Sumit Gupta created KNOX-740: -------------------------------- Summary: Address new coverity scan issues Key: KNOX-740 URL: https://issues.apache.org/jira/browse/KNOX-740 Project: Apache Knox Issue Type: Bug Reporter: Sumit Gupta Fix For: 0.10.0
New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1361684: Null pointer dereferences (NULL_RETURNS) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)() ________________________________________________________________________________________________________ *** CID 1361684: Null pointer dereferences (NULL_RETURNS) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 140 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)() 134 ShiroLog.failedLoginAttempt(e.getCause()); 135 throw new AuthenticationException(e); 136 } 137 HashRequest.Builder builder = new HashRequest.Builder(); 138 Hash credentialsHash = hashService 139 .computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build()); >>> CID 1361684: Null pointer dereferences (NULL_RETURNS) >>> Calling a method on null object "credentialsHash". 140 return new SimpleAuthenticationInfo(new UnixUserPrincipal(user) , credentialsHash.toHex(), credentialsHash.getSalt(), 141 getName()); 142 } 143 ** CID 1361683: Null pointer dereferences (NULL_RETURNS) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)() ________________________________________________________________________________________________________ *** CID 1361683: Null pointer dereferences (NULL_RETURNS) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/filter/ShiroSubjectIdentityAdapter.java: 71 in org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)() 65 Subject subject = SecurityUtils.getSubject(); 66 67 // trigger call to shiro authorization realm 68 // we use shiro authorization realm to look up groups 69 subject.hasRole("authenticatedUser"); 70 >>> CID 1361683: Null pointer dereferences (NULL_RETURNS) >>> Calling a method on null object "subject.getPrincipal()". 71 final String principalName = (String) subject.getPrincipal().toString(); 72 73 CallableChain callableChain = new CallableChain(request, response, chain); 74 SecurityUtils.getSubject().execute(callableChain); 75 } 76 ** CID 1361682: Null pointer dereferences (FORWARD_NULL) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)() ________________________________________________________________________________________________________ *** CID 1361682: Null pointer dereferences (FORWARD_NULL) /gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxPamRealm.java: 119 in org.apache.hadoop.gateway.shirorealm.KnoxPamRealm.doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)() 113 UnixUserPrincipal user = principals.oneByType(UnixUserPrincipal.class); 114 if (user != null) { 115 roles.addAll(user.getUnixUser().getGroups()); 116 } 117 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_ROLES, roles); 118 SecurityUtils.getSubject().getSession().setAttribute(SUBJECT_USER_GROUPS, roles); >>> CID 1361682: Null pointer dereferences (FORWARD_NULL) >>> Calling a method on null object "user". 119 GatewayLog.lookedUpUserRoles(roles, user.getName()); 120 return new SimpleAuthorizationInfo(roles); 121 } 122 123 @Override 124 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { -- This message was sent by Atlassian JIRA (v6.3.4#6332)