FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Few issues. Mostly on test code. Please review.

Thanks

Bosco


On 6/17/18, 1:07 AM, "scan-ad...@coverity.com"  wrote:

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

5 new defect(s) introduced to Apache Ranger found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 175920:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)

/security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 
1573 in org.apache.ranger.common.TestServiceUtil.testVXAssetToPublicObject()()




*** CID 175920:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)

/security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 
1573 in org.apache.ranger.common.TestServiceUtil.testVXAssetToPublicObject()()
1567 vXAsset.setAssetType(3);
1568 
vXAsset.setActiveStatus(RangerCommonEnums.STATUS_ENABLED);
1569 vXAsset.setName("hive");
1570 vXAsset.setDescription("hive description");
1571 vXAsset.setConfig("/myConfig");
1572 
>>> CID 175920:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)
>>> Dead store to actualVXRepository.
1573 VXRepository actualVXRepository = new 
VXRepository();
1574 actualVXRepository = 
serviceUtil.vXAssetToPublicObject(vXAsset);
1575 
1576 Assert.assertNotNull(actualVXRepository);
1577 Assert.assertEquals(expectedVXRepository.getId(), 
actualVXRepository.getId());
1578 
Assert.assertEquals(expectedVXRepository.getName(), 
actualVXRepository.getName());

** CID 175919:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)
/security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 
106 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()()




*** CID 175919:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)
/security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 
106 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()()
100 
101 @Test
102 public void testWriteJsonToJavaObject(){
103 String jsonString = "[\"hdfs\",\"hive\",\"knox\"]";
104 String expectedSetString = "[hive, hdfs, knox]";
105 Set testSet = new HashSet<>();
>>> CID 175919:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)
>>> Dead store to expectedSet.
106 Set expectedSet = new HashSet<>();
107 expectedSet = 
jsonUtil.writeJsonToJavaObject(jsonString, testSet.getClass());
108 
109 String actualSetString = expectedSet.toString();
110 Assert.assertEquals(expectedSetString, 
actualSetString);
111 
112 
113 }

** CID 175918:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 
109 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()()




*** CID 175918:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/common/TestJSONUtil.java: 
109 in org.apache.ranger.common.TestJSONUtil.testWriteJsonToJavaObject()()
103 String jsonString = "[\"hdfs\",\"hive\",\"knox\"]";
104 String expectedSetString = "[hive, hdfs, knox]";
105 Set testSet = new HashSet<>();
106 Set expectedSet = new HashSet<>();
107 expectedSet = 
jsonUtil.writeJsonToJavaObject(jsonString, testSet.getClass());
108 
>>> CID 175918:  Null pointer dereferences  (NULL_RETURNS)
>>> Calling a method on null object "expectedSet".
109 String actualSetString = expectedSet.toString();
110 Assert.assertEquals(expectedSetString, 
actualSetString);
111 
112 
113 }

** CID 175917:  FindBugs: Dodgy code  (FB.DLS_DEAD_LOCAL_STORE)

/security-admin/src/test/java/org/apache/ranger/common/TestServiceUtil.java: 
1892 in org.apache.ranger.common.TestServiceUtil.testToRangerPolicy()()

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Coverity issues from couple of weeks back...

Bosco


On 5/24/18, 12:25 PM, "scan-ad...@coverity.com"  
wrote:

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

5 new defect(s) introduced to Apache Ranger found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 175683:(FORWARD_NULL)




*** CID 175683:(FORWARD_NULL)
/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java: 
1043 in 
org.apache.ranger.rest.TestXUserREST.test58updateXAuditMapVXResourceNull()()
1037Mockito.verify(xResourceService).readResource(null);
1038
Mockito.verify(restErrorUtil.createRESTException(Mockito.anyString(), 
(MessageEnums)Mockito.any()));
1039}
1040@Test
1041public void test58updateXAuditMapVXResourceNull() {
1042
>>> CID 175683:(FORWARD_NULL)
>>> Passing "null" to "updateXAuditMap", which dereferences it.
1043
Mockito.when(xUserMgr.updateXAuditMap(null)).thenReturn(null);
1044VXAuditMap 
retvXAuditMap=xUserRest.updateXAuditMap(null);
1045Mockito.verify(xUserMgr).updateXAuditMap(null);
1046assertNull(retvXAuditMap);
1047
1048}
/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java: 
1045 in 
org.apache.ranger.rest.TestXUserREST.test58updateXAuditMapVXResourceNull()()
1039}
1040@Test
1041public void test58updateXAuditMapVXResourceNull() {
1042
1043
Mockito.when(xUserMgr.updateXAuditMap(null)).thenReturn(null);
1044VXAuditMap 
retvXAuditMap=xUserRest.updateXAuditMap(null);
>>> CID 175683:(FORWARD_NULL)
>>> Passing "null" to "updateXAuditMap", which dereferences it.
1045Mockito.verify(xUserMgr).updateXAuditMap(null);
1046assertNull(retvXAuditMap);
1047
1048}
1049@Test
1050public void test59deleteXAuditMap() {

** CID 175682:  Null pointer dereferences  (FORWARD_NULL)




*** CID 175682:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 554 in 
org.apache.ranger.rest.XUserREST.updateXPermMap(org.apache.ranger.view.VXPermMap)()
548 if (vXPermMap != null) {
549 if 
(xResourceService.readResource(vXPermMap.getResourceId()) == null) {
550 throw 
restErrorUtil.createRESTException("Invalid Input Data - No resource found with 
Id: " + vXPermMap.getResourceId());
551 }
552 }
553 
>>> CID 175682:  Null pointer dereferences  (FORWARD_NULL)
>>> Passing null pointer "vXPermMap" to "updateXPermMap", which 
dereferences it.
554 return xUserMgr.updateXPermMap(vXPermMap);
555 }
556 
557 @DELETE
558 @Path("/permmaps/{id}")
559 @RangerAnnotationClassName(class_name = VXPermMap.class)

** CID 175681:  Incorrect expression  (USELESS_CALL)




*** CID 175681:  Incorrect expression  (USELESS_CALL)

/security-admin/src/test/java/org/apache/ranger/service/TestRangerServiceDefService.java:
 550 in 
org.apache.ranger.service.TestRangerServiceDefService.test4getAllServiceDefs()()
544 Assert.assertNotNull(dbRangerServiceDef);
545 Mockito.verify(daoManager).getXXResourceDef();
546 Mockito.verify(daoManager).getXXAccessTypeDef();
547 Mockito.verify(daoManager).getXXPolicyConditionDef();
548 Mockito.verify(daoManager).getXXContextEnricherDef();
549 Mockito.verify(daoManager).getXXEnumDef();
>>> Calling 
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXEnumElementDef()"
 is only useful for its return value, which is ignored.
550 Mockito.verify(daoManager).getXXEnumElementDef();
551 }
552 
553 @Test
554 public void test5getPopulatedViewObject() {
555 XXPortalUserDao xPortalUserDao = 
Mockito.mock(XXPortalUserDao.class);

** CID 175680:  Null pointer dereferences  

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix if needed.

Thanks

Bosco


On 5/10/18, 1:10 AM, "scan-ad...@coverity.com"  wrote:

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

3 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 175611:(FORWARD_NULL)




*** CID 175611:(FORWARD_NULL)
/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 
950 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditAdmin()()
944 public void testGetReportLogsForAuditAdmin() {
945 SearchCriteria searchCriteria = new 
SearchCriteria();
946 List sortFields = null;
947 List vXTrxLogs = new 
ArrayList();
948 VXTrxLogList vXTrxLogList = new VXTrxLogList();
949 vXTrxLogList.setVXTrxLogs(vXTrxLogs);
>>> CID 175611:(FORWARD_NULL)
>>> Passing null pointer "sortFields" to "extractCommonCriterias", 
which dereferences it.
950 
Mockito.when(searchUtil.extractCommonCriterias(request, 
sortFields)).thenReturn(searchCriteria);
951 
Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(),
952 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
953 .thenReturn("test");
954 
Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(),
955 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString()))
/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 
970 in org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditAdmin()()
964 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
965 
Mockito.verify(searchUtil).extractInt((HttpServletRequest) Mockito.any(),
966 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString());
967 Mockito.verify(searchUtil, 
Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(),
968 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
969 
Mockito.verify(assetMgr).getReportLogs(searchCriteria);
>>> CID 175611:(FORWARD_NULL)
>>> Passing null pointer "sortFields" to "extractCommonCriterias", 
which dereferences it.
970 
Mockito.verify(searchUtil).extractCommonCriterias(request, sortFields);
971 }
972 
973 
974 @Test
975 public void testGetReportLogsForAuditKeyAdmin() {

** CID 175610:(FORWARD_NULL)




*** CID 175610:(FORWARD_NULL)
/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 
981 in 
org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditKeyAdmin()()
975 public void testGetReportLogsForAuditKeyAdmin() {
976 SearchCriteria searchCriteria = new 
SearchCriteria();
977 List sortFields = null;
978 List vXTrxLogs = new 
ArrayList();
979 VXTrxLogList vXTrxLogList = new VXTrxLogList();
980 vXTrxLogList.setVXTrxLogs(vXTrxLogs);
>>> CID 175610:(FORWARD_NULL)
>>> Passing null pointer "sortFields" to "extractCommonCriterias", 
which dereferences it.
981 
Mockito.when(searchUtil.extractCommonCriterias(request, 
sortFields)).thenReturn(searchCriteria);
982 
Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(),
983 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString(), Mockito.anyString()))
984 .thenReturn("test");
985 
Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(),
986 (SearchCriteria) Mockito.any(), 
Mockito.anyString(), Mockito.anyString()))
/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java: 
1001 in 
org.apache.ranger.rest.TestAssetREST.testGetReportLogsForAuditKeyAdmin()()
995   

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix if required.

