[jboss-jira] [JBoss JIRA] (ELY-738) Coverity static analysis: Dereference null return value in SingleSignOnServerMechanismFactory (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Fri Nov 11 07:18:01 EST 2016
Josef Cacek created ELY-738:
-------------------------------
Summary: Coverity static analysis: Dereference null return value in SingleSignOnServerMechanismFactory (Elytron)
Key: ELY-738
URL: https://issues.jboss.org/browse/ELY-738
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found possible call on null object in {{SingleSignOnServerMechanismFactory.evaluateRequst()}} method:
{code}
getTargetMechanism(mechanismName, singleSignOnSession).evaluateRequest(createHttpServerRequest(request, singleSignOnSession));
{code}
The problem is the {{getTargetMechanism}} call, which just calls an {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} method.
The {{createAuthenticationMechanism}} doesn't declare it could return null, nevertheless, the implementations use null as fallback (e.g. look at {{ServerMechanismFactoryImpl.createAuthenticationMechanism()}})
*Suggested improvement*
I see 2 possible solutions:
1. Declare in javadoc of {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} method, that it can return null and add the null-check into the {{SingleSignOnServerMechanismFactory.evaluateRequst()}} method
2. or throw an exception from {{HttpServerAuthenticationMechanismFactory.createAuthenticationMechanism()}} implementations instead of returning null
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list