[jboss-jira] [JBoss JIRA] (ELY-1552) Coverity, Reliance on default encoding in DigestAuthenticationMechanism.

Ilia Vassilev (JIRA) issues at jboss.org
Mon Mar 26 15:33:02 EDT 2018 

     [ https://issues.jboss.org/browse/ELY-1552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ilia Vassilev updated ELY-1552:
-------------------------------
    Description: 
In org.​wildfly.​security.​http.​impl.​DigestAuthenticationMechanism.​digestUriMatchesRequestUri(org.​wildfly.​security.​http.​HttpServerRequest, byte[]): Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable.

{code}
 private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri) {
        if (!validateUri) {
            return true;
        }

        java.net.URI requestURI = request.getRequestURI();
        String digestUriStr = new String(digestUri);

{code}

https://scan7.coverity.com/reports.htm#v20225/p11778/fileInstanceId=49333269&defectInstanceId=10309296&mergedDefectId=1466832

  was:
In org.​wildfly.​security.​http.​impl.​DigestAuthenticationMechanism.​digestUriMatchesRequestUri(org.​wildfly.​security.​http.​HttpServerRequest, byte[]): Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable.

{code}
 private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri) {
        if (!validateUri) {
            return true;
        }

        java.net.URI requestURI = request.getRequestURI();
        String digestUriStr = new String(digestUri);

{code}



> Coverity, Reliance on default encoding in DigestAuthenticationMechanism.
> ------------------------------------------------------------------------
>
>                 Key: ELY-1552
>                 URL: https://issues.jboss.org/browse/ELY-1552
>             Project: WildFly Elytron
>          Issue Type: Bug
>    Affects Versions: 1.2.4.Final
>            Reporter: Ilia Vassilev
>            Assignee: Ilia Vassilev
>            Priority: Minor
>
> In org.​wildfly.​security.​http.​impl.​DigestAuthenticationMechanism.​digestUriMatchesRequestUri(org.​wildfly.​security.​http.​HttpServerRequest, byte[]): Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable.
> {code}
>  private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri) {
>         if (!validateUri) {
>             return true;
>         }
>         java.net.URI requestURI = request.getRequestURI();
>         String digestUriStr = new String(digestUri);
> {code}
> https://scan7.coverity.com/reports.htm#v20225/p11778/fileInstanceId=49333269&defectInstanceId=10309296&mergedDefectId=1466832



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list