Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-748

Coverity static analysis: Explicit null dereferenced in FileSystemSecurityRealm (Elytron)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.1.0.Beta17
    • None
    • None

      Coverity static-analysis scan found possible use of null object in FileSystemSecurityRealm.parseCredential() method.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5760040&defectInstanceId=1541373&mergedDefectId=1369298&eventId=1541373-14
      If the format is not provided as an attribute in the provided XML stream, then the call

        String format = null;
  // ...
  function.parseCredential(algorithm, format, text);

      will fail for parsePublicKey method as the function code it contains code calling method of the format parameter (with possible null value).

      if (! format.equals("pkcs8")) {
    throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name);
}

            rhn-support-ivassile Ilia Vassilev
            josef.cacek@gmail.com Josef Cacek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: