-
Bug
-
Resolution: Done
-
Critical
-
1.1.0.Beta34
-
None
Coverity static-analysis scan found possible call on null object in KeyStoreCredentialStore class:
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=9564274&defectInstanceId=2359189&mergedDefectId=1402109
In if branch where flow will get only if location is null, location is dereferenced:
KeyStoreCredentialStore.java
if (location != null && Files.exists(location)) try (InputStream fileStream = Files.newInputStream(location)) { keyStore.load(fileStream, getStorePassword(protectionParameter)); enumeration = keyStore.aliases(); } catch (GeneralSecurityException | IOException e) { throw log.cannotInitializeCredentialStore(e); } else if (create) { try { keyStore.load(null, null); enumeration = Collections.emptyEnumeration(); } catch (CertificateException | IOException | NoSuchAlgorithmException e) { throw log.cannotInitializeCredentialStore(e); } } else { throw log.automaticStorageCreationDisabled(location.toString()); }
- clones
-
JBEAP-8793 Coverity static analysis, dereference after null check, KeyStoreCredentialStore (Elytron)
- Closed