[jboss-jira] [JBoss JIRA] (ELY-955) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)

Ilia Vassilev (JIRA) issues at jboss.org
Tue Feb 14 12:22:00 EST 2017 

     [ https://issues.jboss.org/browse/ELY-955?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev moved WFLY-7965 to ELY-955:
-----------------------------------------

              Project: WildFly Elytron  (was: WildFly)
                  Key: ELY-955  (was: WFLY-7965)
          Component/s: Authentication Mechanisms
                           (was: Security)
    Affects Version/s: 1.1.0.Beta24
                           (was: 11.0.0.Alpha1)


> Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
> ------------------------------------------------------------------------------------------------
>
>                 Key: ELY-955
>                 URL: https://issues.jboss.org/browse/ELY-955
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Authentication Mechanisms
>    Affects Versions: 1.1.0.Beta24
>            Reporter: Martin Choma
>            Assignee: Ilia Vassilev
>
> Coverity static-analysis scan found possible dereference null return value in following code
> {code:java|title=ServerAuthenticationContext.java}
> if (log.isTraceEnabled()) {
>                 log.tracef("Authorizing principal %s.", authenticationPrincipal.getName());
>                 log.tracef("Authorizing against the following attributes: %s => %s",
>                         authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
>             }
> {code}
> Coverity suppose null value could get here via {{AggregateSecurityRealm.Identity.getAuthorizationIdentity}} calling {{TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity}}
> {code:java|title=TokenRealmIdentity.java}
>         @Override
>         public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
>             if (exists()) {
>                 return new AuthorizationIdentity() {
>                     @Override
>                     public Attributes getAttributes() {
>                         return claims;
>                     }
>                 };
>             }
>             return null;
>         }
> {code}
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8553790&defectInstanceId=2139010&mergedDefectId=1397421&eventId=2139010-2



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list