[jboss-jira] [JBoss JIRA] (ELY-754) Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Thu Dec 1 14:01:00 EST 2016
[ https://issues.jboss.org/browse/ELY-754?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13332647#comment-13332647 ]
Ilia Vassilev commented on ELY-754:
-----------------------------------
The issue is resolved by the PR [1] sent for ELY-753.
[1] https://github.com/wildfly-security/wildfly-elytron/pull/551
> Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)
> -------------------------------------------------------------------------------------
>
> Key: ELY-754
> URL: https://issues.jboss.org/browse/ELY-754
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Labels: static_analysis
>
> Coverity static-analysis scan found possible use of null object in {{IdentityCredentials.contains(Class)}} method.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5862869&defectInstanceId=1561289&mergedDefectId=1377460
> The method returns
> {code}
> return contains(credentialType, null);
> {code}
> If the virtual call resolves to type {{CredentailNode}}, then the {{contains()}} call may result in NPE, because the {{null}} is used as {{algorthmName}} in:
> {code}
> return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list