Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron) ----------------------------------------------------------------------------------------- Key: ELY-748 URL: https://issues.jboss.org/browse/ELY-748 Project: WildFly Elytron Issue Type: Bug Reporter: Josef Cacek Assignee: Ilia Vassilev Labels: static_analysis Fix For: 1.1.0.Beta17 Coverity static-analysis scan found possible use of null object in {{FileSystemSecurityRealm.parseCredential()}} method. https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=57600... If the {{format}} is not provided as an attribute in the provided XML stream, then the call {code} String format = null; // ... function.parseCredential(algorithm, format, text); {code} will fail for {{parsePublicKey}} method as the function code it contains code calling method of the {{format}} parameter (with possible {{null}} value). {code} if (! format.equals("pkcs8")) { throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name); } {code}