Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
Description
Coverity static-analysis scan found possible use of null object in SetCredentialsConfiguration.filterOneSaslMechanism method.
https://scan7.coverity.com/reports.htm#v16159/p11778/fileInstanceId=5863025&defectInstanceId=1561291&mergedDefectId=1377459
The method contains condition
if (credentials.contains(type, null)) { //... }
If the credentials variable is of type IdentityCredentials, then the contains() call may result in NPE, because the null is used as algorthmName in:
return credentialType.isInstance(credential) && algorithmName.equals(((AlgorithmCredential) credential).getAlgorithm());
Attachments
Issue Links
- clones
-
JBEAP-7256 Coverity static analysis: Explicit null dereferenced in SetCredentialsConfiguration (Elytron)
- Verified
- incorporates
-
ELY-754 Coverity static analysis: Explicit null dereferenced in IdentityCredentials (Elytron)
- Resolved