Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1552

Coverity, Reliance on default encoding in DigestAuthenticationMechanism.

    XMLWordPrintable

Details

    Description

      In org.​wildfly.​security.​http.​impl.​DigestAuthenticationMechanism.​digestUriMatchesRequestUri(org.​wildfly.​security.​http.​HttpServerRequest, byte[]): Found a call to a method which will perform a byte to String (or String to byte) conversion, and will assume that the default platform encoding is suitable.

       private boolean digestUriMatchesRequestUri(HttpServerRequest request, byte[] digestUri) {
        if (!validateUri) {
            return true;
        }

        java.net.URI requestURI = request.getRequestURI();
        String digestUriStr = new String(digestUri);

      https://scan7.coverity.com/reports.htm#v20225/p11778/fileInstanceId=49333269&defectInstanceId=10309296&mergedDefectId=1466832

      Attachments

        Activity

          People

            rhn-support-ivassile Ilia Vassilev
            rhn-support-ivassile Ilia Vassilev
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: