FW: New Defects reported by Coverity Scan for Apache Ranger

Thu, 31 Aug 2017 15:23:15 -0700 

Contributors please review and fix if required.

Thanks

Bosco


On 8/27/17, 12:56 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> wrote:

    
    Hi,
    
    Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.
    
    1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
    
    
    New defect(s) Reported-by: Coverity Scan
    Showing 1 of 1 defect(s)
    
    
    ** CID 166624:  High impact security  (CSRF)
    /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 
in 
org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest,
 java.lang.String)()
    
    
    
________________________________________________________________________________________________________
    *** CID 166624:  High impact security  (CSRF)
    /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 
in 
org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest,
 java.lang.String)()
    1087             }
    1088     
    1089             @DELETE
    1090             @Path("/secure/groups/{groupName}")
    1091             @Produces({ "application/xml", "application/json" })
    1092             @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
    >>>     CID 166624:  High impact security  (CSRF)
    >>>     No CSRF protection was detected anywhere in this application. If 
this is not correct, please refer to the CSRF checker reference on how to 
specify it via checker option.
    1093             public void deleteSingleGroupByGroupName(@Context 
HttpServletRequest request, @PathParam("groupName") String groupName) {
    1094                     String forceDeleteStr = 
request.getParameter("forceDelete");
    1095                     boolean forceDelete = false;
    1096                     if (StringUtils.isNotEmpty(forceDeleteStr) && 
"true".equalsIgnoreCase(forceDeleteStr)) {
    1097                             forceDelete = true;
    1098                     }
    
    
    
________________________________________________________________________________________________________
    To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7m70hjcM3i0eUQMczf0ub4EVlpWB9LtD0opx1W3F4tFvmiX6ROKKk3fXLL5EztvOaJw5ZC9VI5a7bhA85XoUbSi6dUq4AXs8e0GSfMX9I5EyOSdZ-2F-2BtxjSkmexvEXJbcXif71iqDQWsxDjwTIs48nCmA-3D-3D
    
    To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7mCGva22L4y4ksaNFDMHZhPOydej9m008BbA-2BI3PwavzKpZLBYSbQeFOGGSfIfgVtttYksc09X1LyW4Ds0JsDbVfdyeksgGAT3ehjoQknWYW5yRn5VG08d8ZDAQdSjEfaXTHn973nl6CKI6D58Lk37FQ-3D-3D

Reply via email to