Contributors/Committers, please review if any of your commit is giving these
errors. And fix them if required.
Thanks
Bosco
On 8/13/17, 1:07 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> wrote:
Hi,
Please find the latest report on new defect(s) introduced to Apache Ranger
found with Coverity Scan.
10 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 166304: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 166304: Incorrect expression (USELESS_CALL)
/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 851
in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()()
845 Assert.assertEquals("user1",
vxUserGroupTest.getXuserInfo().getName());
846 List<VXGroup> result = vxUserGroupTest.getXgroupInfo();
847 List<VXGroup> expected = new ArrayList<VXGroup>();
848 expected.add(vXGroup1);
849 expected.add(vXGroup2);
850 Assert.assertTrue(result.containsAll(expected));
>>> CID 166304: Incorrect expression (USELESS_CALL)
>>> Calling
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXPortalUser()"
is only useful for its return value, which is ignored.
851 Mockito.verify(daoManager).getXXPortalUser();
852 Mockito.verify(portalUser).findByLoginId(vXUser.getName());
853 Mockito.verify(daoManager).getXXPortalUserRole();
854 Mockito.verify(userDao).findXPortalUserRolebyXPortalUserId(
855 Mockito.anyLong());
856
** CID 166303: High impact security (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in
org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)()
________________________________________________________________________________________________________
*** CID 166303: High impact security (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in
org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)()
172 }
173
174 @POST
175 @Path("/groups/groupinfo")
176 @Produces({ "application/xml", "application/json" })
177 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
>>> CID 166303: High impact security (CSRF)
>>> No CSRF protection was detected anywhere in this application. If
this is not correct, please refer to the CSRF checker reference on how to
specify it via checker option.
178 public VXGroupUserInfo createXGroupUserFromMap(VXGroupUserInfo
vXGroupUserInfo) {
179 return
xUserMgr.createXGroupUserFromMap(vXGroupUserInfo);
180 }
181
182 @POST
183 @Path("/secure/groups")
** CID 166302: Exceptional resource leaks (RESOURCE_LEAK)
/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
908 in
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()
________________________________________________________________________________________________________
*** CID 166302: Exceptional resource leaks (RESOURCE_LEAK)
/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
908 in
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()
902
903 @Test
904 public void testShowPrivileges() throws Exception {
905 String initialUrl = "jdbc:hive2://localhost:" + port;
906 Connection connection =
DriverManager.getConnection(initialUrl, "admin", "admin");
907 Statement statement = connection.createStatement();
>>> CID 166302: Exceptional resource leaks (RESOURCE_LEAK)
>>> Variable "statement" going out of scope leaks the resource it
refers to.
908 Assert.assertTrue(statement.execute("show grant user
admin"));
909 statement.close();
910 }
911
** CID 166301: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 166301: Incorrect expression (USELESS_CALL)
/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 853
in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()()
847 List<VXGroup> expected = new ArrayList<VXGroup>();
848 expected.add(vXGroup1);
849 expected.add(vXGroup2);
850 Assert.assertTrue(result.containsAll(expected));
851 Mockito.verify(daoManager).getXXPortalUser();
852 Mockito.verify(portalUser).findByLoginId(vXUser.getName());
>>> CID 166301: Incorrect expression (USELESS_CALL)
>>> Calling
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXPortalUserRole()"
is only useful for its return value, which is ignored.
853 Mockito.verify(daoManager).getXXPortalUserRole();
854 Mockito.verify(userDao).findXPortalUserRolebyXPortalUserId(
855 Mockito.anyLong());
856
857 }
858
** CID 166300: FindBugs: Correctness (FB.EC_UNRELATED_CLASS_AND_INTERFACE)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java:
451 in
org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateGroup(java.lang.String,
java.util.List)()
________________________________________________________________________________________________________
*** CID 166300: FindBugs: Correctness
(FB.EC_UNRELATED_CLASS_AND_INTERFACE)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapPolicyMgrUserGroupBuilder.java:
451 in
org.apache.ranger.ldapusersync.process.LdapPolicyMgrUserGroupBuilder.addOrUpdateGroup(java.lang.String,
java.util.List)()
445 }
446 }
447 if (oldUsers.isEmpty()) {
448 addUsers = users;
449 } else {
450 for (String user : users) {
>>> CID 166300: FindBugs: Correctness
(FB.EC_UNRELATED_CLASS_AND_INTERFACE)
>>> Call to java.util.List.equals(String).
451 if (!oldUsers.contains(user)||
!(oldUserMap.get(user).equals(groupMap.get(groupName)))) {
452 addUsers.add(user);
453 }
454 }
455 }
456
** CID 166299: Incorrect expression (USELESS_CALL)
________________________________________________________________________________________________________
*** CID 166299: Incorrect expression (USELESS_CALL)
/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 1278
in org.apache.ranger.biz.TestXUserMgr.test44getGroupsForUser()()
1272
Mockito.when(modDef.findAccessibleModulesByUserId(Mockito.anyLong(),
1273 Mockito.anyLong())).thenReturn(lstModule);
1274
1275 Set<String> list = xUserMgr.getGroupsForUser(userName);
1276 Assert.assertNotNull(list);
1277 Mockito.verify(xUserService,
Mockito.atLeast(2)).getXUserByUserName(userName);
>>> CID 166299: Incorrect expression (USELESS_CALL)
>>> Calling
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXModuleDef()"
is only useful for its return value, which is ignored.
