Contributors/committers, please review and fix them. Thanks
Bosco
On 8/24/17, 12:54 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> wrote:
Hi,
Please find the latest report on new defect(s) introduced to Apache Ranger
found with Coverity Scan.
5 new defect(s) introduced to Apache Ranger found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 166418: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427
in
org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy,
javax.servlet.http.HttpServletRequest)()
________________________________________________________________________________________________________
*** CID 166418: Null pointer dereferences (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427
in
org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy,
javax.servlet.http.HttpServletRequest)()
1421 }
1422
1423 if(StringUtils.isNotEmpty(policyName)) {
1424
policy.setName(StringUtils.trim(policyName));
1425 }
1426
>>> CID 166418: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "updateIfExists" to "valueOf", which
dereferences it.
1427 if(Boolean.valueOf(updateIfExists)) {
1428 RangerPolicy existingPolicy =
null;
1429 try {
1430
if(StringUtils.isNotEmpty(policy.getGuid())) {
1431 existingPolicy
= getPolicyByGuid(policy.getGuid());
1432 }
** CID 166417: (FB.RC_REF_COMPARISON)
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
142 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
143 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
139 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
________________________________________________________________________________________________________
*** CID 166417: (FB.RC_REF_COMPARISON)
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
142 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
136 && parentObjectId ==
xxServiceDef.getId()) {
137 vXTrxLogs.add(xTrxLog);
138 } else if (parentObjectClassType ==
AppConstants.CLASS_TYPE_XA_SERVICE
139 && parentObjectId !=
xxServiceDef.getId()) {
140 for (VXTrxLog vxTrxLog :
trxLogList) {
141 if
(parentObjectClassType == vxTrxLog.getObjectClassType()
>>> CID 166417: (FB.RC_REF_COMPARISON)
>>> Suspicious comparison of Long references.
142 &&
parentObjectId == vxTrxLog.getObjectId()
143 &&
vxTrxLog.getParentObjectId() == xxServiceDef.getId()) {
144
vXTrxLogs.add(xTrxLog);
145 break;
146 }
147 }
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
143 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
137 vXTrxLogs.add(xTrxLog);
138 } else if (parentObjectClassType ==
AppConstants.CLASS_TYPE_XA_SERVICE
139 && parentObjectId !=
xxServiceDef.getId()) {
140 for (VXTrxLog vxTrxLog :
trxLogList) {
141 if
(parentObjectClassType == vxTrxLog.getObjectClassType()
142 &&
parentObjectId == vxTrxLog.getObjectId()
>>> CID 166417: (FB.RC_REF_COMPARISON)
>>> Suspicious comparison of Long references.
143 &&
vxTrxLog.getParentObjectId() == xxServiceDef.getId()) {
144
vXTrxLogs.add(xTrxLog);
145 break;
146 }
147 }
148 } else if (xTrxLog.getObjectClassType()
== AppConstants.CLASS_TYPE_XA_USER
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
139 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
133 int parentObjectClassType =
xTrxLog.getParentObjectClassType();
134 Long parentObjectId =
xTrxLog.getParentObjectId();
135 if (parentObjectClassType ==
AppConstants.CLASS_TYPE_XA_SERVICE_DEF
136 && parentObjectId ==
xxServiceDef.getId()) {
137 vXTrxLogs.add(xTrxLog);
138 } else if (parentObjectClassType ==
AppConstants.CLASS_TYPE_XA_SERVICE
>>> CID 166417: (FB.RC_REF_COMPARISON)
>>> Another occurrence here
139 && parentObjectId !=
xxServiceDef.getId()) {
140 for (VXTrxLog vxTrxLog :
trxLogList) {
141 if
(parentObjectClassType == vxTrxLog.getObjectClassType()
142 &&
parentObjectId == vxTrxLog.getObjectId()
143 &&
vxTrxLog.getParentObjectId() == xxServiceDef.getId()) {
144
vXTrxLogs.add(xTrxLog);
** CID 166416: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java:
556 in
org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(org.apache.ranger.usergroupsync.UserGroupSink)()
________________________________________________________________________________________________________
*** CID 166416: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java:
556 in
org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getUsers(org.apache.ranger.usergroupsync.UserGroupSink)()
550
ldapContext.setRequestControls(new Control[]{
551 new
PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
552 }
553 } while (cookie != null);
554
LOG.info("LdapDeltaUserGroupBuilder.getUsers() completed with user count: "
555 + counter);
>>> CID 166416: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
>>> Catching RuntimeExceptions, perhaps unintentionally, with a catch
block for Exception.
