Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-12334 HP Fortify Analysis
  3. CASSANDRA-12569

Null Dereference

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Low
    • Resolution: Fixed
    • 3.10
    • None
    • None

    Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      In the file SnitchProperties.java on line 48 the call to getResource and getClassLoader may both return a null, which would cause a null dereference.

      SnitchProperties.java, lines 40-59:
40 try
41 {
42     URL url;
43     if (configURL == null)
44         url = SnitchProperties.class.getClassLoader().getResource(RACKDC_PROPERTY_FILENAME);
45     else 
46             url = new URL(configURL);
47     
48     stream = url.openStream(); // catch block handles potential NPE
49     properties.load(stream);
50 }
51 catch (Exception e)
52 {
53     // do not throw exception here, just consider this an incomplete or an empty property file.
54     logger.warn("Unable to read {}", ((configURL != null) ? configURL : RACKDC_PROPERTY_FILENAME));
55 }
56 finally
57 {
58     FileUtils.closeQuietly(stream);
59 }

      Attachments

        Activity

          People

            Unassigned Unassigned
            EdAInWestOC Eduardo Aguinaga
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: