Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
4.0.3
-
None
-
None
-
None
Description
HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
The method build() in PublickeyBackingEngineFactory.java returns from inside a finally block on line 52, which will cause exceptions to be lost.
File: jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngineFactory.java
Line: 52
PublickeyBackingEngineFactory.java, lines 40-54:
40 public BackingEngine build(Map options) { 41 PublickeyBackingEngine engine = null; 42 String usersFile = (String) options.get(USER_FILE); 43 44 File f = new File(usersFile); 45 Properties users; 46 try { 47 users = new Properties(f); 48 engine = new PublickeyBackingEngine(users); 49 } catch (IOException ioe) { 50 logger.warn("Cannot open keys file:" + usersFile); 51 } finally { 52 return engine; 53 } 54 }