556 } catch (Exception t) {
557
LOG.error("LdapDeltaUserGroupBuilder.getUsers() failed with exception: " + t);
558
LOG.info("LdapDeltaUserGroupBuilder.getUsers() user count: "
559 + counter);
560 }
561 }
** CID 166415: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
130 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
________________________________________________________________________________________________________
*** CID 166415: Null pointer dereferences (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java:
130 in
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
124 }
125
126 trxLogList.add(trxLog);
127 }
128
129 List<VXTrxLog> keyAdminTrxLogList = new
ArrayList<VXTrxLog>();
>>> CID 166415: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "resultList" suggests that it may be null, but it has
already been dereferenced on all paths leading to the check.
130 if (session != null && session.isKeyAdmin() &&
xxServiceDef != null && resultList != null) {
131 List<VXTrxLog> vXTrxLogs = new
ArrayList<VXTrxLog>();
132 for (VXTrxLog xTrxLog : trxLogList) {
133 int parentObjectClassType =
xTrxLog.getParentObjectClassType();
134 Long parentObjectId =
xTrxLog.getParentObjectId();
135 if (parentObjectClassType ==
AppConstants.CLASS_TYPE_XA_SERVICE_DEF
** CID 166414: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java:
721 in
org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getGroups(org.apache.ranger.usergroupsync.UserGroupSink)()
________________________________________________________________________________________________________
*** CID 166414: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
/ugsync/src/main/java/org/apache/ranger/ldapusersync/process/LdapDeltaUserGroupBuilder.java:
721 in
org.apache.ranger.ldapusersync.process.LdapDeltaUserGroupBuilder.getGroups(org.apache.ranger.usergroupsync.UserGroupSink)()
715
ldapContext.setRequestControls(new Control[]{
716
new PagedResultsControl(pagedResultsSize, cookie, Control.CRITICAL) });
717 }
718 } while (cookie != null);
719
LOG.info("LdapDeltaUserGroupBuilder.getGroups() completed with group count: "
720 + counter);
>>> CID 166414: FindBugs: Dodgy code (FB.REC_CATCH_EXCEPTION)
>>> Catching RuntimeExceptions, perhaps unintentionally, with a catch
block for Exception.
721 } catch (Exception t) {
722
LOG.error("LdapDeltaUserGroupBuilder.getGroups() failed with exception: " + t);
723
LOG.info("LdapDeltaUserGroupBuilder.getGroups() group count: "
724 + counter);
725 }
726 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZueX2BiEBTy7lJEINlPbTNSvkNFDLT0nqXR2sni4EqkY6FBZw6E4C2xj2on-2B3CFEC8jOtHzmMy8pAledvQ-2BKKIaBueJKR5G-2FXNlMmLIuRzbR4VLMejYQ2iomeeGx75NYFMs6ixm4jehuNoUjmzQOyAuhEnKbpH3KbkC55p8Z88sDw-3D-3D
To manage Coverity Scan email notifications for "bo...@apache.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZueX2BiEBTy7lJEINlPbTNScwc6p2uXSWf4c-2FTNWDGkKjq-2BDIpgLGI3vXTmAsMIuXKoE0HdJj06PFIRjJctyui-2BGYBL8ZLFMPzdbz-2FBKqTz-2BHyT1l3yf0oq1mrfWOWu2P0bOGQ-2BhYfy-2F8kMz9JqqJS08g410p7NsWAOXbSegM1rWA-3D-3D
