcher dispatcher = ctx.getRequestDispatcher(origRequest);
> 100
> 101 dispatcher.forward(request, response);
> 102
> 103 auditor.audit(
> 104 AUDIT_ACTION, origPath, ResourceType.URI,
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)