You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sumit Gupta (JIRA)" <ji...@apache.org> on 2016/08/19 17:24:20 UTC

[jira] [Created] (KNOX-740) Address new coverity scan issues

Sumit Gupta created KNOX-740:
--------------------------------

             Summary: Address new coverity scan issues
                 Key: KNOX-740
                 URL: https://issues.apache.org/jira/browse/KNOX-740
             Project: Apache Knox
          Issue Type: Bug
            Reporter: Sumit Gupta
             Fix For: 0.10.0


 New defect(s) Reported-by: Coverity Scan
    Showing 3 of 3 defect(s)
    
    
    ** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
    
    
    ________________________________________________________________________________________________________
    *** CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
    134     			ShiroLog.failedLoginAttempt(e.getCause());
    135     			throw new AuthenticationException(e);
    136     		}
    137     		HashRequest.Builder builder = new HashRequest.Builder();
    138     		Hash credentialsHash = hashService
    139     				.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
    >>>     CID 1361684:  Null pointer dereferences  (NULL_RETURNS)
    >>>     Calling a method on null object "credentialsHash".
    140     		return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
    141     				getName());
    142     	}
    143    
    
    ** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
    
    
    ________________________________________________________________________________________________________
    *** CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
    65         Subject subject = SecurityUtils.getSubject();
    66        
    67         // trigger call to shiro authorization realm
    68         // we use shiro authorization realm to look up groups
    69         subject.hasRole("authenticatedUser");
    70        
    >>>     CID 1361683:  Null pointer dereferences  (NULL_RETURNS)
    >>>     Calling a method on null object "subject.getPrincipal()".
    71         final String principalName = (String) subject.getPrincipal().toString();
    72    
    73         CallableChain callableChain = new CallableChain(request, response, chain);
    74         SecurityUtils.getSubject().execute(callableChain);
    75       }
    76      
    
    ** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
    
    
    ________________________________________________________________________________________________________
    *** CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
    /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
    113     		UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
    114     		if (user != null) {
    115     			roles.addAll(user.getUnixUser().getGroups());
    116     		}
    117     		SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles);
    118     		SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles);
    >>>     CID 1361682:  Null pointer dereferences  (FORWARD_NULL)
    >>>     Calling a method on null object "user".
    119     		GatewayLog.lookedUpUserRoles(roles, user.getName());
    120     		return new SimpleAuthorizationInfo(roles);
    121     	}
    122    
    123     	@Override
    124     	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
    
    



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)