Thanks

Bosco


On 4/26/18, 3:58 AM, "scan-ad...@coverity.com"  wrote:

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 175488:  Concurrent data access violations  (GUARDED_BY_VIOLATION)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
 100 in 
org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()()




*** CID 175488:  Concurrent data access violations  (GUARDED_BY_VIOLATION)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
 100 in 
org.apache.ranger.audit.provider.AuditProviderFactory.getAuditProvider()()
94  }
95 
96  return ret;
97  }
98 
99  public AuditHandler getAuditProvider() {
>>> CID 175488:  Concurrent data access violations  
(GUARDED_BY_VIOLATION)
>>> Accessing "mProvider" without holding lock 
"AuditProviderFactory.this". Elsewhere, 
"org.apache.ranger.audit.provider.AuditProviderFactory.mProvider" is accessed 
with "AuditProviderFactory.this" held 12 out of 14 times.
100 return mProvider;
101 }
102 
103 public boolean isInitDone() {
104 return mInitDone;
105 }

** CID 175487:  Concurrent data access violations  (GUARDED_BY_VIOLATION)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java:
 30 in 
org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()()




*** CID 175487:  Concurrent data access violations  (GUARDED_BY_VIOLATION)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/StandAloneAuditProviderFactory.java:
 30 in 
org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.getInstance()()
24 public class StandAloneAuditProviderFactory extends 
AuditProviderFactory {
25  private static final Log LOG = 
LogFactory.getLog(StandAloneAuditProviderFactory.class);
26 
27  private volatile static StandAloneAuditProviderFactory sFactory 
= null;
28 
29  public static StandAloneAuditProviderFactory getInstance() {
>>> CID 175487:  Concurrent data access violations  
(GUARDED_BY_VIOLATION)
>>> Accessing 
"org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory" 
without holding lock "StandAloneAuditProviderFactory.class". Elsewhere, 
"org.apache.ranger.audit.provider.StandAloneAuditProviderFactory.sFactory" is 
accessed with "StandAloneAuditProviderFactory.class" held 2 out of 3 times.
30  StandAloneAuditProviderFactory ret = sFactory;
31  if(ret == null) {
32  
synchronized(StandAloneAuditProviderFactory.class) {
33  ret = sFactory;
34  if(ret == null) {
35  ret = sFactory = new 
StandAloneAuditProviderFactory();




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86gM2cnAZ2hrO1Y-2F6us8dR3EF7fY8Tws4-2F0PXD-2BEipSC1NtRVGpgdtz2N0uvJ-2FS49EzG4i1MBSZ5Et7ycsWxCks7WU5ImW8FlANWFHxs7qzHVhm2At1G5boP5hlATiOo8dt1-2FEdUVyWaaPJjUSCSXXoLQ-3D-3D

  To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsLhPfb3E6V5V-2Bwt8Adm86glScWFQ9LnZJXWPMF2H6d1JXfJmfwJ5-2FAytpNDdIltC-2FC-2BbdAHtk1gEX94Xtx3XqWvAS6yKrJasMe644B9Q2KB2dkxjOP4Xhgw95pyOdRbrpET3pZbO4grNVDrVc2gXjNKSni-2F1bN3pUJ0x82uAqwlQ-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and resolve if needed.

Thanks

Bosco


On 3/29/18, 12:58 AM, "scan-ad...@coverity.com"  
wrote:

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()




*** CID 175091:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/plugin-kylin/src/test/java/org/apache/ranger/authorization/kylin/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.kylin.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()
62  }
63 
64  java.nio.file.Path cachePath = FileSystems.getDefault()
65  .getPath(basedir, 
"/src/test/resources/" + cacheFilename);
66  byte[] cacheBytes = Files.readAllBytes(cachePath);
67 
>>> CID 175091:  FindBugs: Internationalization  
(FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new String(byte[]).
68  return gson.fromJson(new String(cacheBytes), 
ServicePolicies.class);
69  }
70 
71  @Override
72  public void grantAccess(GrantRevokeRequest request) throws 
Exception {
73 

** CID 175090:  Null pointer dereferences  (FORWARD_NULL)




*** CID 175090:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 2601 
in org.apache.ranger.rest.ServiceREST.getServicePolicies(java.lang.String, 
org.apache.ranger.plugin.util.SearchFilter)()
2595
filter.setStartIndex(savedStartIndex);
2596filter.setMaxRows(savedMaxRows);
2597}
2598 
2599servicePolicies = 
applyAdminAccessFilter(servicePolicies);
2600 
>>> CID 175090:  Null pointer dereferences  (FORWARD_NULL)
>>> Passing null pointer "filter" to "toRangerPolicyList", which 
dereferences it.
2601return 
toRangerPolicyList(servicePolicies, filter);
2602}
2603} catch(WebApplicationException excp) {
2604throw excp;
2605} catch (Throwable excp) {
2606LOG.error("getServicePolicies(" + serviceName + 
") failed", excp);




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkytlroFFT4DodK8yWwhtaHLaX8VDTgQexZ1KpM2ghdONIK2s05PzHFJPHt35agqZ9nM-2FaTS-2BwGKR0yiHd9VqwUDlZAGDFlrUyAnUh6f6i-2B3anlkbZqOzVnGOBWkfRi-2BewYxNrjphgpV2suFoBTWVzO0g-3D-3D

  To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsnIXFWgRi957MYBuy-2FlDkyKfsBgXiTb4k-2FaNGDo8qEUl-2BH63yXDNcomvZoiNiF2WHM0-2BfOOmQbx4B5UGXDs4vgM4Iijd2No-2BKhKAZ5fWyDIvixetSLwUn6Ii5x-2FoDgj-2BkICrMEOuMN9xxY3hvndcP6NWUsLHw4lI958nIxF-2BKARg-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Velmurugan Periasamy]

Rangers ­ could you please review and provide fixes for Coverity flagged
issues below? Thanks.

From:  "scan-ad...@coverity.com" 
Date:  Monday, March 19, 2018 at 2:55 AM
To:  Velmurugan Periasamy 
Subject:  New Defects reported by Coverity Scan for Apache Ranger

Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger
found with Coverity Scan.

33 new defect(s) introduced to Apache Ranger found with Coverity Scan.
13 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 33 defect(s)


** CID 174644:(FB.NP_UNWRITTEN_FIELD)
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 588 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 598 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 605 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()




*** CID 174644:(FB.NP_UNWRITTEN_FIELD)
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 588 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()
582 boolean isValid = true;
583 List validationFailures =
new ArrayList<>();
584 boolean isApplicable = false;
585 
586 List validatedSchedules =
new ArrayList<>();
587 
>>>  CID 174644:(FB.NP_UNWRITTEN_FIELD)
>>>  Read of unwritten field validitySchedules.
588 for (RangerValiditySchedule validitySchedule :
testCase.validitySchedules) {
589 RangerValidityScheduleValidator validator = new
RangerValidityScheduleValidator(validitySchedule);
590 RangerValiditySchedule validatedSchedule =
validator.validate(validationFailures);
591 isValid = isValid && validatedSchedule != null;
592 if (isValid) {
593 validatedSchedules.add(validatedSchedule);
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 598 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()
592 if (isValid) {
593 validatedSchedules.add(validatedSchedule);
594 }
595 }
596 if (isValid) {
597 for (RangerValiditySchedule validSchedule :
validatedSchedules) {
>>>  CID 174644:(FB.NP_UNWRITTEN_FIELD)
>>>  Read of unwritten field accessTime.
598 isApplicable = new
RangerValidityScheduleEvaluator(validSchedule).isApplicable(testCase.accessT
ime.getTime());
599 if (isApplicable) {
600 break;
601 }
602 }
603 }
/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolic
yEngine.java: 605 in
org.apache.ranger.plugin.policyengine.TestPolicyEngine.runValiditySchedulerT
ests(java.lang.String)()
599 if (isApplicable) {
600 break;
601 }
602 }
603 }
604 
>>>  CID 174644:(FB.NP_UNWRITTEN_FIELD)
>>>  Read of unwritten field result.
605 assertTrue(testCase.name, isValid ==
testCase.result.isValid);
606 assertTrue(testCase.name, isApplicable ==
testCase.result.isApplicable);
607 assertTrue(testCase.name + ", [" +
validationFailures +"]", validationFailures.size() ==
testCase.result.validationFailureCount);
608 }
609 }
610 TimeZone.setDefault(defaultTZ);

** CID 174643:  FindBugs: Performance  (FB.SIC_INNER_SHOULD_BE_STATIC)
/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer
/RangerAtlasAuthorizer.java: 299 in ()




*** CID 174643:  FindBugs: Performance  (FB.SIC_INNER_SHOULD_BE_STATIC)
/plugin-atlas/src/main/java/org/apache/ranger/authorization/atlas/authorizer
/RangerAtlasAuthorizer.java: 299 in ()
293 class RangerAtlasPlugin extends RangerBasePlugin {
294 RangerAtlasPlugin() {
295

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix if required.

Thanks

Bosco


On 11/12/17, 2:06 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

5 new defect(s) introduced to Apache Ranger found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 168929:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java:
 96 in 
org.apache.ranger.plugin.policyengine.TestPolicyDb.runTestsFromResourceFiles(java.lang.String[],
 org.apache.ranger.plugin.model.RangerServiceDef)()




*** CID 168929:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyDb.java:
 96 in 
org.apache.ranger.plugin.policyengine.TestPolicyDb.runTestsFromResourceFiles(java.lang.String[],
 org.apache.ranger.plugin.model.RangerServiceDef)()
90 runTestsFromResourceFiles(hiveTestResourceFiles, 
hiveServiceDef);
91 }
92 
93  private void runTestsFromResourceFiles(String[] resourceNames, 
RangerServiceDef serviceDef) {
94  for(String resourceName : resourceNames) {
95  InputStream   inStream = 
this.getClass().getResourceAsStream(resourceName);
>>> CID 168929:  FindBugs: Internationalization  
(FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new 
java.io.InputStreamReader(InputStream).
96  InputStreamReader reader   = new 
InputStreamReader(inStream);
97 
98  runTests(reader, resourceName, serviceDef);
99  }
100 }
101 

** CID 168928:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java:
 109 in 
org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.runTestsFromResourceFiles(java.lang.String[],
 org.apache.ranger.plugin.model.RangerServiceDef)()




*** CID 168928:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java:
 109 in 
org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.runTestsFromResourceFiles(java.lang.String[],
 org.apache.ranger.plugin.model.RangerServiceDef)()
103 runTestsFromResourceFiles(tests, hiveServiceDef);
104 }
105 
106 private void runTestsFromResourceFiles(String[] resourceNames, 
RangerServiceDef serviceDef) throws Exception {
107 for (String resourceName : resourceNames) {
108 InputStream inStream = 
this.getClass().getResourceAsStream(resourceName);
>>> CID 168928:  FindBugs: Internationalization  
(FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new 
java.io.InputStreamReader(InputStream).
109 InputStreamReader reader = new 
InputStreamReader(inStream);
110 
111 runTests(reader, serviceDef);
112 }
113 }
114 

** CID 168927:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java:
 76 in 
org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.readServiceDef(java.lang.String)()




*** CID 168927:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/agents-common/src/test/java/org/apache/ranger/plugin/resourcematcher/TestDefaultPolicyResourceMatcher.java:
 76 in 
org.apache.ranger.plugin.resourcematcher.TestDefaultPolicyResourceMatcher.readServiceDef(java.lang.String)()
70  hbaseServiceDef = readServiceDef("hbase");
71  tagServiceDef = readServiceDef("tag");
72  }
73 
74  private static RangerServiceDef readServiceDef(String name) {
75  InputStream inStream = 
TestDefaultPolicyResourceMatcher.class.getResourceAsStream("/admin/service-defs/test-"
 + name + "-servicedef.json");
>>> CID 168927:  FindBugs: Internationalization  

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix it if needed. If already fixed, then ignore it.

Thanks

Bosco


On 11/9/17, 2:38 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

1 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 168820:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.sqoop.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()




*** CID 168820:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)

/plugin-sqoop/src/test/java/org/apache/ranger/authorization/sqoop/authorizer/RangerAdminClientImpl.java:
 68 in 
org.apache.ranger.authorization.sqoop.authorizer.RangerAdminClientImpl.getServicePoliciesIfUpdated(long,
 long)()
62  }
63 
64  java.nio.file.Path cachePath = FileSystems.getDefault()
65  .getPath(basedir, 
"/src/test/resources/" + cacheFilename);
66  byte[] cacheBytes = Files.readAllBytes(cachePath);
67 
>>> CID 168820:  FindBugs: Internationalization  
(FB.DM_DEFAULT_ENCODING)
>>> Found reliance on default encoding: new String(byte[]).
68  return gson.fromJson(new String(cacheBytes), 
ServicePolicies.class);
69  }
70 
71  @Override
72  public void grantAccess(GrantRevokeRequest request) throws 
Exception {
73 




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsMqEqrxhCQe3QiGZKLBC9ZVKrqK8K8Zkf54MPyJibzdDARB32PzrbQ8f46AzhcTYeGaITESE-2BEm7WHLhSdInx52rcI8bkFZIRW-2BtA-2BsnArSlEysr2DT-2FU2vC6eqgkvbGfbqSUT39eN5dSf1OIajSzDAxxLRb1Eqx-2FrWV2G3QoGIg-3D-3D

To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZsMqEqrxhCQe3QiGZKLBC9ZxHdSLnPplkqAfKwj8sjqJ8HtuTOsl70V60lki3YWS5PQE3Q01TITRHg7EjpXgq-2FFm1oEfIaFcUF5EJDeGoKcGPuDEJ0VYLLx9vJ7siZnKUbrh3BRNNUDRnoI3Go9jz-2F-2BZ39t1pyTSpT5wzceW7qUvw-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix.

Thanks

Bosco


On 10/26/17, 9:11 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 168620:  FindBugs: Performance  
(FB.SBSC_USE_STRINGBUFFER_CONCATENATION)

/hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java:
 305 in 
org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(java.util.Map)()




*** CID 168620:  FindBugs: Performance  
(FB.SBSC_USE_STRINGBUFFER_CONCATENATION)

/hdfs-agent/src/main/java/org/apache/ranger/services/hdfs/client/HdfsClient.java:
 305 in 
org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(java.util.Map)()
299 cluster = "namenode" + (i + 1);
300 configs.put("dfs.namenode.rpc-address." 
+ configs.get("dfs.nameservices") + "." + cluster,
301 
fsDefaultNameElements[i]);
302 if (i == (fsDefaultNameElements.length 
- 1)) {
303 clusters += cluster;
304 } else {
>>> CID 168620:  FindBugs: Performance  
(FB.SBSC_USE_STRINGBUFFER_CONCATENATION)
>>> 
org.apache.ranger.services.hdfs.client.HdfsClient.validateConnectionConfigs(Map)
 concatenates strings using + in a loop.
305 clusters += cluster + ",";
306 }
307 }
308 configs.put("dfs.ha.namenodes." + 
configs.get("dfs.nameservices"), clusters);
309 }
310 }




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroU5mWNsNiM7OVRdsl6DJR5LTUChq42fVbU-2Fr1jlwSSZ3yR3k4ycwZTS0QkKayVUGYhpHjV8vMdPHJwfZIZjeDvW59RoGHYuxr3UvsJzGHNk6gAvr6OuaH0vx6ZtLRw-2F0NLST5sMrn2kXHvdALOtTEjnQ-3D-3D

To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtwvLNyXEpALHHKXqGKvroUY-2B5eztdplfpZl4XbRHqpmm-2BR-2BBcRGtjksJzkppkELCz2qJaMgx3MEPa5W36y4ulRSlhcOiAc0lsLanJeQVrTf9E0m-2Bl5ruY29IkebOmDsiu99OFO-2FOGVRupPXUKM1aYuG9NH79Bvn8nEUHlJSJHDDQ-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix where required.

Thanks

Bosco


On 10/12/17, 12:42 AM, "scan-ad...@coverity.com"  
wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

3 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 167552:  FindBugs: Correctness  (FB.GC_UNRELATED_TYPES)
/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java: 
1891 in 
org.apache.ranger.biz.ServiceDBStore.validatePolicyItems(java.util.List)()




*** CID 167552:  FindBugs: Correctness  (FB.GC_UNRELATED_TYPES)
/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java: 
1891 in 
org.apache.ranger.biz.ServiceDBStore.validatePolicyItems(java.util.List)()
1885 
1886if (policyItem.getGroups() != null && 
(policyItem.getGroups().contains(null) || policyItem.getGroups().contains(""))) 
{
1887isPolicyItemValid = false;
1888break;
1889}
1890 
>>> CID 167552:  FindBugs: Correctness  (FB.GC_UNRELATED_TYPES)
>>> String is incompatible with expected argument type 
org.apache.ranger.plugin.model.RangerPolicy$RangerPolicyItemAccess.
1891if 
(CollectionUtils.isEmpty(policyItem.getAccesses()) || 
policyItem.getAccesses().contains(null) || 
policyItem.getAccesses().contains("")) {
1892isPolicyItemValid = false;
1893break;
1894}
1895}
1896}

** CID 167551:  Control flow issues  (DEADCODE)

/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java:
 293 in 
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(java.util.Map,
 java.util.Map)()




*** CID 167551:  Control flow issues  (DEADCODE)

/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java:
 293 in 
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(java.util.Map,
 java.util.Map)()
287 Collection policyKeys   = policyResources == null ? 
null : policyResources.keySet();
288 booleankeysMatch= resourceKeys != null && 
policyKeys != null && CollectionUtils.isEqualCollection(resourceKeys, 
policyKeys);
289 
290 if (keysMatch) {
291 for (RangerResourceDef resourceDef : 
serviceDef.getResources()) {
292 String   resourceName   = 
resourceDef.getName();
>>> CID 167551:  Control flow issues  (DEADCODE)
>>> Execution cannot reach the expression "null" inside this statement: 
"resourceValues = ((resource...".
293 RangerPolicyResource resourceValues = resources == 
null ? null : resources.get(resourceName);
294 RangerPolicyResource policyValues   = 
policyResources == null ? null : policyResources.get(resourceName);
295 
296 if (resourceValues == null || 
CollectionUtils.isEmpty(resourceValues.getValues())) {
297 ret = (policyValues == null || 
CollectionUtils.isEmpty(policyValues.getValues()));
298 } else if (policyValues != null && 
CollectionUtils.isNotEmpty(policyValues.getValues())) {

** CID 167550:  Control flow issues  (DEADCODE)

/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java:
 253 in 
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(org.apache.ranger.plugin.policyengine.RangerAccessResource,
 java.util.Map)()




*** CID 167550:  Control flow issues  (DEADCODE)

/agents-common/src/main/java/org/apache/ranger/plugin/policyresourcematcher/RangerDefaultPolicyResourceMatcher.java:
 253 in 
org.apache.ranger.plugin.policyresourcematcher.RangerDefaultPolicyResourceMatcher.isCompleteMatch(org.apache.ranger.plugin.policyengine.RangerAccessResource,
 

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[NIKHIL PURBHE]

we wont be needing fix for this (CID 167355)  as we have already handled
CSRF in RangerCSRFPreventionFilter for PUT,POST and DELETE requests from UI.

On Thu, Oct 5, 2017 at 11:38 PM, Abhay Kulkarni 
wrote:

> Ranger contributors/committers,
>
> Please review and fix as appropriate.
>
> Thanks!
> -Abhay
>
> On 10/5/17, 12:44 AM, "scan-ad...@coverity.com" 
> wrote:
>
> >
> >Hi,
> >
> >Please find the latest report on new defect(s) introduced to Apache
> >Ranger found with Coverity Scan.
> >
> >1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
> >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> >recent build analyzed by Coverity Scan.
> >
> >New defect(s) Reported-by: Coverity Scan
> >Showing 1 of 1 defect(s)
> >
> >
> >** CID 167355:  High impact security  (CSRF)
> >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
> >in
> >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(
> javax.servlet.
> >http.HttpServletRequest, java.lang.Long)()
> >
> >
> >___
> ___
> >__
> >*** CID 167355:  High impact security  (CSRF)
> >/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
> >in
> >org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(
> javax.servlet.
> >http.HttpServletRequest, java.lang.Long)()
> >1139 }
> >1140
> >1141 @DELETE
> >1142 @Path("/secure/groups/id/{groupId}")
> >1143 @Produces({ "application/xml", "application/json" })
> >1144 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
>  CID 167355:  High impact security  (CSRF)
>  No CSRF protection was detected anywhere in this application. If
> this is not correct, please refer to the CSRF checker reference on how
> to specify it via checker option.
> >1145 public void deleteSingleGroupByGroupId(@Context
> >HttpServletRequest request, @PathParam("groupId") Long groupId) {
> >1146 String forceDeleteStr =
> >request.getParameter("forceDelete");
> >1147 boolean forceDelete = false;
> >1148 if (StringUtils.isNotEmpty(forceDeleteStr) &&
> >"true".equalsIgnoreCase(forceDeleteStr)) {
> >1149 forceDelete = true;
> >1150 }
> >
> >
> >___
> ___
> >__
> >To view the defects in Coverity Scan visit,
> >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-
> 2BWcWUl-2F-2BfV0V
> >05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-
> 2FGua3FsLRTF
> >ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-
> 2Fwh01uR5A1l1-2BVcR3oH7pU8UU
> >tymA61jLVPU8teODZcUnEX5B-2B5hX1eFAt8zyDkMf5MtEV28Pb4WsJ
> EO8N8Kfxc-2ByhjhR1q
> >MXymSicoD6FE0Xx-2Ba-2BwyEP1-2BYlAg8tBkmxe20hj-
> 2FwktsbrcOifoTUjZaLnqFkEP4eV
> >nJnYsYl-2BY7Fw6TM8FVssdZqtJYgThFTCu6NKtlAYJqGSZUma3Fnk-3D
> >
> >To manage Coverity Scan email notifications for
> >"akulka...@hortonworks.com", click
> >https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-
> 2BWcWUl-2F-2BfV0V
> >05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcj
> hdwy7bkx
> >0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGD
> Ix74O-2BWzK0Pb
> >pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-
> 2BVcR3oH7pU8UUtymA61jLVP
> >U8teODZcUnEX5B-2B5hX1eFAt8zyDkNjLEGz8ctryIMUA
> s1YwGqx3pLyLgLlMSPemMYFX-2FjZ
> >-2BgLVVAMkO15jBW1SDLKiLTHxoQM9wbbMoKO8RQX8NT7-
> 2FApHycHav1J274XVOSzaOHsuYRO
> >OQv2UY5NyZpyHapPo5xJCFCBZla3x0wJgIH21k-3D
> >
>
>


-- 



Regards,

Nikhil Purbhe

FW: New Defects reported by Coverity Scan for Apache Ranger

[Abhay Kulkarni]

Ranger contributors/committers,

Please review and fix as appropriate.

Thanks!
-Abhay

On 10/5/17, 12:44 AM, "scan-ad...@coverity.com" 
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 1 of 1 defect(s)
>
>
>** CID 167355:  High impact security  (CSRF)
>/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
>in 
>org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet.
>http.HttpServletRequest, java.lang.Long)()
>
>
>__
>__
>*** CID 167355:  High impact security  (CSRF)
>/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1145
>in 
>org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupId(javax.servlet.
>http.HttpServletRequest, java.lang.Long)()
>1139 }
>1140 
>1141 @DELETE
>1142 @Path("/secure/groups/id/{groupId}")
>1143 @Produces({ "application/xml", "application/json" })
>1144 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
 CID 167355:  High impact security  (CSRF)
 No CSRF protection was detected anywhere in this application. If
this is not correct, please refer to the CSRF checker reference on how
to specify it via checker option.
>1145 public void deleteSingleGroupByGroupId(@Context
>HttpServletRequest request, @PathParam("groupId") Long groupId) {
>1146 String forceDeleteStr =
>request.getParameter("forceDelete");
>1147 boolean forceDelete = false;
>1148 if (StringUtils.isNotEmpty(forceDeleteStr) &&
>"true".equalsIgnoreCase(forceDeleteStr)) {
>1149 forceDelete = true;
>1150 }
>
>
>__
>__
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UU
>tymA61jLVPU8teODZcUnEX5B-2B5hX1eFAt8zyDkMf5MtEV28Pb4WsJEO8N8Kfxc-2ByhjhR1q
>MXymSicoD6FE0Xx-2Ba-2BwyEP1-2BYlAg8tBkmxe20hj-2FwktsbrcOifoTUjZaLnqFkEP4eV
>nJnYsYl-2BY7Fw6TM8FVssdZqtJYgThFTCu6NKtlAYJqGSZUma3Fnk-3D
>
>To manage Coverity Scan email notifications for
>"akulka...@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pU8UUtymA61jLVP
>U8teODZcUnEX5B-2B5hX1eFAt8zyDkNjLEGz8ctryIMUAs1YwGqx3pLyLgLlMSPemMYFX-2FjZ
>-2BgLVVAMkO15jBW1SDLKiLTHxoQM9wbbMoKO8RQX8NT7-2FApHycHav1J274XVOSzaOHsuYRO
>OQv2UY5NyZpyHapPo5xJCFCBZla3x0wJgIH21k-3D
>

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix.

Thanks

Bosco


On 10/1/17, 1:07 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

3 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 167289:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()




*** CID 167289:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 373 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
367 null);
368 searchUtil.extractString(request, searchCriteria, 
"userRole", "UserRole", null);
369 if (CollectionUtils.isNotEmpty(userRolesList) && 
CollectionUtils.size(userRolesList) == 1 && 
userRolesList.get(0).equalsIgnoreCase(UserRoleParamName)) {
370 if 
(!(searchCriteria.getParamList().containsKey("name"))) {
371 searchCriteria.addParam("name", 
userName);
372 }
>>> CID 167289:  Null pointer dereferences  (FORWARD_NULL)
>>> Calling a method on null object "userName".
373 else if 
((searchCriteria.getParamList().containsKey("name")) && 
userName.contains((String) searchCriteria.getParamList().get("name"))) {
374 searchCriteria.addParam("name", 
userName);
375 }
376 else {
377 String randomString = new 
Random().toString();
378 searchCriteria.addParam("name", 
randomString);

** CID 167288:  Null pointer dereferences  (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()




*** CID 167288:  Null pointer dereferences  (REVERSE_INULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
351 
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + 
RangerAPIList.SEARCH_X_USERS + "\")")
352 public VXUserList searchXUsers(@Context HttpServletRequest 
request) {
353 String UserRoleParamName = RangerConstants.ROLE_USER;
354 SearchCriteria searchCriteria = 
searchUtil.extractCommonCriterias(
355 request, xUserService.sortFields);
356 String userName = null;
>>> CID 167288:  Null pointer dereferences  (REVERSE_INULL)
>>> Null-checking "request" suggests that it may be null, but it has 
already been dereferenced on all paths leading to the check.
357 if(request != null && request.getUserPrincipal() != 
null){
358 userName = request.getUserPrincipal().getName();
359 }
360 searchUtil.extractString(request, searchCriteria, 
"name", "User name",null);
361 searchUtil.extractString(request, searchCriteria, 
"emailAddress", "Email Address",
362 null);  

** CID 167287:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()




*** CID 167287:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 357 in 
org.apache.ranger.rest.XUserREST.searchXUsers(javax.servlet.http.HttpServletRequest)()
351 
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + 
RangerAPIList.SEARCH_X_USERS + "\")")
352 public VXUserList searchXUsers(@Context HttpServletRequest 
request) {
353 String UserRoleParamName = RangerConstants.ROLE_USER;
354 SearchCriteria searchCriteria = 

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[Fatima Khan]

Hi Abhay,
 I will look into it.


On 28-Sep-2017 8:48 pm, "Abhay Kulkarni"  wrote:

Contributors/Committers,

Please review and fix as appropriate.

Thanks!
-Abhay

On 9/28/17, 12:43 AM, "scan-ad...@coverity.com" 
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>6 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 1 of 1 defect(s)
>
>
>** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>
>
>__
>__
>*** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>385if (oldUserProfile != null && password != null
>386&& 
>password.equals(hiddenPasswordString))
{
>387vXPortalUser.setPassword(
oldUserProfile.getPassword());
>388}
>389 else if(password != null){
>390 validatePassword(vXUser);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>391 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>392
>vXPortalUser.setPassword(oldUserProfile.getPassword());
>393 }
>394 else if(oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP)
>395 {
>396vXPortalUser.setPassword(password);
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>444}
>445
>446// TODO I've to get the transaction log from here.
>447// There is nothing to log anything in XXUser so
far.
>448vXUser = xUserService.updateResource(vXUser);
>449vXUser.setUserRoleList(roleList);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>450 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP) {
>451vXUser.setPassword(password);
>452 }
>453 else if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>454 vXUser.setPassword(oldUserProfile.getPassword());
>455 }
>
>
>__
>__
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG
>asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t
>e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B
>gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D
>
>To manage Coverity Scan email notifications for
>"akulka...@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB
>PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC
>D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ
>KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D
>

FW: New Defects reported by Coverity Scan for Apache Ranger

[Abhay Kulkarni]

Contributors/Committers,

Please review and fix as appropriate.

Thanks!
-Abhay

On 9/28/17, 12:43 AM, "scan-ad...@coverity.com" 
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>6 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 1 of 1 defect(s)
>
>
>** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>
>
>__
>__
>*** CID 95505:(FORWARD_NULL)
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 391 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>385if (oldUserProfile != null && password != null
>386&& 
>password.equals(hiddenPasswordString)) {
>387
>vXPortalUser.setPassword(oldUserProfile.getPassword());
>388}
>389 else if(password != null){
>390 validatePassword(vXUser);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>391 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>392   
>vXPortalUser.setPassword(oldUserProfile.getPassword());
>393 }
>394 else if(oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP)
>395 {
>396vXPortalUser.setPassword(password);
>/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java: 450 in
>org.apache.ranger.biz.XUserMgr.updateXUser(org.apache.ranger.view.VXUser)(
>)
>444}
>445 
>446// TODO I've to get the transaction log from here.
>447// There is nothing to log anything in XXUser so far.
>448vXUser = xUserService.updateResource(vXUser);
>449vXUser.setUserRoleList(roleList);
 CID 95505:(FORWARD_NULL)
 Calling a method on null object "oldUserProfile".
>450 if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_APP) {
>451vXUser.setPassword(password);
>452 }
>453 else if (oldUserProfile.getUserSource() ==
>RangerCommonEnums.USER_EXTERNAL) {
>454 vXUser.setPassword(oldUserProfile.getPassword());
>455 }
>
>
>__
>__
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXG
>asFbgN1kDBPIpGYM3rLSYzmeG-2BYa7G8XDIAVjfLvpuAxZDAekPb7Ge-2BSV0V3UOxGH6fq7t
>e-2FBz9K3J-2BgMSVG-2FL-2B3b8wmTbrE5RlAh1Wx7Yj2PrpxopzDpFQBM6X-2BEGeMejc-2B
>gFYqieFfxz45obau1ECnoL6Zgv3JRtmS4o-2FC5Jl5P5hM89piOfkcF6zo-3D
>
>To manage Coverity Scan email notifications for
>"akulka...@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7qLxXGasFbgN1kDB
>PIpGYM3rLSYzmeG-2BYa7G8XDIAVjfHlwaVB9Raguih-2FwkcLjJA0mCtUkkDoj8F4HwxV4ZpC
>D-2FQeY7ix0A8aSjSvg-2FysIlBGXiCWYBVwryh4hjK562Q20-2BIvhXOzSXbKxEVV5aZLnfzJ
>KG64wXkL21sShFYAI7NY6s7J5F6xWpOzCARUum7g-3D
>

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[Colm O hEigeartaigh]

I'll fix the Knox test issues.

Colm.

On Fri, Sep 22, 2017 at 9:20 AM, Fatima Khan 
wrote:

> Hi Abhay,
> I will take care of all issues related to RoleBasedUserSearchUtil.java
> and TestRoleBasedUserSearchUtil.java.
>
>
> *Thanks & Regards ,*
>
> *Fatima Khan*
>
> On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarni  >
> wrote:
>
> > Contributors/Committers,
> >
> > Please review and fix as appropriate.
> >
> > Thanks!
> >
> > On 9/21/17, 12:35 AM, "scan-ad...@coverity.com"  >
> > wrote:
> >
> > >
> > >Hi,
> > >
> > >Please find the latest report on new defect(s) introduced to Apache
> > >Ranger found with Coverity Scan.
> > >
> > >9 new defect(s) introduced to Apache Ranger found with Coverity Scan.
> > >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> > >recent build analyzed by Coverity Scan.
> > >
> > >New defect(s) Reported-by: Coverity Scan
> > >Showing 9 of 9 defect(s)
> > >
> > >
> > >** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> > >/security-admin/src/main/java/org/apache/ranger/patch/
> > cliutil/RoleBasedUse
> > >rSearchUtil.java: 159 in
> > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> > getUsersBasedOnRol
> > >e(java.util.List)()
> > >
> > >
> > >___
> > ___
> > >__
> > >*** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> > >/security-admin/src/main/java/org/apache/ranger/patch/
> > cliutil/RoleBasedUse
> > >rSearchUtil.java: 159 in
> > >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> > getUsersBasedOnRol
> > >e(java.util.List)()
> > >153 }
> > >154 }
> > >155 }
> > >156 if (MapUtils.isEmpty(
> > >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) &&
> > >MapUtils.isEmpty(roleUserMap)) {
> > >157
>  System.out.println("users
> > >with given user role are not there");
> > >158 logger.error("users with
> > >given user role are not there");
> >  CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> > 
> > org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> > getUsersBasedOn
> > Role(List) invokes System.exit(...), which shuts down the entire
> > virtual machine.
> > >159 System.exit(1);
> > >160 } else {
> > >161 if
> > >(!MapUtils.isEmpty(roleSysAdminMap)) {
> > >162 for (String key
> :
> > >roleSysAdminMap.keySet()) {
> > >163
> > >System.out.println(roleSysAdminMap.get(key) + " : " + key);
> > >164 }
> > >
> > >** CID 167208:  Incorrect expression  (USELESS_CALL)
> > >
> > >
> > >___
> > ___
> > >__
> > >*** CID 167208:  Incorrect expression  (USELESS_CALL)
> > >/security-admin/src/test/java/org/apache/ranger/patch/
> > cliutil/TestRoleBase
> > >dUserSearchUtil.java: 89 in
> > >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.
> > TestGetUsersBa
> > >sedOnRole()()
> > >83
> > >84
> > >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
> > >85
> > >Mockito.when(xXPortalUserDao.findByRole(RangerConstants.
> > ROLE_SYS_ADMIN)).t
> > >henReturn(listXXPortalUser);
> > >86
> > >87
> > >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
> > >88
> >  CID 167208:  Incorrect expression  (USELESS_CALL)
> >  Calling
> > "(org.apache.ranger.db.RangerDaoManager)org.mockito.
> > Mockito.verify(daoM
> > gr).getXXPortalUser()" is only useful for its return value, which is
> > ignored.
> > >89Mockito.verify(daoMgr).getXXPortalUser();
> > >90
> > >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_
> > ADMIN)
> > >;
> > >91
> > >92} catch(Exception e) {
> > >93fail("test failed due to: " + e.getMessage());
> > >94}
> > >
> > >** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> > >/knox-agent/src/test/java/org/apache/ranger/services/
> > knox/RangerAdminClien
> > >tImpl.java: 63 in
> > >org.apache.ranger.services.knox.RangerAdminClientImpl.
> > getServicePoliciesIf
> > >Updated(long, long)()
> > >
> > >
> > >___
> > ___
> > >__
> > >*** CID 167207:  FindBugs: Internationalization
> (FB.DM_DEFAULT_ENCODING)
> > >/knox-agent/src/test/java/org/apache/ranger/services/
> > knox/RangerAdminClien
> > >tImpl.java: 63 in
> > 

Re: FW: New Defects reported by Coverity Scan for Apache Ranger

[Fatima Khan]

Hi Abhay,
I will take care of all issues related to RoleBasedUserSearchUtil.java
and TestRoleBasedUserSearchUtil.java.


