You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandeep More (JIRA)" <ji...@apache.org> on 2016/09/02 00:31:20 UTC
[jira] [Updated] (KNOX-740) Address new coverity scan issues
[ https://issues.apache.org/jira/browse/KNOX-740?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandeep More updated KNOX-740:
------------------------------
Attachment: KNOX-740.002.patch
Thanks for the feedback [~lmccay] ! This patch takes care of the misplaced curly brace and the formatting of KnoxPamRealm to include spaces instead of tabs to closely adhere to the standard.
Thanks !
Sandeep
> Address new coverity scan issues
> --------------------------------
>
> Key: KNOX-740
> URL: https://issues.apache.org/jira/browse/KNOX-740
> Project: Apache Knox
> Issue Type: Bug
> Reporter: Sumit Gupta
> Assignee: Sandeep More
> Fix For: 0.10.0
>
> Attachments: KNOX-740.001.patch, KNOX-740.002.patch
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
>
> ** CID 1361684: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361684: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
> 134 ShiroLog.failedLoginAttempt(e.getCause());
> 135 throw new AuthenticationException(e);
> 136 }
> 137 HashRequest.Builder builder = new HashRequest.Builder();
> 138 Hash credentialsHash = hashService
> 139 .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
> >>> CID 1361684: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "credentialsHash".
> 140 return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
> 141 getName());
> 142 }
> 143
>
> ** CID 1361683: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361683: Null pointer dereferences (NULL_RETURNS)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
> 65 Subject subject = SecurityUtils.getSubject();
> 66
> 67 // trigger call to shiro authorization realm
> 68 // we use shiro authorization realm to look up groups
> 69 subject.hasRole("authenticatedUser");
> 70
> >>> CID 1361683: Null pointer dereferences (NULL_RETURNS)
> >>> Calling a method on null object "subject.getPrincipal()".
> 71 final String principalName = (String) subject.getPrincipal().toString();
> 72
> 73 CallableChain callableChain = new CallableChain(request, response, chain);
> 74 SecurityUtils.getSubject().execute(callableChain);
> 75 }
> 76
>
> ** CID 1361682: Null pointer dereferences (FORWARD_NULL)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
>
>
> ________________________________________________________________________________________________________
> *** CID 1361682: Null pointer dereferences (FORWARD_NULL)
> /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
> 113 UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
> 114 if (user != null) {
> 115 roles.addAll(user.getUnixUser().getGroups());
> 116 }
> 117 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles);
> 118 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles);
> >>> CID 1361682: Null pointer dereferences (FORWARD_NULL)
> >>> Calling a method on null object "user".
> 119 GatewayLog.lookedUpUserRoles(roles, user.getName());
> 120 return new SimpleAuthorizationInfo(roles);
> 121 }
> 122
> 123 @Override
> 124 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)