[ https://issues.apache.org/jira/browse/CASSANDRA-12569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dave Brosius updated CASSANDRA-12569: ------------------------------------- Priority: Trivial (was: Major) > Null Dereference > ---------------- > > Key: CASSANDRA-12569 > URL: https://issues.apache.org/jira/browse/CASSANDRA-12569 > Project: Cassandra > Issue Type: Sub-task > Reporter: Eduardo Aguinaga > Priority: Trivial > > Overview: > In May through June of 2016 a static analysis was performed on version 3.0.5 > of the Cassandra source code. The analysis included an automated analysis > using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools > Understand v4. The results of that analysis includes the issue below. > Issue: > In the file SnitchProperties.java on line 48 the call to getResource and > getClassLoader may both return a null, which would cause a null dereference. > {code:java} > SnitchProperties.java, lines 40-59: > 40 try > 41 { > 42 URL url; > 43 if (configURL == null) > 44 url = > SnitchProperties.class.getClassLoader().getResource(RACKDC_PROPERTY_FILENAME); > 45 else > 46 url = new URL(configURL); > 47 > 48 stream = url.openStream(); // catch block handles potential NPE > 49 properties.load(stream); > 50 } > 51 catch (Exception e) > 52 { > 53 // do not throw exception here, just consider this an incomplete or an > empty property file. > 54 logger.warn("Unable to read {}", ((configURL != null) ? configURL : > RACKDC_PROPERTY_FILENAME)); > 55 } > 56 finally > 57 { > 58 FileUtils.closeQuietly(stream); > 59 } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)