Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.1.0.DR9
Affects Version/s: 7.1.0.DR8
Component/s: Security
Labels:
- static_analysis

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Coverity static-analysis scan found possible use of null object in SetCredentialsConfiguration.filterOneSaslMechanism method.

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5863025&defectInstanceId=1561291&mergedDefectId=1377459
The method contains condition

if (credentials.contains(type, null)) {
    //...
}

If the credentials variable is of type IdentityCredentials, then the contains() call may result in NPE, because the null is used as algorthmName in:

return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());

incorporates

JBEAP-7258 Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)

Closed

is cloned by

ELY-753 Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)

Resolved

Assignee:: Ilia Vassilev

Reporter:: Josef Cacek (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2016/11/14 10:14 AM

Updated:: 2024/09/13 4:08 PM

Resolved:: 2016/12/06 11:25 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates