[jboss-jira] [JBoss JIRA] (ELY-832) Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)

[Josef Cacek (JIRA)]

     [ https://issues.jboss.org/browse/ELY-832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Josef Cacek updated ELY-832:
----------------------------
    Description: 
Coverity static-analysis scan found possible method call on null object in {{CredentialStoreCredentialSource.​getCredential(​Class, String, ​AlgorithmParameterSpec)}}

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
The problematic piece of code is:
{code:java}
credential = credentialStore.retrieve(alias, credentialType);
return credential.castAs(credentialType, algorithmName, parameterSpec);
{code}

The {{retrieve()}} method may return {{null}} in some cases as can be seen in {{KeyStoreCredentialStore}} class:
{code:java}
//...
final TopEntry topEntry = cache.get(credentialAlias);
if (topEntry == null) {
    return null;
}
//...
{code}


  was:
Coverity static-analysis scan found possible method call on null object in {{org.​wildfly.​security.​credential.​source.​CredentialStoreCredentialSource.​getCredential(java.​lang.​Class, java.​lang.​String, java.​security.​spec.​AlgorithmParameterSpec)}}

https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
The problematic piece of code is:
{code:java}
credential = credentialStore.retrieve(alias, credentialType);
return credential.castAs(credentialType, algorithmName, parameterSpec);
{code}

The {{retrieve()}} method may return {{null}} in some cases as can be seen in {{KeyStoreCredentialStore}} class:
{code:java}
//...
final TopEntry topEntry = cache.get(credentialAlias);
if (topEntry == null) {
    return null;
}
//...
{code}




> Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)
> ----------------------------------------------------------------------------------------------------
>
>                 Key: ELY-832
>                 URL: https://issues.jboss.org/browse/ELY-832
>             Project: WildFly Elytron
>          Issue Type: Bug
>            Reporter: Josef Cacek
>            Assignee: Darran Lofthouse
>              Labels: static_analysis
>
> Coverity static-analysis scan found possible method call on null object in {{CredentialStoreCredentialSource.​getCredential(​Class, String, ​AlgorithmParameterSpec)}}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
> The problematic piece of code is:
> {code:java}
> credential = credentialStore.retrieve(alias, credentialType);
> return credential.castAs(credentialType, algorithmName, parameterSpec);
> {code}
> The {{retrieve()}} method may return {{null}} in some cases as can be seen in {{KeyStoreCredentialStore}} class:
> {code:java}
> //...
> final TopEntry topEntry = cache.get(credentialAlias);
> if (topEntry == null) {
>     return null;
> }
> //...
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)