[keycloak-dev] Possible bug in ResourceSetServlet may cause resources being overwritten
Man Yue Mo
mmo at semmle.com
Fri Jun 30 06:12:29 EDT 2017
Hi,
In the following:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/6b3b04f10f5a3ffd0efbec2fcdbe76b518ce8837/files/services/src/main/java/org/keycloak/authorization/admin/ResourceSetService.java#V105
because a string is compared to an enum in the last condition, the check
always returns false. In particular, if the resource already existed, then
it may overwrite the existing resource. Thanks.
Best Regards,
Man Yue Mo
More information about the keycloak-dev
mailing list