You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Larry McCay (JIRA)" <ji...@apache.org> on 2016/09/01 23:25:20 UTC
[jira] [Commented] (KNOX-740) Address new coverity scan issues
[ https://issues.apache.org/jira/browse/KNOX-740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15456926#comment-15456926 ]
Larry McCay commented on KNOX-740:
----------------------------------
Hi [~smore] - thanks for the patch!
I've applied it, built and ran the unit tests and all looks good.
Couple nits:
1. The use of tabs in the KnoxPamRealm should be replaced with spaces. I see that you were only following the existing use of tabs in the file from the original contribution. Let's actually reformat that whole file to use two spaces instead of tabs.
2. line 146 there is a misplaced curly brace. Just move that up to the previous line.
Provide a v002 version and click Submit Patch once it is attached.
That will kick off the precommit jenkins job.
thanks again!
> Address new coverity scan issues
> --------------------------------
>
> Key: KNOX-740
> URL: https://issues.apache.org/jira/browse/KNOX-740
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Sumit Gupta
> Assignee: Sandeep More
> Fix For: 0.10.0
>
> Attachments: KNOX-740.001.patch
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
>
> ** CID 1361684: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361684: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
> 134 ShiroLog.failedLoginAttempt(e.getCause());
> 135 throw new AuthenticationException(e);
> 136 }
> 137 HashRequest.Builder builder = new HashRequest.Builder();
> 138 Hash credentialsHash = hashService
> 139 .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
> >>> CID 1361684: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "credentialsHash".
> 140 return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
> 141 getName());
> 142 }
> 143
>
> ** CID 1361683: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361683: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 65 Subject subject = SecurityUtils.getSubject();
> 66
> 67 // trigger call to shiro authorization realm
> 68 // we use shiro authorization realm to look up groups
> 69 subject.hasRole("authenticatedUser");
> 70
> >>> CID 1361683: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "subject.getPrincipal()".
> 71 final String principalName = (String) subject.getPrincipal().toString();
> 72
> 73 CallableChain callableChain = new CallableChain(request, response, chain);
> 74 SecurityUtils.getSubject().execute(callableChain);
> 75 }
> 76
>
> ** CID 1361682: Null pointer dereferences (FORWARD_NULL)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361682: Null pointer dereferences (FORWARD_NULL)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
> 113 UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
> 114 if (user != null) {
> 115 roles.addAll(user.getUnixUser().getGroups());
> 116 }
> 117 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles);
> 118 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles);
> >>> CID 1361682: Null pointer dereferences (FORWARD_NULL)
> >>> Calling a method on null object "user".
> 119 GatewayLog.lookedUpUserRoles(roles, user.getName());
> 120 return new SimpleAuthorizationInfo(roles);
> 121 }
> 122
> 123 @Override
> 124 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)