]
Ilia Vassilev updated WFLY-7833:
--------------------------------
Component/s: Security
Coverity: dereference null value in PermissionMapperDefinitions
(Elytron subsystem)
-----------------------------------------------------------------------------------
Key: WFLY-7833
URL:
https://issues.jboss.org/browse/WFLY-7833
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Josef Cacek
Assignee: Ilia Vassilev
Labels: static_analysis
Coverity static-analysis scan found a possilbe method call on null object in the
{{PermissionMapperDefinitions.createPermission}} method.
https://scan7.coverity.com/reports.htm#v16159/p12663/fileInstanceId=68921...
{code:java}
Module currentModule = Module.getCallerModule();
if (permission.getModule() != null) {
ModuleIdentifier mi = ModuleIdentifier.fromString(permission.getModule());
try {
currentModule = currentModule.getModule(mi);
{code}
The {{currentModule}} value returned from {{Module.getCallerModule()}} may be {{null}}.
The {{getModule()}} method is called on it without the null-check.