[jboss-jira] [JBoss JIRA] (ELY-832) Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)
Ilia Vassilev (JIRA)
issues at jboss.org
Tue Jan 3 15:11:00 EST 2017
[ https://issues.jboss.org/browse/ELY-832?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ilia Vassilev resolved ELY-832.
-------------------------------
Resolution: Done
Resolved with PR [1] submitted for ELY-813.
[1] https://github.com/wildfly-security/wildfly-elytron/pull/601
> Coverity static analysis: Dereference null return value in CredentialStoreCredentialSource (Elytron)
> ----------------------------------------------------------------------------------------------------
>
> Key: ELY-832
> URL: https://issues.jboss.org/browse/ELY-832
> Project: WildFly Elytron
> Issue Type: Bug
> Reporter: Josef Cacek
> Assignee: Ilia Vassilev
> Labels: static_analysis
>
> Coverity static-analysis scan found possible method call on null object in {{CredentialStoreCredentialSource.getCredential()}}
> https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=6803729&defectInstanceId=1776827&mergedDefectId=1388281&eventId=1776827-8
> The problematic piece of code is:
> {code:java}
> credential = credentialStore.retrieve(alias, credentialType);
> return credential.castAs(credentialType, algorithmName, parameterSpec);
> {code}
> The {{retrieve()}} method may return {{null}} in some cases as can be seen in {{KeyStoreCredentialStore}} class:
> {code:java}
> //...
> final TopEntry topEntry = cache.get(credentialAlias);
> if (topEntry == null) {
> return null;
> }
> //...
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list