Details
-
Sub-task
-
Status: Resolved
-
Low
-
Resolution: Fixed
-
None
-
None
Description
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
Issue:
In the file SnitchProperties.java on line 48 the call to getResource and getClassLoader may both return a null, which would cause a null dereference.
SnitchProperties.java, lines 40-59: 40 try 41 { 42 URL url; 43 if (configURL == null) 44 url = SnitchProperties.class.getClassLoader().getResource(RACKDC_PROPERTY_FILENAME); 45 else 46 url = new URL(configURL); 47 48 stream = url.openStream(); // catch block handles potential NPE 49 properties.load(stream); 50 } 51 catch (Exception e) 52 { 53 // do not throw exception here, just consider this an incomplete or an empty property file. 54 logger.warn("Unable to read {}", ((configURL != null) ? configURL : RACKDC_PROPERTY_FILENAME)); 55 } 56 finally 57 { 58 FileUtils.closeQuietly(stream); 59 }