FW: New Defects reported by Coverity Scan for Apache Ranger
Few issues. Mostly on test code. Please review. Thanks Bosco On 6/17/18, 1:07 AM, "scan-ad...@coverity.com" wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 5 new defect(s) introduced to Apache Ranger found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 175920: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) /security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 1573 in org.apache.ranger.common.TestServiceUtil.testVXAssetToPublicObject()() *** CID 175920: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) /security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 1573 in org.apache.ranger.common.TestServiceUtil.testVXAssetToPublicObject()() 1567 vXAsset.setAssetType(3); 1568 vXAsset.setActiveStatus(RangerCommonEnums.STATUS_ENABLED); 1569 vXAsset.setName("hive"); 1570 vXAsset.setDescription("hive description"); 1571 vXAsset.setConfig("/myConfig"); 1572 >>> CID 175920: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) >>> Dead store to actualVXRepository. 1573 VXRepository actualVXRepository = new VXRepository(); 1574 actualVXRepository = serviceUtil.vXAssetToPublicObject(vXAsset); 1575 1576 Assert.assertNotNull(actualVXRepository); 1577 Assert.assertEquals(expectedVXRepository.getId(), actualVXRepository.getId()); 1578 Assert.assertEquals(expectedVXRepository.getName(), actualVXRepository.getName()); ** CID 175919: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) /security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 106 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()() *** CID 175919: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) /security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 106 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()() 100 101 @Test 102 public void testWriteJsonToJavaObject(){ 103 String jsonString = "[\"hdfs\",\"hive\",\"knox\"]"; 104 String expectedSetString = "[hive, hdfs, knox]"; 105 Set testSet = new HashSet<>(); >>> CID 175919: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) >>> Dead store to expectedSet. 106 Set expectedSet = new HashSet<>(); 107 expectedSet = jsonUtil.writeJsonToJavaObject(jsonString, testSet.getClass()); 108 109 String actualSetString = expectedSet.toString(); 110 Assert.assertEquals(expectedSetString, actualSetString); 111 112 113 } ** CID 175918: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 109 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()() *** CID 175918: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 109 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()() 103 String jsonString = "[\"hdfs\",\"hive\",\"knox\"]"; 104 String expectedSetString = "[hive, hdfs, knox]"; 105 Set testSet = new HashSet<>(); 106 Set expectedSet = new HashSet<>(); 107 expectedSet = jsonUtil.writeJsonToJavaObject(jsonString, testSet.getClass()); 108 >>> CID 175918: Null pointer dereferences (NULL_RETURNS) >>> Calling a method on null object "expectedSet". 109 String actualSetString = expectedSet.toString(); 110 Assert.assertEquals(expectedSetString, actualSetString); 111 112 113 } ** CID 175917: FindBugs: Dodgy code (FB.DLS_DEAD_LOCAL_STORE) /security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 1892 in org.apache.ranger.common.TestServiceUtil.testToRangerPolicy()()
FW: New Defects reported by Coverity Scan for Apache Ranger
Coverity issues from couple of weeks back... Bosco On 5/24/18, 12:25 PM, "scan-ad...@coverity.com" wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 5 new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 175683:(FORWARD_NULL) *** CID 175683:(FORWARD_NULL) /security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java: 1043 in org.apache.ranger.rest.TestXUserREST.test58updateXAuditMapVXResourceNull()() 1037Mockito.verify(xResourceService).readResource(null); 1038 Mockito.verify(restErrorUtil.createRESTException(Mockito.anyString(), (MessageEnums)Mockito.any())); 1039} 1040@Test 1041public void test58updateXAuditMapVXResourceNull() { 1042 >>> CID 175683:(FORWARD_NULL) >>> Passing "null" to "updateXAuditMap", which dereferences it. 1043 Mockito.when(xUserMgr.updateXAuditMap(null)).thenReturn(null); 1044VXAuditMap retvXAuditMap=xUserRest.updateXAuditMap(null); 1045Mockito.verify(xUserMgr).updateXAuditMap(null); 1046assertNull(retvXAuditMap); 1047 1048} /security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java: 1045 in org.apache.ranger.rest.TestXUserREST.test58updateXAuditMapVXResourceNull()() 1039} 1040@Test 1041public void test58updateXAuditMapVXResourceNull() { 1042 1043 Mockito.when(xUserMgr.updateXAuditMap(null)).thenReturn(null); 1044VXAuditMap retvXAuditMap=xUserRest.updateXAuditMap(null); >>> CID 175683:(FORWARD_NULL) >>> Passing "null" to "updateXAuditMap", which dereferences it. 1045Mockito.verify(xUserMgr).updateXAuditMap(null); 1046assertNull(retvXAuditMap); 1047 1048} 1049@Test 1050public void test59deleteXAuditMap() { ** CID 175682: Null pointer dereferences (FORWARD_NULL) *** CID 175682: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 554 in org.apache.ranger.rest.XUserREST.updateXPermMap(org.apache.ranger.view.VXPermMap)() 548 if (vXPermMap != null) { 549 if (xResourceService.readResource(vXPermMap.getResourceId()) == null) { 550 throw restErrorUtil.createRESTException("Invalid Input Data - No resource found with Id: " + vXPermMap.getResourceId()); 551 } 552 } 553 >>> CID 175682: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "vXPermMap" to "updateXPermMap", which dereferences it. 554 return xUserMgr.updateXPermMap(vXPermMap); 555 } 556 557 @DELETE 558 @Path("/permmaps/{id}") 559 @RangerAnnotationClassName(class_name = VXPermMap.class) ** CID 175681: Incorrect expression (USELESS_CALL) *** CID 175681: Incorrect expression (USELESS_CALL) /security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefService.java: 550 in org.apache.ranger.service.TestRangerServiceDefService.test4getAllServiceDefs()() 544 Assert.assertNotNull(dbRangerServiceDef); 545 Mockito.verify(daoManager).getXXResourceDef(); 546 Mockito.verify(daoManager).getXXAccessTypeDef(); 547 Mockito.verify(daoManager).getXXPolicyConditionDef(); 548 Mockito.verify(daoManager).getXXContextEnricherDef(); 549 Mockito.verify(daoManager).getXXEnumDef(); >>> Calling "(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXEnumElementDef()" is only useful for its return value, which is ignored. 550 Mockito.verify(daoManager).getXXEnumElementDef(); 551 } 552 553 @Test 554 public void test5getPopulatedViewObject() { 555 XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class); ** CID 175680: Null pointer dereferences
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix if needed. Thanks Bosco On 5/10/18, 1:10 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 3 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 175611:(FORWARD_NULL) *** CID 175611:(FORWARD_NULL) /security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 950 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditAdmin()() 944 public void testGetReportLogsForAuditAdmin() { 945 SearchCriteria searchCriteria = new SearchCriteria(); 946 List sortFields = null; 947 List vXTrxLogs = new ArrayList(); 948 VXTrxLogList vXTrxLogList = new VXTrxLogList(); 949 vXTrxLogList.setVXTrxLogs(vXTrxLogs); >>> CID 175611:(FORWARD_NULL) >>> Passing null pointer "sortFields" to "extractCommonCriterias", which dereferences it. 950 Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria); 951 Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(), 952 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) 953 .thenReturn("test"); 954 Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(), 955 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())) /security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 970 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditAdmin()() 964 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); 965 Mockito.verify(searchUtil).extractInt((HttpServletRequest) Mockito.any(), 966 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString()); 967 Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(), 968 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString()); 969 Mockito.verify(assetMgr).getReportLogs(searchCriteria); >>> CID 175611:(FORWARD_NULL) >>> Passing null pointer "sortFields" to "extractCommonCriterias", which dereferences it. 970 Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields); 971 } 972 973 974 @Test 975 public void testGetReportLogsForAuditKeyAdmin() { ** CID 175610:(FORWARD_NULL) *** CID 175610:(FORWARD_NULL) /security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 981 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditKeyAdmin()() 975 public void testGetReportLogsForAuditKeyAdmin() { 976 SearchCriteria searchCriteria = new SearchCriteria(); 977 List sortFields = null; 978 List vXTrxLogs = new ArrayList(); 979 VXTrxLogList vXTrxLogList = new VXTrxLogList(); 980 vXTrxLogList.setVXTrxLogs(vXTrxLogs); >>> CID 175610:(FORWARD_NULL) >>> Passing null pointer "sortFields" to "extractCommonCriterias", which dereferences it. 981 Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria); 982 Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(), 983 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())) 984 .thenReturn("test"); 985 Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(), 986 (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())) /security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 1001 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditKeyAdmin()() 995
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix if required. Thanks Bosco On 4/26/18, 3:58 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 175488: Concurrent data access violations (GUARDED_BY_VIOLATION) /agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java: 100 in org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()() *** CID 175488: Concurrent data access violations (GUARDED_BY_VIOLATION) /agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java: 100 in org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()() 94 } 95 96 return ret; 97 } 98 99 public AuditHandler getAuditProvider() { >>> CID 175488: Concurrent data access violations (GUARDED_BY_VIOLATION) >>> Accessing "mProvider" without holding lock "AuditProviderFactory.this". Elsewhere, "org.apache.ranger.audit.provider.AuditProviderFactory.mProvider" is accessed with "AuditProviderFactory.this" held 12 out of 14 times. 100 return mProvider; 101 } 102 103 public boolean isInitDone() { 104 return mInitDone; 105 } ** CID 175487: Concurrent data access violations (GUARDED_BY_VIOLATION) /agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java: 30 in org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()() *** CID 175487: Concurrent data access violations (GUARDED_BY_VIOLATION) /agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java: 30 in org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()() 24 public class StandAloneAuditProviderFactory extends AuditProviderFactory { 25 private static final Log LOG = LogFactory.getLog(StandAloneAuditProviderFactory.class); 26 27 private volatile static StandAloneAuditProviderFactory sFactory = null; 28 29 public static StandAloneAuditProviderFactory getInstance() { >>> CID 175487: Concurrent data access violations (GUARDED_BY_VIOLATION) >>> Accessing "org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory" without holding lock "StandAloneAuditProviderFactory.class". Elsewhere, "org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory" is accessed with "StandAloneAuditProviderFactory.class" held 2 out of 3 times. 30 StandAloneAuditProviderFactory ret = sFactory; 31 if(ret == null) { 32 synchronized(StandAloneAuditProviderFactory.class) { 33 ret = sFactory; 34 if(ret == null) { 35 ret = sFactory = new StandAloneAuditProviderFactory(); To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86gM2cnAZ2hrO1Y-2F6us8dR3EF7fY8Tws4-2F0PXD-2BEipSC1NtRVGpgdtz2N0uvJ-2FS49EzG4i1MBSZ5Et7ycsWxCks7WU5ImW8FlANWFHxs7qzHVhm2At1G5boP5hlATiOo8dt1-2FEdUVyWaaPJjUSCSXXoLQ-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86glScWFQ9LnZJXWPMF2H6d1JXfJmfwJ5-2FAytpNDdIltC-2FC-2BbdAHtk1gEX94Xtx3XqWvAS6yKrJasMe644B9Q2KB2dkxjOP4Xhgw95pyOdRbrpET3pZbO4grNVDrVc2gXjNKSni-2F1bN3pUJ0x82uAqwlQ-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and resolve if needed. Thanks Bosco On 3/29/18, 12:58 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 175091: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java: 68 in org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long, long)() *** CID 175091: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java: 68 in org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long, long)() 62 } 63 64 java.nio.file.Path cachePath = FileSystems.getDefault() 65 .getPath(basedir, "/src/test/resources/" + cacheFilename); 66 byte[] cacheBytes = Files.readAllBytes(cachePath); 67 >>> CID 175091: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >>> Found reliance on default encoding: new String(byte[]). 68 return gson.fromJson(new String(cacheBytes), ServicePolicies.class); 69 } 70 71 @Override 72 public void grantAccess(GrantRevokeRequest request) throws Exception { 73 ** CID 175090: Null pointer dereferences (FORWARD_NULL) *** CID 175090: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 2601 in org.apache.ranger.rest.ServiceREST.getServicePolicies(java.lang.String, org.apache.ranger.plugin.util.SearchFilter)() 2595 filter.setStartIndex(savedStartIndex); 2596filter.setMaxRows(savedMaxRows); 2597} 2598 2599servicePolicies = applyAdminAccessFilter(servicePolicies); 2600 >>> CID 175090: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "filter" to "toRangerPolicyList", which dereferences it. 2601return toRangerPolicyList(servicePolicies, filter); 2602} 2603} catch(WebApplicationException excp) { 2604throw excp; 2605} catch (Throwable excp) { 2606LOG.error("getServicePolicies(" + serviceName + ") failed", excp); To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkyKfsBgXiTb4k-2FaNGDo8qEUl-2BH63yXDNcomvZoiNiF2WHM0-2BfOOmQbx4B5UGXDs4vgM4Iijd2No-2BKhKAZ5fWyDIvixetSLwUn6Ii5x-2FoDgj-2BkICrMEOuMN9xxY3hvndcP6NWUsLHw4lI958nIxF-2BKARg-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Rangers could you please review and provide fixes for Coverity flagged issues below? Thanks. From: "scan-ad...@coverity.com"Date: Monday, March 19, 2018 at 2:55 AM To: Velmurugan Periasamy Subject: New Defects reported by Coverity Scan for Apache Ranger Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 33 new defect(s) introduced to Apache Ranger found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 33 defect(s) ** CID 174644:(FB.NP_UNWRITTEN_FIELD) /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 588 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 598 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 605 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() *** CID 174644:(FB.NP_UNWRITTEN_FIELD) /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 588 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() 582 boolean isValid = true; 583 List validationFailures = new ArrayList<>(); 584 boolean isApplicable = false; 585 586 List validatedSchedules = new ArrayList<>(); 587 >>> CID 174644:(FB.NP_UNWRITTEN_FIELD) >>> Read of unwritten field validitySchedules. 588 for (RangerValiditySchedule validitySchedule : testCase.validitySchedules) { 589 RangerValidityScheduleValidator validator = new RangerValidityScheduleValidator(validitySchedule); 590 RangerValiditySchedule validatedSchedule = validator.validate(validationFailures); 591 isValid = isValid && validatedSchedule != null; 592 if (isValid) { 593 validatedSchedules.add(validatedSchedule); /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 598 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() 592 if (isValid) { 593 validatedSchedules.add(validatedSchedule); 594 } 595 } 596 if (isValid) { 597 for (RangerValiditySchedule validSchedule : validatedSchedules) { >>> CID 174644:(FB.NP_UNWRITTEN_FIELD) >>> Read of unwritten field accessTime. 598 isApplicable = new RangerValidityScheduleEvaluator(validSchedule).isApplicable(testCase.accessT ime.getTime()); 599 if (isApplicable) { 600 break; 601 } 602 } 603 } /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic yEngine.java: 605 in org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT ests(java.lang.String)() 599 if (isApplicable) { 600 break; 601 } 602 } 603 } 604 >>> CID 174644:(FB.NP_UNWRITTEN_FIELD) >>> Read of unwritten field result. 605 assertTrue(testCase.name, isValid == testCase.result.isValid); 606 assertTrue(testCase.name, isApplicable == testCase.result.isApplicable); 607 assertTrue(testCase.name + ", [" + validationFailures +"]", validationFailures.size() == testCase.result.validationFailureCount); 608 } 609 } 610 TimeZone.setDefault(defaultTZ); ** CID 174643: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC) /plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer /RangerAtlasAuthorizer.java: 299 in () *** CID 174643: FindBugs: Performance (FB.SIC_INNER_SHOULD_BE_STATIC) /plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer /RangerAtlasAuthorizer.java: 299 in () 293 class RangerAtlasPlugin extends RangerBasePlugin { 294 RangerAtlasPlugin() { 295
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix if required. Thanks Bosco On 11/12/17, 2:06 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 5 new defect(s) introduced to Apache Ranger found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 168929: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java: 96 in org.apache.ranger.plugin.policyengine.TestPolicyDb.runTestsFromResourceFiles(java.lang.String[], org.apache.ranger.plugin.model.RangerServiceDef)() *** CID 168929: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java: 96 in org.apache.ranger.plugin.policyengine.TestPolicyDb.runTestsFromResourceFiles(java.lang.String[], org.apache.ranger.plugin.model.RangerServiceDef)() 90 runTestsFromResourceFiles(hiveTestResourceFiles, hiveServiceDef); 91 } 92 93 private void runTestsFromResourceFiles(String[] resourceNames, RangerServiceDef serviceDef) { 94 for(String resourceName : resourceNames) { 95 InputStream inStream = this.getClass().getResourceAsStream(resourceName); >>> CID 168929: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >>> Found reliance on default encoding: new java.io.InputStreamReader(InputStream). 96 InputStreamReader reader = new InputStreamReader(inStream); 97 98 runTests(reader, resourceName, serviceDef); 99 } 100 } 101 ** CID 168928: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java: 109 in org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.runTestsFromResourceFiles(java.lang.String[], org.apache.ranger.plugin.model.RangerServiceDef)() *** CID 168928: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java: 109 in org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.runTestsFromResourceFiles(java.lang.String[], org.apache.ranger.plugin.model.RangerServiceDef)() 103 runTestsFromResourceFiles(tests, hiveServiceDef); 104 } 105 106 private void runTestsFromResourceFiles(String[] resourceNames, RangerServiceDef serviceDef) throws Exception { 107 for (String resourceName : resourceNames) { 108 InputStream inStream = this.getClass().getResourceAsStream(resourceName); >>> CID 168928: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >>> Found reliance on default encoding: new java.io.InputStreamReader(InputStream). 109 InputStreamReader reader = new InputStreamReader(inStream); 110 111 runTests(reader, serviceDef); 112 } 113 } 114 ** CID 168927: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java: 76 in org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.readServiceDef(java.lang.String)() *** CID 168927: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java: 76 in org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.readServiceDef(java.lang.String)() 70 hbaseServiceDef = readServiceDef("hbase"); 71 tagServiceDef = readServiceDef("tag"); 72 } 73 74 private static RangerServiceDef readServiceDef(String name) { 75 InputStream inStream = TestDefaultPolicyResourceMatcher.class.getResourceAsStream("/admin/service-defs/test-" + name + "-servicedef.json"); >>> CID 168927: FindBugs: Internationalization
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix it if needed. If already fixed, then ignore it. Thanks Bosco On 11/9/17, 2:38 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 168820: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java: 68 in org.apache.ranger.authorization.sqoop.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long, long)() *** CID 168820: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) /plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java: 68 in org.apache.ranger.authorization.sqoop.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long, long)() 62 } 63 64 java.nio.file.Path cachePath = FileSystems.getDefault() 65 .getPath(basedir, "/src/test/resources/" + cacheFilename); 66 byte[] cacheBytes = Files.readAllBytes(cachePath); 67 >>> CID 168820: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >>> Found reliance on default encoding: new String(byte[]). 68 return gson.fromJson(new String(cacheBytes), ServicePolicies.class); 69 } 70 71 @Override 72 public void grantAccess(GrantRevokeRequest request) throws Exception { 73 To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsMqEqrxhCQe3QiGZKLBC9ZVKrqK8K8Zkf54MPyJibzdDARB32PzrbQ8f46AzhcTYeGaITESE-2BEm7WHLhSdInx52rcI8bkFZIRW-2BtA-2BsnArSlEysr2DT-2FU2vC6eqgkvbGfbqSUT39eN5dSf1OIajSzDAxxLRb1Eqx-2FrWV2G3QoGIg-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsMqEqrxhCQe3QiGZKLBC9ZxHdSLnPplkqAfKwj8sjqJ8HtuTOsl70V60lki3YWS5PQE3Q01TITRHg7EjpXgq-2FFm1oEfIaFcUF5EJDeGoKcGPuDEJ0VYLLx9vJ7siZnKUbrh3BRNNUDRnoI3Go9jz-2F-2BZ39t1pyTSpT5wzceW7qUvw-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix. Thanks Bosco On 10/26/17, 9:11 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 168620: FindBugs: Performance (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) /hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java: 305 in org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(java.util.Map)() *** CID 168620: FindBugs: Performance (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) /hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java: 305 in org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(java.util.Map)() 299 cluster = "namenode" + (i + 1); 300 configs.put("dfs.namenode.rpc-address." + configs.get("dfs.nameservices") + "." + cluster, 301 fsDefaultNameElements[i]); 302 if (i == (fsDefaultNameElements.length - 1)) { 303 clusters += cluster; 304 } else { >>> CID 168620: FindBugs: Performance (FB.SBSC_USE_STRINGBUFFER_CONCATENATION) >>> org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(Map) concatenates strings using + in a loop. 305 clusters += cluster + ","; 306 } 307 } 308 configs.put("dfs.ha.namenodes." + configs.get("dfs.nameservices"), clusters); 309 } 310 } To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroU5mWNsNiM7OVRdsl6DJR5LTUChq42fVbU-2Fr1jlwSSZ3yR3k4ycwZTS0QkKayVUGYhpHjV8vMdPHJwfZIZjeDvW59RoGHYuxr3UvsJzGHNk6gAvr6OuaH0vx6ZtLRw-2F0NLST5sMrn2kXHvdALOtTEjnQ-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroUY-2B5eztdplfpZl4XbRHqpmm-2BR-2BBcRGtjksJzkppkELCz2qJaMgx3MEPa5W36y4ulRSlhcOiAc0lsLanJeQVrTf9E0m-2Bl5ruY29IkebOmDsiu99OFO-2FOGVRupPXUKM1aYuG9NH79Bvn8nEUHlJSJHDDQ-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix where required. Thanks Bosco On 10/12/17, 12:42 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 3 new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 167552: FindBugs: Correctness (FB.GC_UNRELATED_TYPES) /security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java: 1891 in org.apache.ranger.biz.ServiceDBStore.validatePolicyItems(java.util.List)() *** CID 167552: FindBugs: Correctness (FB.GC_UNRELATED_TYPES) /security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java: 1891 in org.apache.ranger.biz.ServiceDBStore.validatePolicyItems(java.util.List)() 1885 1886if (policyItem.getGroups() != null && (policyItem.getGroups().contains(null) || policyItem.getGroups().contains(""))) { 1887isPolicyItemValid = false; 1888break; 1889} 1890 >>> CID 167552: FindBugs: Correctness (FB.GC_UNRELATED_TYPES) >>> String is incompatible with expected argument type org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItemAccess. 1891if (CollectionUtils.isEmpty(policyItem.getAccesses()) || policyItem.getAccesses().contains(null) || policyItem.getAccesses().contains("")) { 1892isPolicyItemValid = false; 1893break; 1894} 1895} 1896} ** CID 167551: Control flow issues (DEADCODE) /agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java: 293 in org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(java.util.Map, java.util.Map)() *** CID 167551: Control flow issues (DEADCODE) /agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java: 293 in org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(java.util.Map, java.util.Map)() 287 Collection policyKeys = policyResources == null ? null : policyResources.keySet(); 288 booleankeysMatch= resourceKeys != null && policyKeys != null && CollectionUtils.isEqualCollection(resourceKeys, policyKeys); 289 290 if (keysMatch) { 291 for (RangerResourceDef resourceDef : serviceDef.getResources()) { 292 String resourceName = resourceDef.getName(); >>> CID 167551: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "null" inside this statement: "resourceValues = ((resource...". 293 RangerPolicyResource resourceValues = resources == null ? null : resources.get(resourceName); 294 RangerPolicyResource policyValues = policyResources == null ? null : policyResources.get(resourceName); 295 296 if (resourceValues == null || CollectionUtils.isEmpty(resourceValues.getValues())) { 297 ret = (policyValues == null || CollectionUtils.isEmpty(policyValues.getValues())); 298 } else if (policyValues != null && CollectionUtils.isNotEmpty(policyValues.getValues())) { ** CID 167550: Control flow issues (DEADCODE) /agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java: 253 in org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(org.apache.ranger.plugin.policyengine.RangerAccessResource, java.util.Map)() *** CID 167550: Control flow issues (DEADCODE) /agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java: 253 in org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(org.apache.ranger.plugin.policyengine.RangerAccessResource,
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
we wont be needing fix for this (CID 167355) as we have already handled CSRF in RangerCSRFPreventionFilter for PUT,POST and DELETE requests from UI. On Thu, Oct 5, 2017 at 11:38 PM, Abhay Kulkarniwrote: > Ranger contributors/committers, > > Please review and fix as appropriate. > > Thanks! > -Abhay > > On 10/5/17, 12:44 AM, "scan-ad...@coverity.com" > wrote: > > > > >Hi, > > > >Please find the latest report on new defect(s) introduced to Apache > >Ranger found with Coverity Scan. > > > >1 new defect(s) introduced to Apache Ranger found with Coverity Scan. > >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the > >recent build analyzed by Coverity Scan. > > > >New defect(s) Reported-by: Coverity Scan > >Showing 1 of 1 defect(s) > > > > > >** CID 167355: High impact security (CSRF) > >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145 > >in > >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId( > javax.servlet. > >http.HttpServletRequest, java.lang.Long)() > > > > > >___ > ___ > >__ > >*** CID 167355: High impact security (CSRF) > >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145 > >in > >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId( > javax.servlet. > >http.HttpServletRequest, java.lang.Long)() > >1139 } > >1140 > >1141 @DELETE > >1142 @Path("/secure/groups/id/{groupId}") > >1143 @Produces({ "application/xml", "application/json" }) > >1144 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") > CID 167355: High impact security (CSRF) > No CSRF protection was detected anywhere in this application. If > this is not correct, please refer to the CSRF checker reference on how > to specify it via checker option. > >1145 public void deleteSingleGroupByGroupId(@Context > >HttpServletRequest request, @PathParam("groupId") Long groupId) { > >1146 String forceDeleteStr = > >request.getParameter("forceDelete"); > >1147 boolean forceDelete = false; > >1148 if (StringUtils.isNotEmpty(forceDeleteStr) && > >"true".equalsIgnoreCase(forceDeleteStr)) { > >1149 forceDelete = true; > >1150 } > > > > > >___ > ___ > >__ > >To view the defects in Coverity Scan visit, > >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A- > 2BWcWUl-2F-2BfV0V > >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo- > 2FGua3FsLRTF > >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg- > 2Fwh01uR5A1l1-2BVcR3oH7pU8UU > >tymA61jLVPU8teODZcUnEX5B-2B5hX1eFAt8zyDkMf5MtEV28Pb4WsJ > EO8N8Kfxc-2ByhjhR1q > >MXymSicoD6FE0Xx-2Ba-2BwyEP1-2BYlAg8tBkmxe20hj- > 2FwktsbrcOifoTUjZaLnqFkEP4eV > >nJnYsYl-2BY7Fw6TM8FVssdZqtJYgThFTCu6NKtlAYJqGSZUma3Fnk-3D > > > >To manage Coverity Scan email notifications for > >"akulka...@hortonworks.com", click > >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A- > 2BWcWUl-2F-2BfV0V > >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcj > hdwy7bkx > >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGD > Ix74O-2BWzK0Pb > >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1- > 2BVcR3oH7pU8UUtymA61jLVP > >U8teODZcUnEX5B-2B5hX1eFAt8zyDkNjLEGz8ctryIMUA > s1YwGqx3pLyLgLlMSPemMYFX-2FjZ > >-2BgLVVAMkO15jBW1SDLKiLTHxoQM9wbbMoKO8RQX8NT7- > 2FApHycHav1J274XVOSzaOHsuYRO > >OQv2UY5NyZpyHapPo5xJCFCBZla3x0wJgIH21k-3D > > > > -- Regards, Nikhil Purbhe
FW: New Defects reported by Coverity Scan for Apache Ranger
Ranger contributors/committers, Please review and fix as appropriate. Thanks! -Abhay On 10/5/17, 12:44 AM, "scan-ad...@coverity.com"wrote: > >Hi, > >Please find the latest report on new defect(s) introduced to Apache >Ranger found with Coverity Scan. > >1 new defect(s) introduced to Apache Ranger found with Coverity Scan. >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the >recent build analyzed by Coverity Scan. > >New defect(s) Reported-by: Coverity Scan >Showing 1 of 1 defect(s) > > >** CID 167355: High impact security (CSRF) >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145 >in >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet. >http.HttpServletRequest, java.lang.Long)() > > >__ >__ >*** CID 167355: High impact security (CSRF) >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145 >in >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet. >http.HttpServletRequest, java.lang.Long)() >1139 } >1140 >1141 @DELETE >1142 @Path("/secure/groups/id/{groupId}") >1143 @Produces({ "application/xml", "application/json" }) >1144 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") CID 167355: High impact security (CSRF) No CSRF protection was detected anywhere in this application. If this is not correct, please refer to the CSRF checker reference on how to specify it via checker option. >1145 public void deleteSingleGroupByGroupId(@Context >HttpServletRequest request, @PathParam("groupId") Long groupId) { >1146 String forceDeleteStr = >request.getParameter("forceDelete"); >1147 boolean forceDelete = false; >1148 if (StringUtils.isNotEmpty(forceDeleteStr) && >"true".equalsIgnoreCase(forceDeleteStr)) { >1149 forceDelete = true; >1150 } > > >__ >__ >To view the defects in Coverity Scan visit, >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UU >tymA61jLVPU8teODZcUnEX5B-2B5hX1eFAt8zyDkMf5MtEV28Pb4WsJEO8N8Kfxc-2ByhjhR1q >MXymSicoD6FE0Xx-2Ba-2BwyEP1-2BYlAg8tBkmxe20hj-2FwktsbrcOifoTUjZaLnqFkEP4eV >nJnYsYl-2BY7Fw6TM8FVssdZqtJYgThFTCu6NKtlAYJqGSZUma3Fnk-3D > >To manage Coverity Scan email notifications for >"akulka...@hortonworks.com", click >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UUtymA61jLVP >U8teODZcUnEX5B-2B5hX1eFAt8zyDkNjLEGz8ctryIMUAs1YwGqx3pLyLgLlMSPemMYFX-2FjZ >-2BgLVVAMkO15jBW1SDLKiLTHxoQM9wbbMoKO8RQX8NT7-2FApHycHav1J274XVOSzaOHsuYRO >OQv2UY5NyZpyHapPo5xJCFCBZla3x0wJgIH21k-3D >
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix. Thanks Bosco On 10/1/17, 1:07 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 3 new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 167289: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() *** CID 167289: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() 367 null); 368 searchUtil.extractString(request, searchCriteria, "userRole", "UserRole", null); 369 if (CollectionUtils.isNotEmpty(userRolesList) && CollectionUtils.size(userRolesList) == 1 && userRolesList.get(0).equalsIgnoreCase(UserRoleParamName)) { 370 if (!(searchCriteria.getParamList().containsKey("name"))) { 371 searchCriteria.addParam("name", userName); 372 } >>> CID 167289: Null pointer dereferences (FORWARD_NULL) >>> Calling a method on null object "userName". 373 else if ((searchCriteria.getParamList().containsKey("name")) && userName.contains((String) searchCriteria.getParamList().get("name"))) { 374 searchCriteria.addParam("name", userName); 375 } 376 else { 377 String randomString = new Random().toString(); 378 searchCriteria.addParam("name", randomString); ** CID 167288: Null pointer dereferences (REVERSE_INULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() *** CID 167288: Null pointer dereferences (REVERSE_INULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() 351 @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")") 352 public VXUserList searchXUsers(@Context HttpServletRequest request) { 353 String UserRoleParamName = RangerConstants.ROLE_USER; 354 SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( 355 request, xUserService.sortFields); 356 String userName = null; >>> CID 167288: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "request" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 357 if(request != null && request.getUserPrincipal() != null){ 358 userName = request.getUserPrincipal().getName(); 359 } 360 searchUtil.extractString(request, searchCriteria, "name", "User name",null); 361 searchUtil.extractString(request, searchCriteria, "emailAddress", "Email Address", 362 null); ** CID 167287: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() *** CID 167287: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)() 351 @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_USERS + "\")") 352 public VXUserList searchXUsers(@Context HttpServletRequest request) { 353 String UserRoleParamName = RangerConstants.ROLE_USER; 354 SearchCriteria searchCriteria =
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
Hi Abhay, I will look into it. On 28-Sep-2017 8:48 pm, "Abhay Kulkarni"wrote: Contributors/Committers, Please review and fix as appropriate. Thanks! -Abhay On 9/28/17, 12:43 AM, "scan-ad...@coverity.com" wrote: > >Hi, > >Please find the latest report on new defect(s) introduced to Apache >Ranger found with Coverity Scan. > >1 new defect(s) introduced to Apache Ranger found with Coverity Scan. >6 defect(s), reported by Coverity Scan earlier, were marked fixed in the >recent build analyzed by Coverity Scan. > >New defect(s) Reported-by: Coverity Scan >Showing 1 of 1 defect(s) > > >** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) > > >__ >__ >*** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >385if (oldUserProfile != null && password != null >386&& >password.equals(hiddenPasswordString)) { >387vXPortalUser.setPassword( oldUserProfile.getPassword()); >388} >389 else if(password != null){ >390 validatePassword(vXUser); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >391 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >392 >vXPortalUser.setPassword(oldUserProfile.getPassword()); >393 } >394 else if(oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) >395 { >396vXPortalUser.setPassword(password); >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >444} >445 >446// TODO I've to get the transaction log from here. >447// There is nothing to log anything in XXUser so far. >448vXUser = xUserService.updateResource(vXUser); >449vXUser.setUserRoleList(roleList); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >450 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) { >451vXUser.setPassword(password); >452 } >453 else if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >454 vXUser.setPassword(oldUserProfile.getPassword()); >455 } > > >__ >__ >To view the defects in Coverity Scan visit, >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG >asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t >e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B >gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D > >To manage Coverity Scan email notifications for >"akulka...@hortonworks.com", click >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB >PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC >D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ >KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D >
FW: New Defects reported by Coverity Scan for Apache Ranger
Contributors/Committers, Please review and fix as appropriate. Thanks! -Abhay On 9/28/17, 12:43 AM, "scan-ad...@coverity.com"wrote: > >Hi, > >Please find the latest report on new defect(s) introduced to Apache >Ranger found with Coverity Scan. > >1 new defect(s) introduced to Apache Ranger found with Coverity Scan. >6 defect(s), reported by Coverity Scan earlier, were marked fixed in the >recent build analyzed by Coverity Scan. > >New defect(s) Reported-by: Coverity Scan >Showing 1 of 1 defect(s) > > >** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) > > >__ >__ >*** CID 95505:(FORWARD_NULL) >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >385if (oldUserProfile != null && password != null >386&& >password.equals(hiddenPasswordString)) { >387 >vXPortalUser.setPassword(oldUserProfile.getPassword()); >388} >389 else if(password != null){ >390 validatePassword(vXUser); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >391 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >392 >vXPortalUser.setPassword(oldUserProfile.getPassword()); >393 } >394 else if(oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) >395 { >396vXPortalUser.setPassword(password); >/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in >org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)( >) >444} >445 >446// TODO I've to get the transaction log from here. >447// There is nothing to log anything in XXUser so far. >448vXUser = xUserService.updateResource(vXUser); >449vXUser.setUserRoleList(roleList); CID 95505:(FORWARD_NULL) Calling a method on null object "oldUserProfile". >450 if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_APP) { >451vXUser.setPassword(password); >452 } >453 else if (oldUserProfile.getUserSource() == >RangerCommonEnums.USER_EXTERNAL) { >454 vXUser.setPassword(oldUserProfile.getPassword()); >455 } > > >__ >__ >To view the defects in Coverity Scan visit, >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG >asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t >e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B >gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D > >To manage Coverity Scan email notifications for >"akulka...@hortonworks.com", click >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB >PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC >D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ >KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D >
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
I'll fix the Knox test issues. Colm. On Fri, Sep 22, 2017 at 9:20 AM, Fatima Khanwrote: > Hi Abhay, > I will take care of all issues related to RoleBasedUserSearchUtil.java > and TestRoleBasedUserSearchUtil.java. > > > *Thanks & Regards ,* > > *Fatima Khan* > > On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarni > > wrote: > > > Contributors/Committers, > > > > Please review and fix as appropriate. > > > > Thanks! > > > > On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" > > > wrote: > > > > > > > >Hi, > > > > > >Please find the latest report on new defect(s) introduced to Apache > > >Ranger found with Coverity Scan. > > > > > >9 new defect(s) introduced to Apache Ranger found with Coverity Scan. > > >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the > > >recent build analyzed by Coverity Scan. > > > > > >New defect(s) Reported-by: Coverity Scan > > >Showing 9 of 9 defect(s) > > > > > > > > >** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > > >/security-admin/src/main/java/org/apache/ranger/patch/ > > cliutil/RoleBasedUse > > >rSearchUtil.java: 159 in > > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > > getUsersBasedOnRol > > >e(java.util.List)() > > > > > > > > >___ > > ___ > > >__ > > >*** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > > >/security-admin/src/main/java/org/apache/ranger/patch/ > > cliutil/RoleBasedUse > > >rSearchUtil.java: 159 in > > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > > getUsersBasedOnRol > > >e(java.util.List)() > > >153 } > > >154 } > > >155 } > > >156 if (MapUtils.isEmpty( > > >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) && > > >MapUtils.isEmpty(roleUserMap)) { > > >157 > System.out.println("users > > >with given user role are not there"); > > >158 logger.error("users with > > >given user role are not there"); > > CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > > > > org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > > getUsersBasedOn > > Role(List) invokes System.exit(...), which shuts down the entire > > virtual machine. > > >159 System.exit(1); > > >160 } else { > > >161 if > > >(!MapUtils.isEmpty(roleSysAdminMap)) { > > >162 for (String key > : > > >roleSysAdminMap.keySet()) { > > >163 > > >System.out.println(roleSysAdminMap.get(key) + " : " + key); > > >164 } > > > > > >** CID 167208: Incorrect expression (USELESS_CALL) > > > > > > > > >___ > > ___ > > >__ > > >*** CID 167208: Incorrect expression (USELESS_CALL) > > >/security-admin/src/test/java/org/apache/ranger/patch/ > > cliutil/TestRoleBase > > >dUserSearchUtil.java: 89 in > > >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil. > > TestGetUsersBa > > >sedOnRole()() > > >83 > > >84 > > >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao); > > >85 > > >Mockito.when(xXPortalUserDao.findByRole(RangerConstants. > > ROLE_SYS_ADMIN)).t > > >henReturn(listXXPortalUser); > > >86 > > >87 > > >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList); > > >88 > > CID 167208: Incorrect expression (USELESS_CALL) > > Calling > > "(org.apache.ranger.db.RangerDaoManager)org.mockito. > > Mockito.verify(daoM > > gr).getXXPortalUser()" is only useful for its return value, which is > > ignored. > > >89Mockito.verify(daoMgr).getXXPortalUser(); > > >90 > > >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ > > ADMIN) > > >; > > >91 > > >92} catch(Exception e) { > > >93fail("test failed due to: " + e.getMessage()); > > >94} > > > > > >** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) > > >/knox-agent/src/test/java/org/apache/ranger/services/ > > knox/RangerAdminClien > > >tImpl.java: 63 in > > >org.apache.ranger.services.knox.RangerAdminClientImpl. > > getServicePoliciesIf > > >Updated(long, long)() > > > > > > > > >___ > > ___ > > >__ > > >*** CID 167207: FindBugs: Internationalization > (FB.DM_DEFAULT_ENCODING) > > >/knox-agent/src/test/java/org/apache/ranger/services/ > > knox/RangerAdminClien > > >tImpl.java: 63 in > >
Re: FW: New Defects reported by Coverity Scan for Apache Ranger
Hi Abhay, I will take care of all issues related to RoleBasedUserSearchUtil.java and TestRoleBasedUserSearchUtil.java. *Thanks & Regards ,* *Fatima Khan* On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarniwrote: > Contributors/Committers, > > Please review and fix as appropriate. > > Thanks! > > On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" > wrote: > > > > >Hi, > > > >Please find the latest report on new defect(s) introduced to Apache > >Ranger found with Coverity Scan. > > > >9 new defect(s) introduced to Apache Ranger found with Coverity Scan. > >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the > >recent build analyzed by Coverity Scan. > > > >New defect(s) Reported-by: Coverity Scan > >Showing 9 of 9 defect(s) > > > > > >** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > >/security-admin/src/main/java/org/apache/ranger/patch/ > cliutil/RoleBasedUse > >rSearchUtil.java: 159 in > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOnRol > >e(java.util.List)() > > > > > >___ > ___ > >__ > >*** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > >/security-admin/src/main/java/org/apache/ranger/patch/ > cliutil/RoleBasedUse > >rSearchUtil.java: 159 in > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOnRol > >e(java.util.List)() > >153 } > >154 } > >155 } > >156 if (MapUtils.isEmpty( > >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) && > >MapUtils.isEmpty(roleUserMap)) { > >157 System.out.println("users > >with given user role are not there"); > >158 logger.error("users with > >given user role are not there"); > CID 167209: FindBugs: Bad practice (FB.DM_EXIT) > > org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil. > getUsersBasedOn > Role(List) invokes System.exit(...), which shuts down the entire > virtual machine. > >159 System.exit(1); > >160 } else { > >161 if > >(!MapUtils.isEmpty(roleSysAdminMap)) { > >162 for (String key : > >roleSysAdminMap.keySet()) { > >163 > >System.out.println(roleSysAdminMap.get(key) + " : " + key); > >164 } > > > >** CID 167208: Incorrect expression (USELESS_CALL) > > > > > >___ > ___ > >__ > >*** CID 167208: Incorrect expression (USELESS_CALL) > >/security-admin/src/test/java/org/apache/ranger/patch/ > cliutil/TestRoleBase > >dUserSearchUtil.java: 89 in > >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil. > TestGetUsersBa > >sedOnRole()() > >83 > >84 > >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao); > >85 > >Mockito.when(xXPortalUserDao.findByRole(RangerConstants. > ROLE_SYS_ADMIN)).t > >henReturn(listXXPortalUser); > >86 > >87 > >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList); > >88 > CID 167208: Incorrect expression (USELESS_CALL) > Calling > "(org.apache.ranger.db.RangerDaoManager)org.mockito. > Mockito.verify(daoM > gr).getXXPortalUser()" is only useful for its return value, which is > ignored. > >89Mockito.verify(daoMgr).getXXPortalUser(); > >90 > >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ > ADMIN) > >; > >91 > >92} catch(Exception e) { > >93fail("test failed due to: " + e.getMessage()); > >94} > > > >** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) > >/knox-agent/src/test/java/org/apache/ranger/services/ > knox/RangerAdminClien > >tImpl.java: 63 in > >org.apache.ranger.services.knox.RangerAdminClientImpl. > getServicePoliciesIf > >Updated(long, long)() > > > > > >___ > ___ > >__ > >*** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) > >/knox-agent/src/test/java/org/apache/ranger/services/ > knox/RangerAdminClien > >tImpl.java: 63 in > >org.apache.ranger.services.knox.RangerAdminClientImpl. > getServicePoliciesIf > >Updated(long, long)() > >57 basedir = new File(".").getCanonicalPath(); > >58 } > >59 > >60 java.nio.file.Path cachePath = > >FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + > >cacheFilename); > >61 byte[] cacheBytes = Files.readAllBytes(cachePath); > >62
FW: New Defects reported by Coverity Scan for Apache Ranger
Contributors/Committers, Please review and fix as appropriate. Thanks! On 9/21/17, 12:35 AM, "scan-ad...@coverity.com"wrote: > >Hi, > >Please find the latest report on new defect(s) introduced to Apache >Ranger found with Coverity Scan. > >9 new defect(s) introduced to Apache Ranger found with Coverity Scan. >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the >recent build analyzed by Coverity Scan. > >New defect(s) Reported-by: Coverity Scan >Showing 9 of 9 defect(s) > > >** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) >/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse >rSearchUtil.java: 159 in >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol >e(java.util.List)() > > >__ >__ >*** CID 167209: FindBugs: Bad practice (FB.DM_EXIT) >/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse >rSearchUtil.java: 159 in >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol >e(java.util.List)() >153 } >154 } >155 } >156 if (MapUtils.isEmpty( >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) && >MapUtils.isEmpty(roleUserMap)) { >157 System.out.println("users >with given user role are not there"); >158 logger.error("users with >given user role are not there"); CID 167209: FindBugs: Bad practice (FB.DM_EXIT) org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOn Role(List) invokes System.exit(...), which shuts down the entire virtual machine. >159 System.exit(1); >160 } else { >161 if >(!MapUtils.isEmpty(roleSysAdminMap)) { >162 for (String key : >roleSysAdminMap.keySet()) { >163 >System.out.println(roleSysAdminMap.get(key) + " : " + key); >164 } > >** CID 167208: Incorrect expression (USELESS_CALL) > > >__ >__ >*** CID 167208: Incorrect expression (USELESS_CALL) >/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBase >dUserSearchUtil.java: 89 in >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.TestGetUsersBa >sedOnRole()() >83 >84 >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao); >85 >Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_SYS_ADMIN)).t >henReturn(listXXPortalUser); >86 >87 >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList); >88 CID 167208: Incorrect expression (USELESS_CALL) Calling "(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoM gr).getXXPortalUser()" is only useful for its return value, which is ignored. >89Mockito.verify(daoMgr).getXXPortalUser(); >90 >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ADMIN) >; >91 >92} catch(Exception e) { >93fail("test failed due to: " + e.getMessage()); >94} > >** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien >tImpl.java: 63 in >org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf >Updated(long, long)() > > >__ >__ >*** CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) >/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien >tImpl.java: 63 in >org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf >Updated(long, long)() >57 basedir = new File(".").getCanonicalPath(); >58 } >59 >60 java.nio.file.Path cachePath = >FileSystems.getDefault().getPath(basedir, "/src/test/resources/" + >cacheFilename); >61 byte[] cacheBytes = Files.readAllBytes(cachePath); >62 CID 167207: FindBugs: Internationalization (FB.DM_DEFAULT_ENCODING) Found reliance on default encoding: new String(byte[]). >63 return gson.fromJson(new String(cacheBytes), >ServicePolicies.class); >64 } >65 >66 public void grantAccess(GrantRevokeRequest request) throws >Exception { >67 >68 } > >** CID 167206: Incorrect expression
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix if required. Thanks Bosco On 9/14/17, 2:19 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 new defect(s) introduced to Apache Ranger found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 167104: FindBugs: Bad practice (FB.DM_EXIT) /security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java: 138 in org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef()() *** CID 167104: FindBugs: Bad practice (FB.DM_EXIT) /security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java: 138 in org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef()() 132 RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); 133 validator.validate(dbNifiServiceDef, Action.UPDATE); 134 ret = svcStore.updateServiceDef(dbNifiServiceDef); 135 } 136 if (ret == null) { 137 logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME+ "service-def"); >>> CID 167104: FindBugs: Bad practice (FB.DM_EXIT) >>> org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef() invokes System.exit(...), which shuts down the entire virtual machine. 