*Thanks & Regards ,*

*Fatima Khan*

On Thu, Sep 21, 2017 at 9:19 PM, Abhay Kulkarni 
wrote:

> Contributors/Committers,
>
> Please review and fix as appropriate.
>
> Thanks!
>
> On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" 
> wrote:
>
> >
> >Hi,
> >
> >Please find the latest report on new defect(s) introduced to Apache
> >Ranger found with Coverity Scan.
> >
> >9 new defect(s) introduced to Apache Ranger found with Coverity Scan.
> >3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> >recent build analyzed by Coverity Scan.
> >
> >New defect(s) Reported-by: Coverity Scan
> >Showing 9 of 9 defect(s)
> >
> >
> >** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> >/security-admin/src/main/java/org/apache/ranger/patch/
> cliutil/RoleBasedUse
> >rSearchUtil.java: 159 in
> >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOnRol
> >e(java.util.List)()
> >
> >
> >___
> ___
> >__
> >*** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> >/security-admin/src/main/java/org/apache/ranger/patch/
> cliutil/RoleBasedUse
> >rSearchUtil.java: 159 in
> >org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOnRol
> >e(java.util.List)()
> >153 }
> >154 }
> >155 }
> >156 if (MapUtils.isEmpty(
> >roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) &&
> >MapUtils.isEmpty(roleUserMap)) {
> >157 System.out.println("users
> >with given user role are not there");
> >158 logger.error("users with
> >given user role are not there");
>  CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
> 
> org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.
> getUsersBasedOn
> Role(List) invokes System.exit(...), which shuts down the entire
> virtual machine.
> >159 System.exit(1);
> >160 } else {
> >161 if
> >(!MapUtils.isEmpty(roleSysAdminMap)) {
> >162 for (String key :
> >roleSysAdminMap.keySet()) {
> >163
> >System.out.println(roleSysAdminMap.get(key) + " : " + key);
> >164 }
> >
> >** CID 167208:  Incorrect expression  (USELESS_CALL)
> >
> >
> >___
> ___
> >__
> >*** CID 167208:  Incorrect expression  (USELESS_CALL)
> >/security-admin/src/test/java/org/apache/ranger/patch/
> cliutil/TestRoleBase
> >dUserSearchUtil.java: 89 in
> >org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.
> TestGetUsersBa
> >sedOnRole()()
> >83
> >84
> >Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
> >85
> >Mockito.when(xXPortalUserDao.findByRole(RangerConstants.
> ROLE_SYS_ADMIN)).t
> >henReturn(listXXPortalUser);
> >86
> >87
> >roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
> >88
>  CID 167208:  Incorrect expression  (USELESS_CALL)
>  Calling
> "(org.apache.ranger.db.RangerDaoManager)org.mockito.
> Mockito.verify(daoM
> gr).getXXPortalUser()" is only useful for its return value, which is
> ignored.
> >89Mockito.verify(daoMgr).getXXPortalUser();
> >90
> >Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_
> ADMIN)
> >;
> >91
> >92} catch(Exception e) {
> >93fail("test failed due to: " + e.getMessage());
> >94}
> >
> >** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >/knox-agent/src/test/java/org/apache/ranger/services/
> knox/RangerAdminClien
> >tImpl.java: 63 in
> >org.apache.ranger.services.knox.RangerAdminClientImpl.
> getServicePoliciesIf
> >Updated(long, long)()
> >
> >
> >___
> ___
> >__
> >*** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
> >/knox-agent/src/test/java/org/apache/ranger/services/
> knox/RangerAdminClien
> >tImpl.java: 63 in
> >org.apache.ranger.services.knox.RangerAdminClientImpl.
> getServicePoliciesIf
> >Updated(long, long)()
> >57 basedir = new File(".").getCanonicalPath();
> >58 }
> >59
> >60 java.nio.file.Path cachePath =
> >FileSystems.getDefault().getPath(basedir, "/src/test/resources/" +
> >cacheFilename);
> >61 byte[] cacheBytes = Files.readAllBytes(cachePath);
> >62

FW: New Defects reported by Coverity Scan for Apache Ranger

[Abhay Kulkarni]

Contributors/Committers,

Please review and fix as appropriate.

Thanks!

On 9/21/17, 12:35 AM, "scan-ad...@coverity.com" 
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>9 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 9 of 9 defect(s)
>
>
>** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 159 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>
>
>__
>__
>*** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 159 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>153 }
>154 }
>155 }
>156 if (MapUtils.isEmpty(
>roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) &&
>MapUtils.isEmpty(roleUserMap)) {
>157 System.out.println("users
>with given user role are not there");
>158 logger.error("users with
>given user role are not there");
 CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
 
org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOn
Role(List) invokes System.exit(...), which shuts down the entire
virtual machine.
>159 System.exit(1);
>160 } else {
>161 if
>(!MapUtils.isEmpty(roleSysAdminMap)) {
>162 for (String key :
>roleSysAdminMap.keySet()) {
>163   
>System.out.println(roleSysAdminMap.get(key) + " : " + key);
>164 }
>
>** CID 167208:  Incorrect expression  (USELESS_CALL)
>
>
>__
>__
>*** CID 167208:  Incorrect expression  (USELESS_CALL)
>/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBase
>dUserSearchUtil.java: 89 in
>org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.TestGetUsersBa
>sedOnRole()()
>83 
>84
>Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
>85
>Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_SYS_ADMIN)).t
>henReturn(listXXPortalUser);
>86 
>87
>roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
>88 
 CID 167208:  Incorrect expression  (USELESS_CALL)
 Calling 
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoM
gr).getXXPortalUser()" is only useful for its return value, which is
ignored.
>89Mockito.verify(daoMgr).getXXPortalUser();
>90
>Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ADMIN)
>;
>91 
>92} catch(Exception e) {
>93fail("test failed due to: " + e.getMessage());
>94}
>
>** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien
>tImpl.java: 63 in 
>org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf
>Updated(long, long)()
>
>
>__
>__
>*** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien
>tImpl.java: 63 in 
>org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf
>Updated(long, long)()
>57 basedir = new File(".").getCanonicalPath();
>58 }
>59 
>60 java.nio.file.Path cachePath =
>FileSystems.getDefault().getPath(basedir, "/src/test/resources/" +
>cacheFilename);
>61 byte[] cacheBytes = Files.readAllBytes(cachePath);
>62 
 CID 167207:  FindBugs: Internationalization
(FB.DM_DEFAULT_ENCODING)
 Found reliance on default encoding: new String(byte[]).
>63 return gson.fromJson(new String(cacheBytes),
>ServicePolicies.class);
>64 }
>65 
>66 public void grantAccess(GrantRevokeRequest request) throws
>Exception {
>67 
>68 }
>
>** CID 167206:  Incorrect expression  

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix if required.

Thanks

Bosco


On 9/14/17, 2:19 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

1 new defect(s) introduced to Apache Ranger found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 167104:  FindBugs: Bad practice  (FB.DM_EXIT)

/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java:
 138 in 
org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef()()




*** CID 167104:  FindBugs: Bad practice  (FB.DM_EXIT)

/security-admin/src/main/java/org/apache/ranger/patch/PatchForNifiResourceUpdateExclude_J10008.java:
 138 in 
org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef()()
132 RangerServiceDefValidator validator 
= validatorFactory.getServiceDefValidator(svcStore);
133 
validator.validate(dbNifiServiceDef, Action.UPDATE);
134 ret = 
svcStore.updateServiceDef(dbNifiServiceDef);
135 }
136 if (ret == null) {
137 logger.error("Error while updating 
" + EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME+ "service-def");
>>> CID 167104:  FindBugs: Bad practice  (FB.DM_EXIT)
>>> 
org.apache.ranger.patch.PatchForNifiResourceUpdateExclude_J10008.updateNifiServiceDef()
 invokes System.exit(...), which shuts down the entire virtual machine.
138 System.exit(1);
139 }
140 } catch (Exception e) {
141 logger.error("Error while updating " + 
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_NIFI_NAME + "service-def", e);
142 }
143 }
144 




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZs2qU5Gq3l8Fcz8-2B5uxZQ-2BkPW6pytVd-2Fe91b3vqcCqeRCKveZY3EnnJ6XPgF6gfKZfhxfUyMFFokJFkYvU4na3gVO9Fc1Q6r2NAtI5lSSCeZ7y4Dj29CaMGYkqe39A2IH0xSKo0A30WBExulPDkMwSXyRq9GGcLH3kIs7pn-2BdCzmg-3D-3D

To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZs2qU5Gq3l8Fcz8-2B5uxZQ-2Bk3yXYhMZupY4qVnjecJHFUcyds3n-2F3tqUt6xzkY2-2BftBjVlKjiIpZMVo4mDjxMYbzlFjQ3iQzDxPl5TtAD-2FZv3Z-2FJd-2BTik1yUvDlledWoIvESVtyAPih2qi75ctpYajAok-2B1ZzEEALf5SgOAOcPkeVQ-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Contributors please review and fix if required.

Thanks

Bosco


On 8/27/17, 12:56 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

1 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 166624:  High impact security  (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 
in 
org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest,
 java.lang.String)()




*** CID 166624:  High impact security  (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 1093 
in 
org.apache.ranger.rest.XUserREST.deleteSingleGroupByGroupName(javax.servlet.http.HttpServletRequest,
 java.lang.String)()
1087 }
1088 
1089 @DELETE
1090 @Path("/secure/groups/{groupName}")
1091 @Produces({ "application/xml", "application/json" })
1092 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
>>> CID 166624:  High impact security  (CSRF)
>>> No CSRF protection was detected anywhere in this application. If 
this is not correct, please refer to the CSRF checker reference on how to 
specify it via checker option.
1093 public void deleteSingleGroupByGroupName(@Context 
HttpServletRequest request, @PathParam("groupName") String groupName) {
1094 String forceDeleteStr = 
request.getParameter("forceDelete");
1095 boolean forceDelete = false;
1096 if (StringUtils.isNotEmpty(forceDeleteStr) && 
"true".equalsIgnoreCase(forceDeleteStr)) {
1097 forceDelete = true;
1098 }




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7m70hjcM3i0eUQMczf0ub4EVlpWB9LtD0opx1W3F4tFvmiX6ROKKk3fXLL5EztvOaJw5ZC9VI5a7bhA85XoUbSi6dUq4AXs8e0GSfMX9I5EyOSdZ-2F-2BtxjSkmexvEXJbcXif71iqDQWsxDjwTIs48nCmA-3D-3D

To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZtetDCTifpvpdzZTC5adb7mCGva22L4y4ksaNFDMHZhPOydej9m008BbA-2BI3PwavzKpZLBYSbQeFOGGSfIfgVtttYksc09X1LyW4Ds0JsDbVfdyeksgGAT3ehjoQknWYW5yRn5VG08d8ZDAQdSjEfaXTHn973nl6CKI6D58Lk37FQ-3D-3D

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Contributors/committers, please review and fix them. Thanks

Bosco


On 8/24/17, 12:54 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

5 new defect(s) introduced to Apache Ranger found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 166418:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427 
in 
org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy,
 javax.servlet.http.HttpServletRequest)()




*** CID 166418:  Null pointer dereferences  (FORWARD_NULL)
/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java: 1427 
in 
org.apache.ranger.rest.ServiceREST.createPolicy(org.apache.ranger.plugin.model.RangerPolicy,
 javax.servlet.http.HttpServletRequest)()
1421}
1422 
1423if(StringUtils.isNotEmpty(policyName)) {
1424
policy.setName(StringUtils.trim(policyName));
1425}
1426 
>>> CID 166418:  Null pointer dereferences  (FORWARD_NULL)
>>> Passing null pointer "updateIfExists" to "valueOf", which 
dereferences it.
1427if(Boolean.valueOf(updateIfExists)) {
1428RangerPolicy existingPolicy = 
null;
1429try {
1430
if(StringUtils.isNotEmpty(policy.getGuid())) {
1431existingPolicy 
= getPolicyByGuid(policy.getGuid());
1432}

** CID 166417:(FB.RC_REF_COMPARISON)

/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 
142 in 
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()

/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 
143 in 
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()

/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 
139 in 
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()




*** CID 166417:(FB.RC_REF_COMPARISON)

/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 
142 in 
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
136 && parentObjectId == 
xxServiceDef.getId()) {
137 vXTrxLogs.add(xTrxLog);
138 } else if (parentObjectClassType == 
AppConstants.CLASS_TYPE_XA_SERVICE
139 && parentObjectId != 
xxServiceDef.getId()) {
140 for (VXTrxLog vxTrxLog : 
trxLogList) {
141 if 
(parentObjectClassType == vxTrxLog.getObjectClassType()
>>> CID 166417:(FB.RC_REF_COMPARISON)
>>> Suspicious comparison of Long references.
142 && 
parentObjectId == vxTrxLog.getObjectId()
143 && 
vxTrxLog.getParentObjectId() == xxServiceDef.getId()) {
144 
vXTrxLogs.add(xTrxLog);
145 break;
146 }
147 }

/security-admin/src/main/java/org/apache/ranger/service/XTrxLogService.java: 
143 in 
org.apache.ranger.service.XTrxLogService.searchXTrxLogs(org.apache.ranger.common.SearchCriteria)()
137 vXTrxLogs.add(xTrxLog);
138 } else if (parentObjectClassType == 
AppConstants.CLASS_TYPE_XA_SERVICE
139 && parentObjectId != 
xxServiceDef.getId()) {
140 for (VXTrxLog vxTrxLog : 
trxLogList) {
141 if 

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Contributors/Committers, please review if any of your commit is giving these 
errors. And fix them if required.

Thanks

Bosco


On 8/13/17, 1:07 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

10 new defect(s) introduced to Apache Ranger found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)


** CID 166304:  Incorrect expression  (USELESS_CALL)




*** CID 166304:  Incorrect expression  (USELESS_CALL)
/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 851 
in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()()
845 Assert.assertEquals("user1", 
vxUserGroupTest.getXuserInfo().getName());
846 List result = vxUserGroupTest.getXgroupInfo();
847 List expected = new ArrayList();
848 expected.add(vXGroup1);
849 expected.add(vXGroup2);
850 Assert.assertTrue(result.containsAll(expected));
>>> CID 166304:  Incorrect expression  (USELESS_CALL)
>>> Calling 
"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoManager).getXXPortalUser()"
 is only useful for its return value, which is ignored.
851 Mockito.verify(daoManager).getXXPortalUser();
852 Mockito.verify(portalUser).findByLoginId(vXUser.getName());
853 Mockito.verify(daoManager).getXXPortalUserRole();
854 Mockito.verify(userDao).findXPortalUserRolebyXPortalUserId(
855 Mockito.anyLong());
856 

** CID 166303:  High impact security  (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in 
org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)()




*** CID 166303:  High impact security  (CSRF)
/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java: 178 in 
org.apache.ranger.rest.XUserREST.createXGroupUserFromMap(org.apache.ranger.view.VXGroupUserInfo)()
172 }
173 
174 @POST
175 @Path("/groups/groupinfo")
176 @Produces({ "application/xml", "application/json" })
177 @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
>>> CID 166303:  High impact security  (CSRF)
>>> No CSRF protection was detected anywhere in this application. If 
this is not correct, please refer to the CSRF checker reference on how to 
specify it via checker option.
178 public VXGroupUserInfo createXGroupUserFromMap(VXGroupUserInfo 
vXGroupUserInfo) {
179 return  
xUserMgr.createXGroupUserFromMap(vXGroupUserInfo);
180 }
181 
182 @POST
183 @Path("/secure/groups")

** CID 166302:  Exceptional resource leaks  (RESOURCE_LEAK)

/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
 908 in 
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()




*** CID 166302:  Exceptional resource leaks  (RESOURCE_LEAK)

/hive-agent/src/test/java/org/apache/ranger/services/hive/HIVERangerAuthorizerTest.java:
 908 in 
org.apache.ranger.services.hive.HIVERangerAuthorizerTest.testShowPrivileges()()
902 
903 @Test
904 public void testShowPrivileges() throws Exception {
905 String initialUrl = "jdbc:hive2://localhost:" + port;
906 Connection connection = 
DriverManager.getConnection(initialUrl, "admin", "admin");
907 Statement statement = connection.createStatement();
>>> CID 166302:  Exceptional resource leaks  (RESOURCE_LEAK)
>>> Variable "statement" going out of scope leaks the resource it 
refers to.
908 Assert.assertTrue(statement.execute("show grant user 
admin"));
909 statement.close();
910 }
911 

** CID 166301:  Incorrect expression  (USELESS_CALL)




*** CID 166301:  Incorrect expression  (USELESS_CALL)
/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java: 853 
in org.apache.ranger.biz.TestXUserMgr.test30CreateVXUserGroupInfo()()
847 List expected = 

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix.

Thanks

Bosco


On 8/6/17, 12:44 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 166171:  FindBugs: Multithreaded correctness  (FB.RU_INVOKE_RUN)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
 117 in org.apache.ranger.audit.provider.AuditProviderFactory.shutdown()()




*** CID 166171:  FindBugs: Multithreaded correctness  (FB.RU_INVOKE_RUN)

/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java:
 117 in org.apache.ranger.audit.provider.AuditProviderFactory.shutdown()()
111 /**
112  * call shutdown hook to provide a way to
113  * shutdown gracefully in addition to the ShutdownHook mechanism
114  */
115 public void shutdown() {
116 if (isInitDone() && jvmShutdownHook != null) {
>>> CID 166171:  FindBugs: Multithreaded correctness  (FB.RU_INVOKE_RUN)
>>> org.apache.ranger.audit.provider.AuditProviderFactory.shutdown() 
explicitly invokes run on a thread (did you mean to start it instead?).
117 jvmShutdownHook.run();
118 }
119 }
120 
121 public synchronized void init(Properties props, String appType) 
{
122 LOG.info("AuditProviderFactory: initializing..");

** CID 166170:  Control flow issues  (NESTING_INDENT_MISMATCH)

/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java:
 199 in org.apache.ranger.audit.destination.HDFSAuditDestination.flush()()




*** CID 166170:  Control flow issues  (NESTING_INDENT_MISMATCH)

/agents-audit/src/main/java/org/apache/ranger/audit/destination/HDFSAuditDestination.java:
 199 in org.apache.ranger.audit.destination.HDFSAuditDestination.flush()()
193 synchronized (this) {
194 if (ostream != null)
195 // 1) PrinterWriter 
does not have bufferring of its own so
196 // we need to flush its 
underlying stream
197 // 2) HDFS flush() does 
not really flush all the way to disk.
198 ostream.hflush();
>>> CID 166170:  Control flow issues  (NESTING_INDENT_MISMATCH)
>>> This  statement is indented to column 49, as if it were nested 
within the preceding parent statement, but it is not.
199 logger.info("Flush HDFS 
audit logs completed.");
200 }
201 } catch (IOException e) {
202 logger.error("Error on flushing log 
writer: " + e.getMessage() +
203  "\nException will be ignored. name=" + 
getName() + ", fileName=" + currentFileName);
204 }




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZv33XLds5st2CH16GjUjfPDIC28Lk2AlHQ2-2BKTWLfVhhV4FUtxSH-2BQ-2FYdiREYij94dL6Vnyx3h86Wdgpd9-2Fq10Q7jqbIroRL1-2FvMV-2FOO483ZsHqVoHPsly3MZ-2B-2F5WjaCjwhmF-2Fz5-2F2SRi18UKgQmkJsXC3iUEFy8HsU4Ji7c8e4TA-3D-3D

To manage Coverity Scan email notifications for "bo...@apache.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4HK0JLY-2BbZ-2FD0yvjg-2BbWSwquqqdEYtbR9nIDW-2BM81kI8TiABM2LsH3tiPfMWf-2FvOsjZSWngS5IRVC-2FH5Pl4zyaK1OE6Dh-2BhR6pXASEFJKZLM-3D_d04ZgyDzSjlwpjXIuOFYDNE6R93Lal83MDClQK32PZv33XLds5st2CH16GjUjfPDu9D6-2FiICYejLSuAywfM1j4jBCjl449cBsU7cKc1B6BCx-2BDSASW9dUTiEoAdcTj-2FAP-2FIcCKkeRevD-2FxKiZ5t5tTOtoT7TFe9DXg3C5TeI-2FuLIaHM-2BJrzyK5rxglD2SY0eVa0HwhK4xEM3-2F5x2-2FhNrZQ-3D-3D

FW: FW: New Defects reported by Coverity Scan for Apache Ranger

[peng.jianhua]

Ok. Thanks.