1278 Mockito.verify(daoManager).getXXModuleDef();
1279
Mockito.verify(modDef).findAccessibleModulesByUserId(Mockito.anyLong(),Mockito.anyLong());
1280 }
1281
1282 @Test
1283 public void test45setUserRolesByExternalID() {
** CID 166298: Control flow issues (DEADCODE)
/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 1338 in
org.apache.ranger.biz.XUserMgr.checkAccessRoles(java.util.List)()
________________________________________________________________________________________________________
*** CID 166298: Control flow issues (DEADCODE)
/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 1338 in
org.apache.ranger.biz.XUserMgr.checkAccessRoles(java.util.List)()
1332 + " denied. LoggedInUser="
1333 + (session != null ?
session.getXXPortalUser()
1334 .getId() : "")
1335 + " isn't permitted to perform the
action.");
1336 }
1337 } else {
>>> CID 166298: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "" is permitted to perform
the action"" inside this statement: "org.apache.ranger.biz.XUser...".
1338 logger.info("LoggedInUser="
1339 + (session != null ?
session.getXXPortalUser()
1340 .getId()
1341 : " is permitted to perform
the action"));
1342 }
1343 }
** CID 166297: Resource leaks (RESOURCE_LEAK)
/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
910 in
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()
________________________________________________________________________________________________________
*** CID 166297: Resource leaks (RESOURCE_LEAK)
/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
910 in
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()
904 public void testShowPrivileges() throws Exception {
905 String initialUrl = "jdbc:hive2://localhost:" + port;
906 Connection connection =
DriverManager.getConnection(initialUrl, "admin", "admin");
907 Statement statement = connection.createStatement();
908 Assert.assertTrue(statement.execute("show grant user
admin"));
909 statement.close();
>>> CID 166297: Resource leaks (RESOURCE_LEAK)
>>> Variable "connection" going out of scope leaks the connection it
holds open.
910 }
911
** CID 166296: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java: 1172 in
org.apache.ranger.biz.UserMgr.updateRoleForExternalUsers(java.util.Collection,
java.util.Collection, org.apache.ranger.view.VXPortalUser)()
________________________________________________________________________________________________________
*** CID 166296: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java: 1172 in
org.apache.ranger.biz.UserMgr.updateRoleForExternalUsers(java.util.Collection,
java.util.Collection, org.apache.ranger.view.VXPortalUser)()
1166 }
1167
1168 protected VXPortalUser updateRoleForExternalUsers(
1169 Collection<String> reqRoleList,
1170 Collection<String> existingRoleList, VXPortalUser
userProfileRes) {
1171 UserSessionBase session =
ContextUtil.getCurrentUserSession();
>>> CID 166296: Null pointer dereferences (REVERSE_INULL)
>>> Directly dereferencing "session".
1172 if
("rangerusersync".equals(session.getXXPortalUser().getLoginId())
1173 && reqRoleList != null && !reqRoleList.isEmpty()
1174 && existingRoleList != null &&
!existingRoleList.isEmpty()) {
1175 if (!reqRoleList.equals(existingRoleList)) {
1176 userProfileRes.setUserRoleList(reqRoleList);
1177
userProfileRes.setUserSource(RangerCommonEnums.USER_EXTERNAL);
** CID 166295: FindBugs: Dodgy code
(FB.BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java: 145 in
org.apache.ranger.biz.UserMgr.createUser(org.apache.ranger.view.VXPortalUser,
int, java.util.Collection)()
________________________________________________________________________________________________________
*** CID 166295: FindBugs: Dodgy code
(FB.BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java: 145 in
org.apache.ranger.biz.UserMgr.createUser(org.apache.ranger.view.VXPortalUser,
int, java.util.Collection)()
139 }
140
141 public XXPortalUser createUser(VXPortalUser userProfile, int
userStatus,
142 Collection<String> userRoleList) {
143 XXPortalUser user =
mapVXPortalUserToXXPortalUser(userProfile);
144 checkAdminAccess();
>>> CID 166295: FindBugs: Dodgy code
(FB.BC_BAD_CAST_TO_ABSTRACT_COLLECTION)
>>> Questionable cast from Collection to abstract class java.util.List.
145 xUserMgr.checkAccessRoles((List<String>) userRoleList);
146 user = createUser(user, userStatus, userRoleList);
147
148 return user;
149 }
150
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZvCSaw3NABW8yh59tWBRwyuZoho2y-2F5qpqOMUrU04ADoN0iqPz0ihOL-2FR4yPsDrErn4RwBpgzijvCPmBHQ5xUfzpkzfwmpcrpYdgPFc3ma-2B-2FUI9ePhZ7mgTHkeS2VKK7k3yZxONllFKlBP35ZTeOtUsdHupfw-2BqQQ8GIjTIvbTf7w-3D-3D
To manage Coverity Scan email notifications for "bo...@apache.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZvCSaw3NABW8yh59tWBRwyuDw37o4ycFCVtnOiFa6m3TN-2B8ZucWalt-2BLSsLIdbAH63r-2FK07-2Bxo4YOUatauEAfLWXhuBa2O05WgJeJrS9Ykn0GXl62iCqjM2-2BbIpQPCp48oRvCOeMR5wWjwHa6HTOY9tAlc3LEscq-2FKkOnnfhZOFQA-3D-3D