138 System.exit(1); 139 } 140 } catch (Exception e) { 141 logger.error("Error while updating " + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e); 142 } 143 } 144 To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZs2qU5Gq3l8Fcz8-2B5uxZQ-2BkPW6pytVd-2Fe91b3vqcCqeRCKveZY3EnnJ6XPgF6gfKZfhxfUyMFFokJFkYvU4na3gVO9Fc1Q6r2NAtI5lSSCeZ7y4Dj29CaMGYkqe39A2IH0xSKo0A30WBExulPDkMwSXyRq9GGcLH3kIs7pn-2BdCzmg-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZs2qU5Gq3l8Fcz8-2B5uxZQ-2Bk3yXYhMZupY4qVnjecJHFUcyds3n-2F3tqUt6xzkY2-2BftBjVlKjiIpZMVo4mDjxMYbzlFjQ3iQzDxPl5TtAD-2FZv3Z-2FJd-2BTik1yUvDlledWoIvESVtyAPih2qi75ctpYajAok-2B1ZzEEALf5SgOAOcPkeVQ-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Contributors please review and fix if required. Thanks Bosco On 8/27/17, 12:56 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 166624: High impact security (CSRF) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 in org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest, java.lang.String)() *** CID 166624: High impact security (CSRF) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 in org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest, java.lang.String)() 1087 } 1088 1089 @DELETE 1090 @Path("/secure/groups/{groupName}") 1091 @Produces({ "application/xml", "application/json" }) 1092 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") >>> CID 166624: High impact security (CSRF) >>> No CSRF protection was detected anywhere in this application. If this is not correct, please refer to the CSRF checker reference on how to specify it via checker option. 1093 public void deleteSingleGroupByGroupName(@Context HttpServletRequest request, @PathParam("groupName") String groupName) { 1094 String forceDeleteStr = request.getParameter("forceDelete"); 1095 boolean forceDelete = false; 1096 if (StringUtils.isNotEmpty(forceDeleteStr) && "true".equalsIgnoreCase(forceDeleteStr)) { 1097 forceDelete = true; 1098 } To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7m70hjcM3i0eUQMczf0ub4EVlpWB9LtD0opx1W3F4tFvmiX6ROKKk3fXLL5EztvOaJw5ZC9VI5a7bhA85XoUbSi6dUq4AXs8e0GSfMX9I5EyOSdZ-2F-2BtxjSkmexvEXJbcXif71iqDQWsxDjwTIs48nCmA-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7mCGva22L4y4ksaNFDMHZhPOydej9m008BbA-2BI3PwavzKpZLBYSbQeFOGGSfIfgVtttYksc09X1LyW4Ds0JsDbVfdyeksgGAT3ehjoQknWYW5yRn5VG08d8ZDAQdSjEfaXTHn973nl6CKI6D58Lk37FQ-3D-3D
FW: New Defects reported by Coverity Scan for Apache Ranger
Contributors/committers, please review and fix them. Thanks Bosco On 8/24/17, 12:54 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 5 new defect(s) introduced to Apache Ranger found with Coverity Scan. 16 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 166418: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427 in org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy, javax.servlet.http.HttpServletRequest)() *** CID 166418: Null pointer dereferences (FORWARD_NULL) /security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427 in org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy, javax.servlet.http.HttpServletRequest)() 1421} 1422 1423if(StringUtils.isNotEmpty(policyName)) { 1424 policy.setName(StringUtils.trim(policyName)); 1425} 1426 >>> CID 166418: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "updateIfExists" to "valueOf", which dereferences it. 1427if(Boolean.valueOf(updateIfExists)) { 1428RangerPolicy existingPolicy = null; 1429try { 1430 if(StringUtils.isNotEmpty(policy.getGuid())) { 1431existingPolicy = getPolicyByGuid(policy.getGuid()); 1432} ** CID 166417:(FB.RC_REF_COMPARISON) /security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 142 in org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)() /security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 143 in org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)() /security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 139 in org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)() *** CID 166417:(FB.RC_REF_COMPARISON) /security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 142 in org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)() 136 && parentObjectId == xxServiceDef.getId()) { 137 vXTrxLogs.add(xTrxLog); 138 } else if (parentObjectClassType == AppConstants.CLASS_TYPE_XA_SERVICE 139 && parentObjectId != xxServiceDef.getId()) { 140 for (VXTrxLog vxTrxLog : trxLogList) { 141 if (parentObjectClassType == vxTrxLog.getObjectClassType() >>> CID 166417:(FB.RC_REF_COMPARISON) >>> Suspicious comparison of Long references. 142 && parentObjectId == vxTrxLog.getObjectId() 143 && vxTrxLog.getParentObjectId() == xxServiceDef.getId()) { 144 vXTrxLogs.add(xTrxLog); 145 break; 146 } 147 } /security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 143 in org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)() 137 vXTrxLogs.add(xTrxLog); 138 } else if (parentObjectClassType == AppConstants.CLASS_TYPE_XA_SERVICE 139 && parentObjectId != xxServiceDef.getId()) { 140 for (VXTrxLog vxTrxLog : trxLogList) { 141 if
FW: New Defects reported by Coverity Scan for Apache Ranger
Contributors/Committers, please review if any of your commit is giving these errors. And fix them if required. Thanks Bosco On 8/13/17, 1:07 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 10 new defect(s) introduced to Apache Ranger found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 10 of 10 defect(s) ** CID 166304: Incorrect expression (USELESS_CALL) *** CID 166304: Incorrect expression (USELESS_CALL) /security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 851 in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()() 845 Assert.assertEquals("user1", vxUserGroupTest.getXuserInfo().getName()); 846 List result = vxUserGroupTest.getXgroupInfo(); 847 List expected = new ArrayList(); 848 expected.add(vXGroup1); 849 expected.add(vXGroup2); 850 Assert.assertTrue(result.containsAll(expected)); >>> CID 166304: Incorrect expression (USELESS_CALL) >>> Calling "(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXPortalUser()" is only useful for its return value, which is ignored. 851 Mockito.verify(daoManager).getXXPortalUser(); 852 Mockito.verify(portalUser).findByLoginId(vXUser.getName()); 853 Mockito.verify(daoManager).getXXPortalUserRole(); 854 Mockito.verify(userDao).findXPortalUserRolebyXPortalUserId( 855 Mockito.anyLong()); 856 ** CID 166303: High impact security (CSRF) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)() *** CID 166303: High impact security (CSRF) /security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)() 172 } 173 174 @POST 175 @Path("/groups/groupinfo") 176 @Produces({ "application/xml", "application/json" }) 177 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") >>> CID 166303: High impact security (CSRF) >>> No CSRF protection was detected anywhere in this application. If this is not correct, please refer to the CSRF checker reference on how to specify it via checker option. 178 public VXGroupUserInfo createXGroupUserFromMap(VXGroupUserInfo vXGroupUserInfo) { 179 return xUserMgr.createXGroupUserFromMap(vXGroupUserInfo); 180 } 181 182 @POST 183 @Path("/secure/groups") ** CID 166302: Exceptional resource leaks (RESOURCE_LEAK) /hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java: 908 in org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()() *** CID 166302: Exceptional resource leaks (RESOURCE_LEAK) /hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java: 908 in org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()() 902 903 @Test 904 public void testShowPrivileges() throws Exception { 905 String initialUrl = "jdbc:hive2://localhost:" + port; 906 Connection connection = DriverManager.getConnection(initialUrl, "admin", "admin"); 907 Statement statement = connection.createStatement(); >>> CID 166302: Exceptional resource leaks (RESOURCE_LEAK) >>> Variable "statement" going out of scope leaks the resource it refers to. 908 Assert.assertTrue(statement.execute("show grant user admin")); 909 statement.close(); 910 } 911 ** CID 166301: Incorrect expression (USELESS_CALL) *** CID 166301: Incorrect expression (USELESS_CALL) /security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 853 in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()() 847 List expected =
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix. Thanks Bosco On 8/6/17, 12:44 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 166171: FindBugs: Multithreaded correctness (FB.RU_INVOKE_RUN) /agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java: 117 in org.apache.ranger.audit.provider.AuditProviderFactory.shutdown()() *** CID 166171: FindBugs: Multithreaded correctness (FB.RU_INVOKE_RUN) /agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java: 117 in org.apache.ranger.audit.provider.AuditProviderFactory.shutdown()() 111 /** 112 * call shutdown hook to provide a way to 113 * shutdown gracefully in addition to the ShutdownHook mechanism 114 */ 115 public void shutdown() { 116 if (isInitDone() && jvmShutdownHook != null) { >>> CID 166171: FindBugs: Multithreaded correctness (FB.RU_INVOKE_RUN) >>> org.apache.ranger.audit.provider.AuditProviderFactory.shutdown() explicitly invokes run on a thread (did you mean to start it instead?). 117 jvmShutdownHook.run(); 118 } 119 } 120 121 public synchronized void init(Properties props, String appType) { 122 LOG.info("AuditProviderFactory: initializing.."); ** CID 166170: Control flow issues (NESTING_INDENT_MISMATCH) /agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java: 199 in org.apache.ranger.audit.destination.HDFSAuditDestination.flush()() *** CID 166170: Control flow issues (NESTING_INDENT_MISMATCH) /agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java: 199 in org.apache.ranger.audit.destination.HDFSAuditDestination.flush()() 193 synchronized (this) { 194 if (ostream != null) 195 // 1) PrinterWriter does not have bufferring of its own so 196 // we need to flush its underlying stream 197 // 2) HDFS flush() does not really flush all the way to disk. 198 ostream.hflush(); >>> CID 166170: Control flow issues (NESTING_INDENT_MISMATCH) >>> This statement is indented to column 49, as if it were nested within the preceding parent statement, but it is not. 199 logger.info("Flush HDFS audit logs completed."); 200 } 201 } catch (IOException e) { 202 logger.error("Error on flushing log writer: " + e.getMessage() + 203 "\nException will be ignored. name=" + getName() + ", fileName=" + currentFileName); 204 } To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZv33XLds5st2CH16GjUjfPDIC28Lk2AlHQ2-2BKTWLfVhhV4FUtxSH-2BQ-2FYdiREYij94dL6Vnyx3h86Wdgpd9-2Fq10Q7jqbIroRL1-2FvMV-2FOO483ZsHqVoHPsly3MZ-2B-2F5WjaCjwhmF-2Fz5-2F2SRi18UKgQmkJsXC3iUEFy8HsU4Ji7c8e4TA-3D-3D To manage Coverity Scan email notifications for "bo...@apache.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZv33XLds5st2CH16GjUjfPDu9D6-2FiICYejLSuAywfM1j4jBCjl449cBsU7cKc1B6BCx-2BDSASW9dUTiEoAdcTj-2FAP-2FIcCKkeRevD-2FxKiZ5t5tTOtoT7TFe9DXg3C5TeI-2FuLIaHM-2BJrzyK5rxglD2SY0eVa0HwhK4xEM3-2F5x2-2FhNrZQ-3D-3D
FW: FW: New Defects reported by Coverity Scan for Apache Ranger
Ok. Thanks. Jianhua Peng FW: New Defects reported by Coverity Scan for Apache Ranger Please review and fix. Thanks Bosco On 7/27/17, 1:45 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 166074: Null pointer dereferences (NULL_RETURNS) /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)() *** CID 166074: Null pointer dereferences (NULL_RETURNS) /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)() 1468 .getType()) 1469 1470 List msObjPrivs = mClient.list_privileges( 1471 principalName, principalType, 1472 this.getThriftHiveObjectRef(privObj)) 1473 >>> CID 166074: Null pointer dereferences (NULL_RETURNS) >>> Calling a method on null object "msObjPrivs". 1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) { 1475 HivePrincipal resPrincipal = new HivePrincipal( 1476 msObjPriv.getPrincipalName(), 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv 1478 .getPrincipalType())) 1479 ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()() *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()() 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT) 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR) 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT) 598 599 // Build random string of random length 600 byte[] bytes = new byte[1] >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) >>> Random object created and used only once. 601 new Random().nextBytes(bytes) 602 int count = bytes[0] 603 count = count < 56 ? 56 : count 604 count = count > 112 ? 112 : count 605 606 String random = RandomStringUtils.random(count, "^@!%()-_+=@:'<>`~abcdefghijklmnopqrstuvwxyz01234567890")
FW: New Defects reported by Coverity Scan for Apache Ranger
Please review and fix. Thanks Bosco On 7/27/17, 1:45 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 166074: Null pointer dereferences (NULL_RETURNS) /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)() *** CID 166074: Null pointer dereferences (NULL_RETURNS) /hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java: 1474 in org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal, org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)() 1468.getType()); 1469 1470List msObjPrivs = mClient.list_privileges( 1471principalName, principalType, 1472 this.getThriftHiveObjectRef(privObj)); 1473 >>> CID 166074: Null pointer dereferences (NULL_RETURNS) >>> Calling a method on null object "msObjPrivs". 1474for (HiveObjectPrivilege msObjPriv : msObjPrivs) { 1475HivePrincipal resPrincipal = new HivePrincipal( 1476 msObjPriv.getPrincipalName(), 1477 AuthorizationUtils.getHivePrincipalType(msObjPriv 1478 .getPrincipalType())); 1479 ** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()() *** CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) /hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java: 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()() 595 RangerHdfsPlugin.hadoopAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP, RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT); 596 RangerHdfsPlugin.fileNameExtensionSeparator = RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP, RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR); 597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP, RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT); 598 599 // Build random string of random length 600 byte[] bytes = new byte[1]; >>> CID 166073: FindBugs: Bad practice (FB.DMI_RANDOM_USED_ONLY_ONCE) >>> Random object created and used only once. 601 new Random().nextBytes(bytes); 602 int count = bytes[0]; 603 count = count < 56 ? 56 : count; 604 count = count > 112 ? 112 : count; 605 606 String random = RandomStringUtils.random(count, "^
FW: New Defects reported by Coverity Scan for Apache Ranger
Colm, Bhavik, Zsombor, Abhay, As recent updaters of TestServiceREST.java, can you please review the following issues flagged by Coverity scan? Thanks, Madhan On 6/11/17, 1:12 AM, "scan-ad...@coverity.com"wrote: Hi, Please find the latest report on new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 new defect(s) introduced to Apache Ranger found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 164568: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 371 in org.apache.ranger.rest.TestServiceREST.test2updateServiceDef()() *** CID 164568: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 371 in org.apache.ranger.rest.TestServiceREST.test2updateServiceDef()() 365 public void test2updateServiceDef() throws Exception { 366 RangerServiceDef rangerServiceDef = rangerServiceDef(); 367 368 Mockito.when(validatorFactory.getServiceDefValidator(svcStore)) 369 .thenReturn(serviceDefValidator); 370 >>> CID 164568: Null pointer dereferences (NULL_RETURNS) >>> "anyObject" returns null (checked 0 out of 3 times). 371 Mockito.when( 372 svcStore.updateServiceDef((RangerServiceDef) Mockito 373 .anyObject())).thenReturn(rangerServiceDef); 374 375 RangerServiceDef dbRangerServiceDef = serviceREST 376 .updateServiceDef(rangerServiceDef); ** CID 164567: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 331 in org.apache.ranger.rest.TestServiceREST.test1createServiceDef()() *** CID 164567: Null pointer dereferences (NULL_RETURNS) /security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 331 in org.apache.ranger.rest.TestServiceREST.test1createServiceDef()() 325 public void test1createServiceDef() throws Exception { 326 RangerServiceDef rangerServiceDef = rangerServiceDef(); 327 328 Mockito.when(validatorFactory.getServiceDefValidator(svcStore)) 329 .thenReturn(serviceDefValidator); 330 >>> CID 164567: Null pointer dereferences (NULL_RETURNS) >>> "anyObject" returns null (checked 0 out of 3 times). 331 Mockito.when( 332 svcStore.createServiceDef((RangerServiceDef) Mockito 333 .anyObject())).thenReturn(rangerServiceDef); 334 335 RangerServiceDef dbRangerServiceDef = serviceREST 336 .createServiceDef(rangerServiceDef); To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_LnAJ35ABvEvOrnniInKJw2EvFzzVWfd-2BYI3WJ8Im3vGLykd3jixR4gwMhd13bE1GMScgHH1AdhZ1pAXRa1-2FoQTbT9Vcaddrp-2BRtqYuXrQ4esVzcABVuPy38YT0PTDIqP68R3C2rD68G-2FJpndg8W1kWoEOX3RvA5I6Y6zp-2F8SCKD8XrFed3S54eousbGE6zwWTXivf-2BvlYhS0j4-2BcLSqadI0PCwGaQxJ1kJ6dCH11brk-3D To manage Coverity Scan email notifications for "mneethi...@hortonworks.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq47mxskBQgxRJXpeEpoMwX0McAuDRyJUckvXbF17DhDLsPMLsQ8vjMxWA8prVpW8XFQLFUT1SyR1J0pL1yCZ20nVmr2nMWjTeARQKttMH-2FASk-3D_LnAJ35ABvEvOrnniInKJw2EvFzzVWfd-2BYI3WJ8Im3vGLykd3jixR4gwMhd13bE1GMScgHH1AdhZ1pAXRa1-2FoQQ0CEZkVLdYRzAr4kvhDYuagJ5ZrDOmJ4D-2FWCQDR9Z63-2FNP5eASnG929-2BcMpCQB-2B0wXgmbRYxrNtjVpKFkHl7pYqa2vI8pmrceflJUo2Pr6M11V7M6exwKRKOak3pDSTgT68e6SOTlK3PZfkFxqJE0k-3D