You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "lujie (JIRA)" <ji...@apache.org> on 2018/04/30 11:52:00 UTC
[jira] [Created] (STORM-3049) a potential NPE in
SupervisorSimpleACLAuthorizer#permit SimpleACLAuthorizer#permit
lujie created STORM-3049:
----------------------------
Summary: a potential NPE in SupervisorSimpleACLAuthorizer#permit SimpleACLAuthorizer#permit
Key: STORM-3049
URL: https://issues.apache.org/jira/browse/STORM-3049
Project: Apache Storm
Issue Type: Bug
Reporter: lujie
We have developed a static analysis tool [NPEDetector|https://github.com/lujiefsi/NPEDetector] to find some potential NPE. Our analysis shows that some callees may return null in corner case(e.g. node crash , IO exception), some of their callers have _!=null_ check but some do not have.
*Bug:*
callee ReqContext#principal have 12 callers, 10 of them have null checker like:
{code:java}
public boolean permit(ReqContext context, String operation, Map<String, Object> topoConf) {
return context.principal() != null ? users.contains(context.principal().getName()) : false;
}
{code}
but SupervisorSimpleACLAuthorizer#permit and SimpleACLAuthorizer#permit have no, just like:
{code:java}
//SupervisorSimpleACLAuthorizer#permit
String principal = context.principal().getName();{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)