[jboss-jira] [JBoss JIRA] (ELY-748) Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Mon Nov 14 06:36:01 EST 2016
Josef Cacek created ELY-748:
-------------------------------
Summary: Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)
Key: ELY-748
URL: https://issues.jboss.org/browse/ELY-748
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found possible use of null object in {{FileSystemSecurityRealm.parseCredential()}} method.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760040&defectInstanceId=1541373&mergedDefectId=1369298&eventId=1541373-14
If the {{format}} is not provided as an attribute in the provided XML stream, then the call
{code}
String format = null;
// ...
function.parseCredential(algorithm, format, text);
{code}
will fail for {{parsePublicKey}} method as the function code it contains code calling method of the {{format}} parameter (with possible {{null}} value).
{code}
if (! format.equals("pkcs8")) {
throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name);
}
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list