[jboss-jira] [JBoss JIRA] (ELY-754) Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)
Josef Cacek (JIRA)
issues at jboss.org
Mon Nov 14 10:22:01 EST 2016
Josef Cacek created ELY-754:
-------------------------------
Summary: Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)
Key: ELY-754
URL: https://issues.jboss.org/browse/ELY-754
Project: WildFly Elytron
Issue Type: Bug
Reporter: Josef Cacek
Assignee: Darran Lofthouse
Coverity static-analysis scan found possible use of null object in {{IdentityCredentials.contains(Class)}} method.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5862869&defectInstanceId=1561289&mergedDefectId=1377460
The method returns
{code}
return contains(credentialType, null);
{code}
If the virtual call resolves to type {{CredentailNode}}, then the {{contains()}} call may result in NPE, because the {{null}} is used as {{algorthmName}} in:
{code}
return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list