Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron) ------------------------------------------------------------------------------------------------ Key: ELY-743 URL: https://issues.jboss.org/browse/ELY-743 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Ilia Vassilev Labels: static_analysis Fix For: 1.1.0.Beta16 Coverity static-analysis scan found 3 possible calls on null objects in {{ServerAuthenticationContext}} class. https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... In {​{ServerAuthenticationContext.AuthorizedState.​isSamePrincipal(Principal)}} - Return value of function which returns null is dereferenced without checking. {code} 2039 boolean isSamePrincipal(final Principal principal) { // 1. returned_null: getName returns null (checked 9 out of 11 times). (The virtual call resolves to org.wildfly.security.auth.server.PrincipalDecoder.<clinit>/<gen>org.wildfly.security.auth.server.PrincipalDecoder_instance_2.getName.) [show details] // 2. var_assigned: Assigning: name = null return value from getName. 2040 String name = authorizedIdentity.getSecurityDomain().getPrincipalDecoder().getName(principal); // CID 1369286 (#1 of 1): Dereference null return value (NULL_RETURNS)3. dereference: Dereferencing a pointer that might be null name when calling isSameName. [show details] 2041 return isSameName(name); 2042 } {code} https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... In {{ServerAuthenticationContext.NameAssignedState.​isSamePrincipal(Principal)}} - the same as the previous one. https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57603... In {{​ServerAuthenticationContext.ANONYMOUS.​handleOne(​Callback[], int)}} {code} 790 final PasswordCallback passwordCallback = (PasswordCallback) callback; 791 // 8. returned_null: getCredentialAcquireSupport returns null (checked 0 out of 1 times). [show details] // CID 1369304 (#1 of 1): Dereference null return value (NULL_RETURNS)9. null_method_call: Calling a method on null object getCredentialAcquireSupport(org.wildfly.security.credential.PasswordCredential.class). 792 if (getCredentialAcquireSupport(PasswordCredential.class).mayBeSupported()) { {code} *Suggested improvement* Add null checks.