February 2017 - jboss-jira - Jboss List Archives

[JBoss JIRA] (ELY-731) Coverity static analysis: Missing parent calls in Elytron

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-731?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-731: ------------------------------ Fix Version/s: 1.1.0.Beta15 > Coverity static analysis: Missing parent calls in Elytron > --------------------------------------------------------- > > Key: ELY-731 > URL: https://issues.jboss.org/browse/ELY-731 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Priority: Minor > Labels: static_analysis > Fix For: 1.1.0.Beta15 > > > Coverity static-analysis scan found missing parent calls in Elytron. They seems to be a simple fixes: > * DisposedCallbackSaslClientFactory should use super.dispose() instead of delegate.dispose() > ** https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=56219... > * DisposedCallbackSaslServerFactory should use super.dispose() instead of delegate.dispose() > ** https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=56218... > * org.wildfly.security.auth.client.MatchSchemeSpecificPartRule.matches(URI, String, String, String) > ** compare to {{MatchHostRule}} class > ** https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=56224... -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-733) Coverity static analysis: Useless call in Elytron

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-733?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-733: ------------------------------ Fix Version/s: 1.1.0.Beta15 > Coverity static analysis: Useless call in Elytron > ------------------------------------------------- > > Key: ELY-733 > URL: https://issues.jboss.org/browse/ELY-733 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Priority: Minor > Labels: static_analysis > Fix For: 1.1.0.Beta15 > > > Coverity static analysis: Useless call in Elytron > Coverity static-analysis scan found useless call in the {{FileSystemSecurityRealm.writeIdentity()}} method on line 554 (currently). > There is an orphan call of {{otp.getHash()}}. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57216... > The correct call is on the line 557, where it's used in streamWriter. > *Suggested improvement* > Remove the useless call. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-737) Coverity static analysis: Operands don't affect result in Elytron

