[jboss-jira] [JBoss JIRA] (ELY-753) Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)
David Lloyd (JIRA)
issues at jboss.org
Mon Nov 14 11:02:00 EST 2016
[ https://issues.jboss.org/browse/ELY-753?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Lloyd reassigned ELY-753:
-------------------------------
Assignee: David Lloyd (was: Darran Lofthouse)
> Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)
> ---------------------------------------------------------------------------------------------
>
> Key: ELY-753
> URL: https://issues.jboss.org/browse/ELY-753
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: David Lloyd
> Labels: static_analysis
>
> Coverity static-analysis scan found possible use of null object in {{SetCredentialsConfiguration.filterOneSaslMechanism}} method.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5863025&defectInstanceId=1561291&mergedDefectId=1377459
> The method contains condition
> {code}
> if (credentials.contains(type, null)) {
> //...
> }
> {code}
> If the {{credentials}} variable is of type {{IdentityCredentials}}, then the {{contains()}} call may result in NPE, because the {{null}} is used as {{algorthmName}} in:
> {code}
> return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list