Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8504

Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

    XMLWordPrintable

Details

    Description

      Coverity static-analysis scan found possible dereference null return value in following code

      ServerAuthenticationContext.java
      if (log.isTraceEnabled()) {
                log.tracef("Authorizing principal %s.", authenticationPrincipal.getName());
                log.tracef("Authorizing against the following attributes: %s => %s",
                        authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
            }

      Coverity suppose null value could get here via AggregateSecurityRealm.Identity.getAuthorizationIdentity calling TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity

      TokenRealmIdentity.java
              @Override
        public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
            if (exists()) {
                return new AuthorizationIdentity() {
                    @Override
                    public Attributes getAttributes() {
                        return claims;
                    }
                };
            }

            return null;
        }

      https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8553790&defectInstanceId=2139010&mergedDefectId=1397421&eventId=2139010-2

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. ELY-955 Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-support-ivassile Ilia Vassilev
              mchoma@redhat.com Martin Choma
              Martin Choma Martin Choma
              Martin Choma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: