]
Ilia Vassilev updated ELY-1060:
-------------------------------
Affects Version/s: 1.1.0.Beta34
Coverity static analysis, dereference after null check,
KeyStoreCredentialStore (Elytron)
-----------------------------------------------------------------------------------------
Key: ELY-1060
URL:
https://issues.jboss.org/browse/ELY-1060
Project: WildFly Elytron
Issue Type: Bug
Components: KeyStores
Affects Versions: 1.1.0.Beta34
Reporter: Martin Choma
Assignee: Ilia Vassilev
Priority: Critical
Coverity static-analysis scan found possible call on null object in
KeyStoreCredentialStore class:
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=95642...
In if branch where flow will get only if location is null, location is dereferenced:
{code:java|title=KeyStoreCredentialStore.java}
if (location != null && Files.exists(location))
try (InputStream fileStream = Files.newInputStream(location)) {
keyStore.load(fileStream, getStorePassword(protectionParameter));
enumeration = keyStore.aliases();
} catch (GeneralSecurityException | IOException e) {
throw log.cannotInitializeCredentialStore(e);
} else if (create) {
try {
keyStore.load(null, null);
enumeration = Collections.emptyEnumeration();
} catch (CertificateException | IOException | NoSuchAlgorithmException e) {
throw log.cannotInitializeCredentialStore(e);
}
} else {
throw log.automaticStorageCreationDisabled(location.toString());
}
{code}