Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7117

Coverity static analysis: Explicit null dereferenced in NonceManager (Elytron)

XMLWordPrintable

      Coverity static-analysis scan found 2 usages of null object in NonceManager class.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541375&mergedDefectId=1375730
      The method generateNonce() without params, call generateNonce(null) - where null is provided as a (byte[] salt)
      It's used later in the code:

      if (log.isTraceEnabled()) {
    log.tracef("New nonce generated %s, using seed %s", nonce, new String(salt, StandardCharsets.UTF_8));
}

      so it will throw NPE when trace-logging is enabled.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760290&defectInstanceId=1541376&mergedDefectId=1375731
      similar problem in useNonce(nonce) calling useNonce(nonce, null)

              darran.lofthouse@redhat.com Darran Lofthouse
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: