You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Lin Chen (JIRA)" <ji...@apache.org> on 2015/07/17 10:07:05 UTC
[jira] [Commented] (DIRKRB-379) Fix findbugs for kerby-kerb module
[ https://issues.apache.org/jira/browse/DIRKRB-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14630942#comment-14630942 ]
Lin Chen commented on DIRKRB-379:
---------------------------------
Hi yaning, thanks for working on this. Some questions:
1. Forget to handle the problem?
new org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[]) may expose internal representation by storing an externally mutable object into Transport$Message.body;
2.
{code}
@ -45,18 +45,29 @@ public class NativeRandom implements RandomProvider {
@Override
public void setSeed(byte[] seed) {
+ OutputStream output = null;
try {
- OutputStream output = new FileOutputStream(randFile);
+ output = new FileOutputStream(randFile);
output.write(seed);
} catch (IOException e) {
e.printStackTrace();
{code}
After {{output.wirte()}}, we'd better add a {{output.flush()}}
> Fix findbugs for kerby-kerb module
> ----------------------------------
>
> Key: DIRKRB-379
> URL: https://issues.apache.org/jira/browse/DIRKRB-379
> Project: Directory Kerberos
> Issue Type: Sub-task
> Reporter: Xu Yaning
> Attachments: DIRKRB-379-v1.patch
>
>
> Maven findbugs plugin reports some problems in this module, some problems are caused for the reason that this module is still under development, like "Unread public/protected field" and "Unused public or protected field". "unconditionally sets the field" problem happens in some classes that implement KOption interface, and will be fixed in DIRKRB-367.
> So the following problems are required to be solved here:
> # *org.apache.kerby.kerberos.kerb.integration.test.AppClient.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # *org.apache.kerby.kerberos.kerb.integration.test.AppServer.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[])*: String.getBytes();
> # new *org.apache.kerby.kerberos.kerb.integration.test.Transport$Message(String, byte[])* may expose internal representation by storing an externally mutable object into Transport$Message.body;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.withConnection(Transport$Connection)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppClient.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.doWith(GSSContext, Transport$Connection)*: new String(byte[]);
> # *org.apache.kerby.kerberos.kerb.integration.test.gss.GssAppServer.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isContinue(Transport$Message)*: new String(byte[]);
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.isOK(Transport$Message)*: new String(byte[]);
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.withConnection(Transport$Connection)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppClient.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.doWith(SaslServer, Map, Transport$Connection)*: new String(byte[]);
> # *org.apache.kerby.kerberos.kerb.integration.test.sasl.SaslAppServer.usage(String[])* invokes System.exit(...), which shuts down the entire virtual machine;
> # Null pointer dereference of identity in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String, KOptions)*;
> # Load of known null value in *org.apache.kerby.kerberos.kerb.admin.Kadmin.modifyPrincipal(String, KOptions)*;
> # Unread public/protected field: *org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin.context*;
> # Dead store to paType in *org.apache.kerby.kerberos.kerb.client.preauth.pkinit.PkinitPreauth.makePaPkAsReq(PkinitContext, PkinitRequestContext, KerberosTime, int, int, byte[], PrincipalName, PrincipalName)*;
> # *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.getOuterRequestBody()* may expose internal representation by returning KdcRequest.outerRequestBody;
> # *org.apache.kerby.kerberos.kerb.client.request.KdcRequest.setOuterRequestBody(byte[])* may expose internal representation by storing an externally mutable object into KdcRequest.outerRequestBody;
> # *org.apache.kerby.kerberos.kerb.common.EncryptionUtil.getAlgoNameFromEncType(EncryptionType)* makes inefficient use of keySet iterator instead of entrySet iterator;
> # *org.apache.kerby.kerberos.kerb.preauth.builtin.EncTsPreauthMeta.getPaTypes()* may expose internal representation by returning EncTsPreauthMeta.PA_TYPES;
> # *org.apache.kerby.kerberos.kerb.preauth.builtin.TgtPreauthMeta.getPaTypes()* may expose internal representation by returning TgtPreauthMeta.PA_TYPES;
> # Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.loadCerts(IdentityOpts, PrincipalName)* where default case is missing;
> # Switch statement found in *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitIdenity.processIdentityOption(IdentityOpts, String)* where default case is missing;
> # *org.apache.kerby.kerberos.kerb.preauth.pkinit.PkinitPreauthMeta.getPaTypes()* may expose internal representation by returning PkinitPreauthMeta.PA_TYPES;
> # *org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta.getPaTypes()* may expose internal representation by returning TokenPreauthMeta.PA_TYPES;
> # Comparison of String parameter using == or != in *org.apache.kerby.kerberos.kerb.spec.base.CheckSumType.fromName(String)*;
> # Invocation of hashCode on array in *org.apache.kerby.kerberos.kerb.spec.base.HostAddress.hashCode()*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.cksum.HmacMd5Rc4CheckSum.doChecksumWithKey(byte[], int, int, byte[], int)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Crc32Provider.output()* may expose internal representation by returning Crc32Provider.output;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiCmacEnc.prf(byte[], byte[])*: String.getBytes();
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.enc.KeKiHmacSha1Enc.prf(byte[], byte[])*: String.getBytes();
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.crypto.fast.FastUtil.prfPlus(EncryptionKey, String, int)*: String.getBytes();
> # *org.apache.kerby.kerberos.kerb.crypto.key.AbstractKeyMaker.KERBEROS_CONSTANT* should be package protected;
> # *org.apache.kerby.kerberos.kerb.crypto.key.DesKeyMaker*, Return value of removeMSBits(byte[]) ignored, but method has no side effect;
> # *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.setSeed(byte[])* may fail to clean up java.io.OutputStream;
> # *org.apache.kerby.kerberos.kerb.crypto.random.NativeRandom.nextBytes(byte[])* ignores result of java.io.InputStream.read(byte[]);
> # Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.decrypt(byte[], byte[])*;
> # Dead store to cipher in *org.apache.kerby.kerberos.kerb.crypto.util.Camellia.encrypt(byte[], byte[])*;
> # *org.apache.kerby.kerberos.kerb.crypto.util.CamelliaKey.SBOX1* should be package protected;
> # Nullcheck of identity at line 143 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.addIdentity(KrbIdentity)*;
> # Nullcheck of identity at line 168 of value previously dereferenced in *org.apache.kerby.kerberos.kerb.identity.backend.AbstractIdentityBackend.updateIdentity(KrbIdentity)*;
> # Possible null pointer dereference of kdcRequest in *org.apache.kerby.kerberos.kerb.server.KdcHandler.handleMessage(ByteBuffer, boolean, InetAddress)*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedString(): new String(byte[])*;
> # *org.apache.kerby.kerberos.kerb.KrbInputStream.readCountedOctets()* ignores result of *org.apache.kerby.kerberos.kerb.KrbInputStream.read(byte[])*;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.KrbOutputStream.writeCountedString(String)*: String.getBytes();
> # Unwritten field: *org.apache.kerby.kerberos.kerb.ccache.Credential.clientRealm*;
> # *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.load(File)* may fail to clean up java.io.InputStream;
> # *org.apache.kerby.kerberos.kerb.ccache.CredentialCache.store(File)* may fail to clean up java.io.OutputStream;
> # org.apache.kerby.kerberos.kerb.ccache.CredentialCache.readTags(CredCacheInputStream) ignores result of *org.apache.kerby.kerberos.kerb.ccache.CredCacheInputStream.read(byte[], int, int)*;
> # Unread field: *org.apache.kerby.kerberos.kerb.ccache.Tag.tagLen*;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.load(File)* may fail to clean up java.io.InputStream;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.store(File)* may fail to clean up java.io.OutputStream;
> # *org.apache.kerby.kerberos.kerb.keytab.Keytab.writeEntries(KeytabOutputStream)* makes inefficient use of keySet iterator instead of entrySet iterator;
> # Found reliance on default encoding in *org.apache.kerby.kerberos.kerb.keytab.KeytabInputStream.readCountedString()*: new String(byte[]).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)