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-737?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-737: ------------------------------ Fix Version/s: 1.1.0.Beta15 > Coverity static analysis: Operands don't affect result in Elytron > ----------------------------------------------------------------- > > Key: ELY-737 > URL: https://issues.jboss.org/browse/ELY-737 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Priority: Minor > Labels: static_analysis > Fix For: 1.1.0.Beta15 > > > Coverity static-analysis scan found unnecessary code in the {{DigestQuote.quoteNeeded()}} method on line 43 (currently). > One part of the condition is {{ch >= 0}}, which is always true, because the {{ch}} parameter has {{char}} type. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57601... > *Suggested improvement* > Remove the useless {{ch >= 0}} from the expression. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-738) Coverity static analysis: Dereference null return value in SingleSignOnServerMechanismFactory (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-738?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-738: ------------------------------ Fix Version/s: 1.1.0.Beta15 > Coverity static analysis: Dereference null return value in SingleSignOnServerMechanismFactory (Elytron) > ------------------------------------------------------------------------------------------------------- > > Key: ELY-738 > URL: https://issues.jboss.org/browse/ELY-738 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta15 > > > Coverity static-analysis scan found possible call on null object in {{SingleSignOnServerMechanismFactory.evaluateRequst()}} method: > {code} > getTargetMechanism(mechanismName, singleSignOnSession).evaluateRequest(createHttpServerRequest(request, singleSignOnSession)); > {code} > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57602... > The problem is the {{getTargetMechanism}} call, which just calls an {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} method. > The {{createAuthenticationMechanism}} doesn't declare it could return null, nevertheless, the implementations use null as fallback (e.g. look at {{ServerMechanismFactoryImpl.createAuthenticationMechanism()}}) > *Suggested improvement* > I see 2 possible solutions: > 1. Declare in javadoc of {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} method, that it can return null and add the null-check into the {{SingleSignOnServerMechanismFactory.evaluateRequst()}} method > 2. or throw an exception from {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} implementations instead of returning null -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-739) Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-739?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-739: ------------------------------ Fix Version/s: 1.1.0.Beta25 > Coverity static analysis: Dereference null return value in AbstractDigestMechanism (Elytron) > -------------------------------------------------------------------------------------------- > > Key: ELY-739 > URL: https://issues.jboss.org/browse/ELY-739 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta25 > > > Coverity static-analysis scan found 3 possible calls on null objects in {{AbstractDigestMechanism}} class: > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... > Method {{wrapConfidentialityProtectedMessage}} > {code} > cipheredPart = wrapCipher.update(toCipher); > // ... cipheredPart may be null > byte[] result = new byte[cipheredPart.length + 6]; > {code} > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... > Method {{createCipher}} > {code} > // the getTransformationSpec may be null - look at DefaultTransformationMapper > ciph = Cipher.getInstance(trans.getTransformationSpec(SaslMechanismInformation.Names.DIGEST_MD5, cipher).getTransformation()); > {code} > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57604... > Method {{unwrapConfidentialityProtectedMessage}} > {code} > clearText = unwrapCipher.update(message, offset, len - 6); > // the clearText may be null in clearText.length > System.arraycopy(clearText, clearText.length - 10, hmac, 0, 10); > {code} > *Suggested improvement* > Add null checks. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-740) Coverity static analysis: Dereference null return value in EntityUtil (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-740?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-740: ------------------------------ Fix Version/s: 1.1.0.Beta15 > Coverity static analysis: Dereference null return value in EntityUtil (Elytron) > ------------------------------------------------------------------------------- > > Key: ELY-740 > URL: https://issues.jboss.org/browse/ELY-740 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta15 > > > Coverity static-analysis scan found possible call on null object in {{EntityUtil.encodeAlgorithmIdentifier}} method: > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... > In the call > {{encodeAlgorithmIdentifier(encoder, algorithmOid(algorithm), omitParametersField);}} > the {{algorithmOid()}} may return null (look at {{Entity}} class). > Then the {{encodeAlgorithmIdentifier}} calls {{DerEncoder.encodeObjectIdentifier}} where on the given String is called {{length()}} method without a null check. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-741) Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-741?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-741: ------------------------------ Fix Version/s: 1.1.0.Beta16 > Coverity static analysis: Dereference null return value in SSLConfiguratorImpl (Elytron) > ---------------------------------------------------------------------------------------- > > Key: ELY-741 > URL: https://issues.jboss.org/browse/ELY-741 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta16 > > > Coverity static-analysis scan found 2 possible calls on null objects in {{SSLConfiguratorImpl.getDefaultSSLParameters()}} method. > Both calls are related to following line: > {code} > configure(original, supportedSSLParameters.getProtocols(), supportedSSLParameters.getCipherSuites()); > {code} > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57598... > The {{getCipherSuites()}} call can return null ({{javax.net.ssl.SSLParameters.getCipherSuites}}) which can propagate to {{CipherSuiteSelector.evaluate()}} call where {{supportedMechanisms.length}} is used without null check. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57598... > The {{getProtocols()}} call can return null ({{javax.net.ssl.SSLParameters.getProtocols}}) which can propagate to {{ProtocolSelector.evaluate()}} call where {{supportedProtocols}} is used in for loop without null check. > *Suggested improvement* > Add null checks. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-743) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-743?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-743: ------------------------------ Fix Version/s: 1.1.0.Beta16 > Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron) > ------------------------------------------------------------------------------------------------ > > Key: ELY-743 > URL: https://issues.jboss.org/browse/ELY-743 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta16 > > > Coverity static-analysis scan found 3 possible calls on null objects in {{ServerAuthenticationContext}} class. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... > In {{ServerAuthenticationContext.AuthorizedState.isSamePrincipal(Principal)}} - Return value of function which returns null is dereferenced without checking. > {code} > 2039 boolean isSamePrincipal(final Principal principal) { > > // 1. returned_null: getName returns null (checked 9 out of 11 times). (The virtual call resolves to org.wildfly.security.auth.server.PrincipalDecoder.<clinit>/<gen>org.wildfly.security.auth.server.PrincipalDecoder_instance_2.getName.) [show details] > > // 2. var_assigned: Assigning: name = null return value from getName. > 2040 String name = authorizedIdentity.getSecurityDomain().getPrincipalDecoder().getName(principal); > > // CID 1369286 (#1 of 1): Dereference null return value (NULL_RETURNS)3. dereference: Dereferencing a pointer that might be null name when calling isSameName. [show details] > 2041 return isSameName(name); > 2042 } > {code} > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... > In {{ServerAuthenticationContext.NameAssignedState.isSamePrincipal(Principal)}} - the same as the previous one. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... > In {{ServerAuthenticationContext.ANONYMOUS.handleOne(Callback[], int)}} > {code} > 790 final PasswordCallback passwordCallback = (PasswordCallback) callback; > 791 > > // 8. returned_null: getCredentialAcquireSupport returns null (checked 0 out of 1 times). [show details] > > // CID 1369304 (#1 of 1): Dereference null return value (NULL_RETURNS)9. null_method_call: Calling a method on null object getCredentialAcquireSupport(org.wildfly.security.credential.PasswordCredential.class). > 792 if (getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) { > {code} > *Suggested improvement* > Add null checks. -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-748) Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-748?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-748: ------------------------------ Fix Version/s: 1.1.0.Beta17 > Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron) > ----------------------------------------------------------------------------------------- > > Key: ELY-748 > URL: https://issues.jboss.org/browse/ELY-748 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Labels: static_analysis > Fix For: 1.1.0.Beta17 > > > Coverity static-analysis scan found possible use of null object in {{FileSystemSecurityRealm.parseCredential()}} method. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57600... > If the {{format}} is not provided as an attribute in the provided XML stream, then the call > {code} > String format = null; > // ... > function.parseCredential(algorithm, format, text); > {code} > will fail for {{parsePublicKey}} method as the function code it contains code calling method of the {{format}} parameter (with possible {{null}} value). > {code} > if (! format.equals("pkcs8")) { > throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name); > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

[JBoss JIRA] (ELY-751) Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron)

by Ilia Vassilev (JIRA)

[ https://issues.jboss.org/browse/ELY-751?page=com.atlassian.jira.plugin.sy... ] Ilia Vassilev updated ELY-751: ------------------------------ Fix Version/s: 1.1.0.Beta24 > Coverity static analysis: Explicit null dereferenced in LdapKeyStore (Elytron) > ------------------------------------------------------------------------------ > > Key: ELY-751 > URL: https://issues.jboss.org/browse/ELY-751 > Project: WildFly Elytron > Issue Type: Bug > Reporter: Josef Cacek > Assignee: Ilia Vassilev > Priority: Critical > Labels: static_analysis > Fix For: 1.1.0.Beta24 > > > Coverity static-analysis scan found possible use of null object in {{LdapKeyStore}} constructor. > https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57601... > The {{LdapKeyStore.Builder.build()}} method constructs the {{LdapKeyStore}} instance this way: > {code} > return new LdapKeyStore(spi, null, null); > {code} > and the constructor just calls parent ctor: > {code} > protected LdapKeyStore(KeyStoreSpi keyStoreSpi, Provider provider, String type) { > super(keyStoreSpi, provider, type); > } > {code} > And it fails with NPE if debug for {{KeyStore}} is enabled as the constructor contains: > {code} > if (!skipDebug && pdebug != null) { > pdebug.println("KeyStore." + type.toUpperCase() + " type from: " + > this.provider.getName()); > } > {code} -- This message was sent by Atlassian JIRA (v7.2.3#72005)

9 years, 2 months

1
0
0 / 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

jboss-jira February 2017