Uploaded image for project: 'Apache Knox'
  1. Apache Knox
  2. KNOX-740

Address new coverity scan issues

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.10.0
    • None
    • None
    • Patch

    Description

      New defect(s) Reported-by: Coverity Scan
      Showing 3 of 3 defect(s)

        • CID 1361684: Null pointer dereferences (NULL_RETURNS)
          /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()

      ________________________________________________________________________________________________________

          • CID 1361684: Null pointer dereferences (NULL_RETURNS)
            /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)()
            134 ShiroLog.failedLoginAttempt(e.getCause());
            135 throw new AuthenticationException(e);
            136 }
            137 HashRequest.Builder builder = new HashRequest.Builder();
            138 Hash credentialsHash = hashService
            139 .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
            >>> CID 1361684: Null pointer dereferences (NULL_RETURNS)
            >>> Calling a method on null object "credentialsHash".
            140 return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(),
            141 getName());
            142 }
            143
        • CID 1361683: Null pointer dereferences (NULL_RETURNS)
          /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()

      ________________________________________________________________________________________________________

          • CID 1361683: Null pointer dereferences (NULL_RETURNS)
            /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)()
            65 Subject subject = SecurityUtils.getSubject();
            66
            67 // trigger call to shiro authorization realm
            68 // we use shiro authorization realm to look up groups
            69 subject.hasRole("authenticatedUser");
            70
            >>> CID 1361683: Null pointer dereferences (NULL_RETURNS)
            >>> Calling a method on null object "subject.getPrincipal()".
            71 final String principalName = (String) subject.getPrincipal().toString();
            72
            73 CallableChain callableChain = new CallableChain(request, response, chain);
            74 SecurityUtils.getSubject().execute(callableChain);
            75 }
            76
        • CID 1361682: Null pointer dereferences (FORWARD_NULL)
          /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()

      ________________________________________________________________________________________________________

          • CID 1361682: Null pointer dereferences (FORWARD_NULL)
            /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)()
            113 UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class);
            114 if (user != null) { 115 roles.addAll(user.getUnixUser().getGroups()); 116 }

            117 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles);
            118 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles);
            >>> CID 1361682: Null pointer dereferences (FORWARD_NULL)
            >>> Calling a method on null object "user".
            119 GatewayLog.lookedUpUserRoles(roles, user.getName());
            120 return new SimpleAuthorizationInfo(roles);
            121 }
            122
            123 @Override
            124 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {

      Attachments

        1. KNOX-740.001.patch
          5 kB
          Sandeep More
        2. KNOX-740.002.patch
          12 kB
          Sandeep More
        3. KNOX-740.003.patch
          8 kB
          Sandeep More

        Activity

          People

            smore Sandeep More
            sumit.gupta Sumit Gupta
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: