You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by sc...@coverity.com on 2014/12/01 12:41:07 UTC
New Defects reported by Coverity Scan for cloudstack
Hi,
Please find the latest report on new defect(s) introduced to cloudstack found with Coverity Scan.
6 new defect(s) introduced to cloudstack found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1256278: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
/server/src/com/cloud/user/AccountManagerImpl.java: 2061 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
/server/src/com/cloud/user/AccountManagerImpl.java: 2057 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
/server/src/com/cloud/user/AccountManagerImpl.java: 2059 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
** CID 1256277: SBSC: String concatenation in loop using + operator (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
/server/src/com/cloud/user/AccountManagerImpl.java: 2042 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
** CID 1256276: WMI: Inefficient Map Iterator (FB.WMI_WRONG_MAP_ITERATOR)
/server/src/com/cloud/user/AccountManagerImpl.java: 2013 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
** CID 1256275: Resource leak (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 237 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 291 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 266 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
** CID 1256274: Resource leak on an exceptional path (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 115 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfVirtualRoutervmOffering(java.sql.Connection)()
** CID 1256273: Resource leak on an exceptional path (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 157 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfInternalLoadBalancervmOffering(java.sql.Connection)()
________________________________________________________________________________________________________
*** CID 1256278: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
/server/src/com/cloud/user/AccountManagerImpl.java: 2061 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2055
2056 Mac mac = Mac.getInstance("HmacSHA1");
2057 SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058 mac.init(keySpec);
2059 mac.update(unsignedRequest.getBytes());
2060 byte[] encryptedBytes = mac.doFinal();
>>> CID 1256278: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new String(byte[])
2061 String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062 boolean equalSig = signature.equals(computedSignature);
2063 if (!equalSig) {
2064 s_logger.info("User signature: " + signature + " is not equaled to computed signature: " + computedSignature);
2065 } else {
2066 user = _userAccountDao.getUserAccount(username, domainId);
/server/src/com/cloud/user/AccountManagerImpl.java: 2057 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2051 return null;
2052 }
2053
2054 unsignedRequest = unsignedRequest.toLowerCase();
2055
2056 Mac mac = Mac.getInstance("HmacSHA1");
>>> CID 1256278: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: String.getBytes()
2057 SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058 mac.init(keySpec);
2059 mac.update(unsignedRequest.getBytes());
2060 byte[] encryptedBytes = mac.doFinal();
2061 String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062 boolean equalSig = signature.equals(computedSignature);
/server/src/com/cloud/user/AccountManagerImpl.java: 2059 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2053
2054 unsignedRequest = unsignedRequest.toLowerCase();
2055
2056 Mac mac = Mac.getInstance("HmacSHA1");
2057 SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "HmacSHA1");
2058 mac.init(keySpec);
>>> CID 1256278: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: String.getBytes()
2059 mac.update(unsignedRequest.getBytes());
2060 byte[] encryptedBytes = mac.doFinal();
2061 String computedSignature = new String(Base64.encodeBase64(encryptedBytes));
2062 boolean equalSig = signature.equals(computedSignature);
2063 if (!equalSig) {
2064 s_logger.info("User signature: " + signature + " is not equaled to computed signature: " + computedSignature);
________________________________________________________________________________________________________
*** CID 1256277: SBSC: String concatenation in loop using + operator (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
/server/src/com/cloud/user/AccountManagerImpl.java: 2042 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2036 }
2037 }
2038
2039 if (unsignedRequest == null) {
2040 unsignedRequest = paramName + "=" + URLEncoder.encode(paramValue, "UTF-8").replaceAll("\\+", "%20");
2041 } else {
>>> CID 1256277: SBSC: String concatenation in loop using + operator (FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
>>> com.cloud.user.AccountManagerImpl.authenticateUser(String, String, Long, InetAddress, Map) concatenates strings using + in a loop
2042 unsignedRequest = unsignedRequest + "&" + paramName + "=" + URLEncoder.encode(paramValue, "UTF-8").replaceAll("\\+", "%20");
2043 }
2044 }
2045 }
2046
2047 if ((signature == null) || (timestamp == 0L)) {
________________________________________________________________________________________________________
*** CID 1256276: WMI: Inefficient Map Iterator (FB.WMI_WRONG_MAP_ITERATOR)
/server/src/com/cloud/user/AccountManagerImpl.java: 2013 in com.cloud.user.AccountManagerImpl.authenticateUser(java.lang.String, java.lang.String, java.lang.Long, java.net.InetAddress, java.util.Map)()
2007
2008 Collections.sort(parameterNames);
2009
2010 try {
2011 for (String paramName : parameterNames) {
2012 // parameters come as name/value pairs in the form String/String[]
>>> CID 1256276: WMI: Inefficient Map Iterator (FB.WMI_WRONG_MAP_ITERATOR)
>>> com.cloud.user.AccountManagerImpl.authenticateUser(String, String, Long, InetAddress, Map) makes inefficient use of keySet iterator instead of entrySet iterator
2013 String paramValue = ((String[])requestParameters.get(paramName))[0];
2014
2015 if ("signature".equalsIgnoreCase(paramName)) {
2016 signature = paramValue;
2017 } else {
2018 if ("timestamp".equalsIgnoreCase(paramName)) {
________________________________________________________________________________________________________
*** CID 1256275: Resource leak (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 237 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
231 };
232
233 for (Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()){
234 s_logger.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
235 try {
236 //Get 4.5.0 system Vm template Id for corresponding hypervisor
>>> CID 1256275: Resource leak (RESOURCE_LEAK)
>>> Overwriting "pstmt" in "pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")" leaks the resource that "pstmt" refers to.
