Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-753

Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None

      Coverity static-analysis scan found possible use of null object in SetCredentialsConfiguration.filterOneSaslMechanism method.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5863025&defectInstanceId=1561291&mergedDefectId=1377459
      The method contains condition

      if (credentials.contains(type, null)) {
    //...
}

      If the credentials variable is of type IdentityCredentials, then the contains() call may result in NPE, because the null is used as algorthmName in:

      return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());

              dlloyd@redhat.com David Lloyd
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: