You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "lujie (JIRA)" <ji...@apache.org> on 2018/04/30 11:52:00 UTC

[jira] [Created] (STORM-3049) a potential NPE in SupervisorSimpleACLAuthorizer#permit SimpleACLAuthorizer#permit

lujie created STORM-3049:
----------------------------

             Summary: a potential NPE in SupervisorSimpleACLAuthorizer#permit SimpleACLAuthorizer#permit
                 Key: STORM-3049
                 URL: https://issues.apache.org/jira/browse/STORM-3049
             Project: Apache Storm
          Issue Type: Bug
            Reporter: lujie


We have developed a static analysis tool [NPEDetector|https://github.com/lujiefsi/NPEDetector] to find some potential NPE. Our analysis shows that some callees may return null in corner case(e.g. node crash , IO exception), some of their callers have  _!=null_ check but some do not have. 

*Bug:*

callee ReqContext#principal have 12 callers, 10 of them have null checker like:
{code:java}
public boolean permit(ReqContext context, String operation, Map<String, Object> topoConf) {
    return context.principal() != null ? users.contains(context.principal().getName()) : false;
}
{code}
but SupervisorSimpleACLAuthorizer#permit  and SimpleACLAuthorizer#permit have no, just like:
{code:java}
//SupervisorSimpleACLAuthorizer#permit 
String principal = context.principal().getName();{code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)