Martin Choma created WFLY-8103: ---------------------------------- Summary: Coverity static analysis, Dereference after null check, KeyStoreService (elytron-subsystem) Key: WFLY-8103 URL: https://issues.jboss.org/browse/WFLY-8103 Project: WildFly Issue Type: Bug Components: Security Reporter: Martin Choma Assignee: Darran Lofthouse Coverity found 2 occurences of possible null dereference. https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... https://scan7.coverity.com/reports.htm#v23632/p12663/fileInstanceId=95644... Method {{resolvePassword()}} is dereferencing {{resolvedPath}} field {code} private char[] resolvePassword() throws Exception { ExceptionSupplier<CredentialSource, Exception> sourceSupplier = credentialSourceSupplier.getValue(); CredentialSource cs = sourceSupplier != null ? sourceSupplier.get() : null; if (cs != null) { return cs.getCredential(PasswordCredential.class).getPassword(ClearPassword.class).getPassword(); } else { throw ROOT_LOGGER.keyStorePasswordCannotBeResolved(resolvedPath.getPath()); } } {code} And method {{resolvePassword()}} is called 2 times from block, where resolvedPath is checked on null {code} try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { AtomicLoadKeyStore.LoadKey loadKey = keyStore.revertibleLoad(is, resolvePassword()); try (InputStream is = resolvedPath != null ? new FileInputStream(resolvedPath) : null) { char[] password = resolvePassword(); {code} Add null check into {{resolvePassword()}} method. -- This message was sent by Atlassian JIRA (v7.2.3#72005)