[jboss-jira] [JBoss JIRA] (WFLY-7965) Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
Martin Choma (JIRA)
issues at jboss.org
Wed Jan 25 07:55:00 EST 2017
[ https://issues.jboss.org/browse/WFLY-7965?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated WFLY-7965:
-------------------------------
Affects Version/s: 11.0.0.Alpha1
> Coverity static analysis: Dereference null return value in ServerAuthenticationContext (Elytron)
> ------------------------------------------------------------------------------------------------
>
> Key: WFLY-7965
> URL: https://issues.jboss.org/browse/WFLY-7965
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Affects Versions: 11.0.0.Alpha1
> Reporter: Martin Choma
> Assignee: Darran Lofthouse
>
> Coverity static-analysis scan found possible dereference null return value in following code
> {code:java|title=ServerAuthenticationContext.java}
> if (log.isTraceEnabled()) {
> log.tracef("Authorizing principal %s.", authenticationPrincipal.getName());
> log.tracef("Authorizing against the following attributes: %s => %s",
> authorizationIdentity.getAttributes().keySet(), authorizationIdentity.getAttributes().values());
> }
> {code}
> Coverity suppose null value could get here via {{AggregateSecurityRealm.Identity.getAuthorizationIdentity}} calling {{TokenSecurityRealm.TokenRealmIdentity.getAuthorizationIdentity}}
> {code:java|title=TokenRealmIdentity.java}
> @Override
> public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
> if (exists()) {
> return new AuthorizationIdentity() {
> @Override
> public Attributes getAttributes() {
> return claims;
> }
> };
> }
> return null;
> }
> {code}
> https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8553790&defectInstanceId=2139010&mergedDefectId=1397421&eventId=2139010-2
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list