[JBoss JIRA] (ELY-754) Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)

Thursday, 1 December 2016

    [
https://issues.jboss.org/browse/ELY-754?page=com.atlassian.jira.plugin.sy...
] 

Ilia Vassilev commented on ELY-754:
-----------------------------------

The issue is resolved by the PR [1] sent for ELY-753.

[1] https://github.com/wildfly-security/wildfly-elytron/pull/551

...
 Coverity static analysis: Explicit null dereferenced in
IdentityCredentials (Elytron)
 -------------------------------------------------------------------------------------

                 Key: ELY-754
                 URL: https://issues.jboss.org/browse/ELY-754
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Josef Cacek
            Assignee: Ilia Vassilev
              Labels: static_analysis

 Coverity static-analysis scan found possible use of null object in
{{IdentityCredentials.contains(Class)}} method.

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=58628...
 The method returns
 {code}
 return contains(credentialType, null);
 {code}
 If the virtual call resolves to type {{CredentailNode}}, then the {{contains()}} call may
result in NPE, because the {{null}} is used as {{algorthmName}} in:
 {code}
 return credentialType.isInstance(credential) &&
algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());
 {code} 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006