You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sumit Gupta (JIRA)" <ji...@apache.org> on 2016/08/19 17:24:20 UTC
[jira] [Created] (KNOX-740) Address new coverity scan issues
Sumit Gupta created KNOX-740:
--------------------------------
Summary: Address new coverity scan issues
Key: KNOX-740
URL: https://issues.apache.org/jira/browse/KNOX-740
Project: Apache Knox
Issue Type: Bug
Reporter: Sumit Gupta
Fix For: 0.10.0
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1361684: Null pointer dereferences (NULL_RETURNS)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
________________________________________________________________________________________________________
*** CID 1361684: Null pointer dereferences (NULL_RETURNS)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
134 ShiroLog.failedLoginAttempt(e.getCause());
135 throw new AuthenticationException(e);
136 }
137 HashRequest.Builder builder = new HashRequest.Builder();
138 Hash credentialsHash = hashService
139 .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
>>> CID 1361684: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "credentialsHash".
140 return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
141 getName());
142 }
143
** CID 1361683: Null pointer dereferences (NULL_RETURNS)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
________________________________________________________________________________________________________
*** CID 1361683: Null pointer dereferences (NULL_RETURNS)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
65 Subject subject = SecurityUtils.getSubject();
66
67 // trigger call to shiro authorization realm
68 // we use shiro authorization realm to look up groups
69 subject.hasRole("authenticatedUser");
70
>>> CID 1361683: Null pointer dereferences (NULL_RETURNS)
>>> Calling a method on null object "subject.getPrincipal()".
71 final String principalName = (String) subject.getPrincipal().toString();
72
73 CallableChain callableChain = new CallableChain(request, response, chain);
74 SecurityUtils.getSubject().execute(callableChain);
75 }
76
** CID 1361682: Null pointer dereferences (FORWARD_NULL)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
________________________________________________________________________________________________________
*** CID 1361682: Null pointer dereferences (FORWARD_NULL)
/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
113 UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
114 if (user != null) {
115 roles.addAll(user.getUnixUser().getGroups());
116 }
117 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles);
118 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles);
>>> CID 1361682: Null pointer dereferences (FORWARD_NULL)
>>> Calling a method on null object "user".
119 GatewayLog.lookedUpUserRoles(roles, user.getName());
120 return new SimpleAuthorizationInfo(roles);
121 }
122
123 @Override
124 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)