[jboss-jira] [JBoss JIRA] (ELY-748) Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Fri Feb 17 13:30:00 EST 2017
[ https://issues.jboss.org/browse/ELY-748?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev updated ELY-748:
------------------------------
Fix Version/s: 1.1.0.Beta17
> Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)
> -----------------------------------------------------------------------------------------
>
> Key: ELY-748
> URL: https://issues.jboss.org/browse/ELY-748
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Labels: static_analysis
> Fix For: 1.1.0.Beta17
>
>
> Coverity static-analysis scan found possible use of null object in {{FileSystemSecurityRealm.parseCredential()}} method.
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760040&defectInstanceId=1541373&mergedDefectId=1369298&eventId=1541373-14
> If the {{format}} is not provided as an attribute in the provided XML stream, then the call
> {code}
> String format = null;
> // ...
> function.parseCredential(algorithm, format, text);
> {code}
> will fail for {{parsePublicKey}} method as the function code it contains code calling method of the {{format}} parameter (with possible {{null}} value).
> {code}
> if (! format.equals("pkcs8")) {
> throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name);
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list