Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-753

Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • None
    • None

    Description

      Coverity static-analysis scan found possible use of null object in SetCredentialsConfiguration.filterOneSaslMechanism method.

      https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5863025&defectInstanceId=1561291&mergedDefectId=1377459
      The method contains condition

      if (credentials.contains(type, null)) {
    //...
}

      If the credentials variable is of type IdentityCredentials, then the contains() call may result in NPE, because the null is used as algorthmName in:

      return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-7256 Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          incorporates

          Bug - A problem that impairs or prevents the functions of the product. ELY-754 Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              dlloyd@redhat.com David Lloyd
              josef.cacek@gmail.com Josef Cacek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: