]
Ilia Vassilev updated WFLY-7832:
--------------------------------
Component/s: Security
Coverity: dereference null value in ClassLoadingAttributeDefinitions
(Elytron subsystem)
----------------------------------------------------------------------------------------
Key: WFLY-7832
URL:
https://issues.jboss.org/browse/WFLY-7832
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Josef Cacek
Assignee: Ilia Vassilev
Labels: static_analysis
Coverity static-analysis scan found a possilbe method call on null object in the
{{ClassLoadingAttributeDefinitions.resolveClassLoader}} method.
https://scan7.coverity.com/reports.htm#v16159/p12663/fileInstanceId=68921...
Following code
{code:java}
Module current = Module.getCallerModule();
if (module != null) {
ModuleIdentifier mi = ModuleIdentifier.fromString(module);
current = current.getModule(mi);
{code}
The {{current}} value returned from {{Module.getCallerModule()}} may be {{null}}. The
{{getModule()}} method is called on it without the null-check.