[jboss-jira] [JBoss JIRA] (WFLY-7965) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Martin Choma (JIRA)
issues at jboss.org
Wed Jan 25 07:54:02 EST 2017
Martin Choma created WFLY-7965:
----------------------------------
Summary: Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Key: WFLY-7965
URL: https://issues.jboss.org/browse/WFLY-7965
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Martin Choma
Assignee: Darran Lofthouse
Coverity static-analysis scan found possible dereference null return value in following code
{code:java|title=ServerAuthenticationContext.java}
if (log.isTraceEnabled()) {
log.tracef("Authorizing principal %s.", authenticationPrincipal.getName());
log.tracef("Authorizing against the following attributes: %s => %s",
authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
}
{code}
Coverity suppose null value could get here via {{AggregateSecurityRealm.Identity.getAuthorizationIdentity}} calling {{TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity}}
{code:java|title=TokenRealmIdentity.java}
@Override
public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
if (exists()) {
return new AuthorizationIdentity() {
@Override
public Attributes getAttributes() {
return claims;
}
};
}
return null;
}
{code}
https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8553790&defectInstanceId=2139010&mergedDefectId=1397421&eventId=2139010-2
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list