[keycloak-dev] Possible bug in ResourceSetServlet may cause resources being overwritten
Pedro Igor Silva
psilva at redhat.com
Mon Jul 3 07:26:51 EDT 2017
Thanks, Man Yue Mo. https://issues.jboss.org/browse/KEYCLOAK-5135
On Fri, Jun 30, 2017 at 7:12 AM, Man Yue Mo <mmo at semmle.com> wrote:
> Hi,
>
> In the following:
>
> https://lgtm.com/projects/g/keycloak/keycloak/snapshot/
> 6b3b04f10f5a3ffd0efbec2fcdbe76b518ce8837/files/services/src/
> main/java/org/keycloak/authorization/admin/ResourceSetService.java#V105
>
> because a string is compared to an enum in the last condition, the check
> always returns false. In particular, if the resource already existed, then
> it may overwrite the existing resource. Thanks.
>
> Best Regards,
>
> Man Yue Mo
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list