237 pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1");
238 pstmt.setString(1, hypervisorAndTemplateName.getValue());
239 rs = pstmt.executeQuery();
240 if(rs.next()){
241 long templateId = rs.getLong(1);
242 rs.close();
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 291 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
285 if (pstmt != null) {
286 pstmt.close();
287 }
288 } catch (SQLException e) {
289 }
290 }
>>> CID 1256275: Resource leak (RESOURCE_LEAK)
>>> Variable "pstmt" going out of scope leaks the resource it refers to.
291 }
292
293
294 private void dropInvalidKeyFromStoragePoolTable(Connection conn) {
295 HashMap<String, List<String>> uniqueKeys = new HashMap<String, List<String>>();
296 List<String> keys = new ArrayList<String>();
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 266 in com.cloud.upgrade.dao.Upgrade442to450.updateSystemVmTemplates(java.sql.Connection)()
260 } else {
261 if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())){
262 throw new CloudRuntimeException("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. Cannot upgrade system Vms");
263 } else {
264 s_logger.warn("4.5.0 " + hypervisorAndTemplateName.getKey() + " SystemVm template not found. " + hypervisorAndTemplateName.getKey() + " hypervisor is not used, so not failing upgrade");
265 // Update the latest template URLs for corresponding hypervisor
>>> CID 1256275: Resource leak (RESOURCE_LEAK)
>>> Overwriting "pstmt" in "pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template` SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null order by id desc limit 1")" leaks the resource that "pstmt" refers to.
266 pstmt = conn.prepareStatement("UPDATE `cloud`.`vm_template` SET url = ? , checksum = ? WHERE hypervisor_type = ? AND type = 'SYSTEM' AND removed is null order by id desc limit 1");
267 pstmt.setString(1, newTemplateUrl.get(hypervisorAndTemplateName.getKey()));
268 pstmt.setString(2, newTemplateChecksum.get(hypervisorAndTemplateName.getKey()));
269 pstmt.setString(3, hypervisorAndTemplateName.getKey().toString());
270 pstmt.executeUpdate();
271 pstmt.close();
________________________________________________________________________________________________________
*** CID 1256274: Resource leak on an exceptional path (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 115 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfVirtualRoutervmOffering(java.sql.Connection)()
109 updatePstmt.close();
110 }
111 } catch (SQLException e) {
112 }
113 }
114 s_logger.debug("Done upgrading RAM for service offering of domain router to " + newRamSize);
>>> CID 1256274: Resource leak on an exceptional path (RESOURCE_LEAK)
>>> Variable "updatePstmt" going out of scope leaks the resource it refers to.
115 }
116
117 private void upgradeMemoryOfInternalLoadBalancervmOffering(Connection conn) {
118 PreparedStatement updatePstmt = null;
119 PreparedStatement selectPstmt = null;
120 ResultSet selectResultSet = null;
________________________________________________________________________________________________________
*** CID 1256273: Resource leak on an exceptional path (RESOURCE_LEAK)
/engine/schema/src/com/cloud/upgrade/dao/Upgrade442to450.java: 157 in com.cloud.upgrade.dao.Upgrade442to450.upgradeMemoryOfInternalLoadBalancervmOffering(java.sql.Connection)()
151 updatePstmt.close();
152 }
153 } catch (SQLException e) {
154 }
155 }
156 s_logger.debug("Done upgrading RAM for service offering of internal loadbalancer vm to " + newRamSize);
>>> CID 1256273: Resource leak on an exceptional path (RESOURCE_LEAK)
>>> Variable "updatePstmt" going out of scope leaks the resource it refers to.
157 }
158
159 @Override
160 public File[] getCleanupScripts() {
161 String script = Script.findScript("", "db/schema-442to450-cleanup.sql");
162 if (script == null) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/943?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py