Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7107

Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)

    XMLWordPrintable

Details

    Description

      Coverity static-analysis scan found possible use of null object in FileSystemSecurityRealm.parseCredential() method.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760040&defectInstanceId=1541373&mergedDefectId=1369298&eventId=1541373-14
      If the format is not provided as an attribute in the provided XML stream, then the call

        String format = null;
  // ...
  function.parseCredential(algorithm, format, text);

      will fail for parsePublicKey method as the function code it contains code calling method of the format parameter (with possible null value).

      if (! format.equals("pkcs8")) {
    throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name);
}

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-748 Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: