Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-715

Fix issues reported by coverity test in Ranger Plugin ClassLoader

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.5.0
    • Fix Version/s: 0.5.0
    • Component/s: Ranger
    • Labels:
      None

      Description

      Fix issues reported by coverity test in Ranger Plugin ClassLoader

        • CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
          /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 266 in ()

      ________________________________________________________________________________________________________

          • CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
            /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 266 in ()
            260 @Override
            261 public Class<?> findClass(String name) throws ClassNotFoundException { 262 return super.findClass(name); 263 }

            264 }
            265
            CID 131860: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
            Should org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MergeEnumeration be a static inner class?
            266 class MergeEnumeration implements Enumeration<URL> {
            267
            268 Enumeration<URL> e1 = null;
            269 Enumeration<URL> e2 = null;
            270
            271 public MergeEnumeration(Enumeration<URL> e1, Enumeration<URL> e2 ) {

        • CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
          /agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java: 95 in ()

      ________________________________________________________________________________________________________

          • CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
            /agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerOptimizedPolicyEvaluator.java: 95 in ()
            89
            90 if(LOG.isDebugEnabled()) { 91 LOG.debug("<== RangerOptimizedPolicyEvaluator.init()"); 92 }

            93 }
            94
            CID 131859: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC)
            Should org.apache.ranger.plugin.policyevaluator.RangerOptimizedPolicyEvaluator$LevelResourceNames be a static inner class?
            95 class LevelResourceNames implements Comparable<LevelResourceNames> {
            96 final int level;
            97 final RangerPolicy.RangerPolicyResource policyResource;
            98
            99 public LevelResourceNames(int level, RangerPolicy.RangerPolicyResource policyResource) {
            100 this.level = level;

          • CID 131854: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
            /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 52 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(java.lang.String, java.lang.Class)()
            46 public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception {
            47 RangerPluginClassLoader ret = me;
            48 if ( ret == null) {
            49 synchronized(RangerPluginClassLoader.class)
            Unknown macro: {50 ret = me;51 if ( ret == null){ CID 131854: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED) org.apache.ranger.plugin.classloader.RangerPluginClassLoader.getInstance(String, Class) creates a org.apache.ranger.plugin.classloader.RangerPluginClassLoader classloader, which should be performed within a doPrivileged block. 52 me = ret = new RangerPluginClassLoader(pluginType,pluginClass); 53 }54 }

            55 }
            56 return ret;
            57 }

        • CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
          /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 43 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String, java.lang.Class)()

      ________________________________________________________________________________________________________

          • CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED)
            /ranger-plugin-classloader/src/main/java/org/apache/ranger/plugin/classloader/RangerPluginClassLoader.java: 43 in org.apache.ranger.plugin.classloader.RangerPluginClassLoader.<init>(java.lang.String, java.lang.Class)()
            37 private static MyClassLoader componentClassLoader = null;
            38 //private static ThreadLocal<MyClassLoader> componentClassLoader = new ThreadLocal<MyClassLoader>();
            39
            40 public RangerPluginClassLoader(String pluginType, Class<?> pluginClass ) throws Exception { 41 super(RangerPluginClassLoaderUtil.getInstance().getPluginFilesForServiceTypeAndPluginclass(pluginType, pluginClass), null); 42 //componentClassLoader.set(new MyClassLoader(Thread.currentThread().getContextClassLoader())); CID 131853: FindBugs: Malicious code vulnerability (FB.DP_CREATE_CLASSLOADER_INSIDE_DO_PRIVILEGED) new org.apache.ranger.plugin.classloader.RangerPluginClassLoader(String, Class) creates a org.apache.ranger.plugin.classloader.RangerPluginClassLoader$MyClassLoader classloader, which should be performed within a doPrivileged block. 43 componentClassLoader = new MyClassLoader(Thread.currentThread().getContextClassLoader()); 44 }

            45
            46 public static RangerPluginClassLoader getInstance(String pluginType, Class<?> pluginClass ) throws Exception {
            47 RangerPluginClassLoader ret = me;
            48 if ( ret == null) {

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rmani Ramesh Mani
                Reporter:
                rmani Ramesh Mani
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: