[KARAF-4216] Poor Error Handling: Return Inside Finally - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: 4.0.3
Fix Version/s: None
Component/s: None
Labels:
None

Description

HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.

The method build() in PublickeyBackingEngineFactory.java returns from inside a finally block on line 52, which will cause exceptions to be lost.

File: jaas/modules/src/main/java/org/apache/karaf/jaas/modules/publickey/PublickeyBackingEngineFactory.java
Line: 52

PublickeyBackingEngineFactory.java, lines 40-54:

40 public BackingEngine build(Map options) {
41     PublickeyBackingEngine engine = null;
42     String usersFile = (String) options.get(USER_FILE);
43 
44     File f = new File(usersFile);
45     Properties users;
46     try {
47         users = new Properties(f);
48         engine = new PublickeyBackingEngine(users);
49     } catch (IOException ioe) {
50         logger.warn("Cannot open keys file:" + usersFile);
51     } finally {
52         return engine;
53     }
54 }

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Eduardo Aguinaga

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 15/Dec/15 18:00

Updated:: 27/Jan/17 16:24

Resolved:: 27/Jan/17 16:24