Jianhua Peng














FW: New Defects reported by Coverity Scan for Apache Ranger





Please review and fix. 

Thanks

Bosco


On 7/27/17, 1:45 AM, "scan-ad...@coverity.com" <scan-ad...@coverity.com> wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 166074:  Null pointer dereferences  (NULL_RETURNS)

/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java:
 1474 in 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal,
 org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()




*** CID 166074:  Null pointer dereferences  (NULL_RETURNS)

/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java:
 1474 in 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal,
 org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468 .getType())
1469 
1470 List msObjPrivs = 
mClient.list_privileges(
1471 principalName, principalType,
1472 this.getThriftHiveObjectRef(privObj))
1473 
>>> CID 166074:  Null pointer dereferences  (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474 for (HiveObjectPrivilege msObjPriv : msObjPrivs) {
1475 HivePrincipal resPrincipal = new HivePrincipal(
1476 msObjPriv.getPrincipalName(),
1477 
AuthorizationUtils.getHivePrincipalType(msObjPriv
1478 .getPrincipalType()))
1479 

** CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)

/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java:
 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()




*** CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)

/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java:
 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = 
RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP,
 RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT)
596 RangerHdfsPlugin.fileNameExtensionSeparator = 
RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP,
 RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR)
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = 
RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP,
 RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT)
598 
599 // Build random string of random length
600 byte[] bytes = new byte[1]
>>> CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes)
602 int count = bytes[0]
603 count = count < 56 ? 56 : count
604 count = count > 112 ? 112 : count
605 
606 String random = RandomStringUtils.random(count, 
"^@!%()-_+=@:'<>`~abcdefghijklmnopqrstuvwxyz01234567890")

FW: New Defects reported by Coverity Scan for Apache Ranger

[Don Bosco Durai]

Please review and fix. 

Thanks

Bosco


On 7/27/17, 1:45 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 166074:  Null pointer dereferences  (NULL_RETURNS)

/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java:
 1474 in 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal,
 org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()




*** CID 166074:  Null pointer dereferences  (NULL_RETURNS)

/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java:
 1474 in 
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.showPrivileges(org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrincipal,
 org.apache.hadoop.hive.ql.security.authorization.plugin.HivePrivilegeObject)()
1468.getType());
1469 
1470List msObjPrivs = 
mClient.list_privileges(
1471principalName, principalType,
1472
this.getThriftHiveObjectRef(privObj));
1473 
>>> CID 166074:  Null pointer dereferences  (NULL_RETURNS)
>>> Calling a method on null object "msObjPrivs".
1474for (HiveObjectPrivilege msObjPriv : 
msObjPrivs) {
1475HivePrincipal resPrincipal = new 
HivePrincipal(
1476
msObjPriv.getPrincipalName(),
1477
AuthorizationUtils.getHivePrincipalType(msObjPriv
1478
.getPrincipalType()));
1479 

** CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)

/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java:
 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()




*** CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)

/hdfs-agent/src/main/java/org/apache/ranger/authorization/hadoop/RangerHdfsAuthorizer.java:
 601 in org.apache.ranger.authorization.hadoop.RangerHdfsPlugin.init()()
595 RangerHdfsPlugin.hadoopAuthEnabled = 
RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_PROP,
 RangerHadoopConstants.RANGER_ADD_HDFS_PERMISSION_DEFAULT);
596 RangerHdfsPlugin.fileNameExtensionSeparator = 
RangerConfiguration.getInstance().get(RangerHdfsAuthorizer.RANGER_FILENAME_EXTENSION_SEPARATOR_PROP,
 RangerHdfsAuthorizer.DEFAULT_FILENAME_EXTENSION_SEPARATOR);
597 RangerHdfsPlugin.optimizeSubAccessAuthEnabled = 
RangerConfiguration.getInstance().getBoolean(RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_PROP,
 RangerHadoopConstants.RANGER_OPTIMIZE_SUBACCESS_AUTHORIZATION_DEFAULT);
598 
599 // Build random string of random length
600 byte[] bytes = new byte[1];
>>> CID 166073:  FindBugs: Bad practice  (FB.DMI_RANDOM_USED_ONLY_ONCE)
>>> Random object created and used only once.
601 new Random().nextBytes(bytes);
602 int count = bytes[0];
603 count = count < 56 ? 56 : count;
604 count = count > 112 ? 112 : count;
605 
606 String random = RandomStringUtils.random(count, 
"^

FW: New Defects reported by Coverity Scan for Apache Ranger

[Madhan Neethiraj]

Colm, Bhavik, Zsombor, Abhay,

As recent updaters of TestServiceREST.java, can you please review the following 
issues flagged by Coverity scan?

Thanks,
Madhan


On 6/11/17, 1:12 AM, "scan-ad...@coverity.com"  wrote:


Hi,

Please find the latest report on new defect(s) introduced to Apache Ranger 
found with Coverity Scan.

2 new defect(s) introduced to Apache Ranger found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 164568:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 
371 in org.apache.ranger.rest.TestServiceREST.test2updateServiceDef()()




*** CID 164568:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 
371 in org.apache.ranger.rest.TestServiceREST.test2updateServiceDef()()
365 public void test2updateServiceDef() throws Exception {
366 RangerServiceDef rangerServiceDef = rangerServiceDef();
367 
368 
Mockito.when(validatorFactory.getServiceDefValidator(svcStore))
369 .thenReturn(serviceDefValidator);
370 
>>> CID 164568:  Null pointer dereferences  (NULL_RETURNS)
>>> "anyObject" returns null (checked 0 out of 3 times).
371 Mockito.when(
372 
svcStore.updateServiceDef((RangerServiceDef) Mockito
373 
.anyObject())).thenReturn(rangerServiceDef);
374 
375 RangerServiceDef dbRangerServiceDef = serviceREST
376 .updateServiceDef(rangerServiceDef);

** CID 164567:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 
331 in org.apache.ranger.rest.TestServiceREST.test1createServiceDef()()




*** CID 164567:  Null pointer dereferences  (NULL_RETURNS)
/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java: 
331 in org.apache.ranger.rest.TestServiceREST.test1createServiceDef()()
325 public void test1createServiceDef() throws Exception {
326 RangerServiceDef rangerServiceDef = rangerServiceDef();
327 
328 
Mockito.when(validatorFactory.getServiceDefValidator(svcStore))
329 .thenReturn(serviceDefValidator);
330 
>>> CID 164567:  Null pointer dereferences  (NULL_RETURNS)
>>> "anyObject" returns null (checked 0 out of 3 times).
331 Mockito.when(
332 
svcStore.createServiceDef((RangerServiceDef) Mockito
333 
.anyObject())).thenReturn(rangerServiceDef);
334 
335 RangerServiceDef dbRangerServiceDef = serviceREST
336 .createServiceDef(rangerServiceDef);




To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTFft2V-2FOFC9o0P2e0-3D_LnAJ35ABvEvOrnniInKJw2EvFzzVWfd-2BYI3WJ8Im3vGLykd3jixR4gwMhd13bE1GMScgHH1AdhZ1pAXRa1-2FoQTbT9Vcaddrp-2BRtqYuXrQ4esVzcABVuPy38YT0PTDIqP68R3C2rD68G-2FJpndg8W1kWoEOX3RvA5I6Y6zp-2F8SCKD8XrFed3S54eousbGE6zwWTXivf-2BvlYhS0j4-2BcLSqadI0PCwGaQxJ1kJ6dCH11brk-3D

To manage Coverity Scan email notifications for 
"mneethi...@hortonworks.com", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq47mxskBQgxRJXpeEpoMwX0McAuDRyJUckvXbF17DhDLsPMLsQ8vjMxWA8prVpW8XFQLFUT1SyR1J0pL1yCZ20nVmr2nMWjTeARQKttMH-2FASk-3D_LnAJ35ABvEvOrnniInKJw2EvFzzVWfd-2BYI3WJ8Im3vGLykd3jixR4gwMhd13bE1GMScgHH1AdhZ1pAXRa1-2FoQQ0CEZkVLdYRzAr4kvhDYuagJ5ZrDOmJ4D-2FWCQDR9Z63-2FNP5eASnG929-2BcMpCQB-2B0wXgmbRYxrNtjVpKFkHl7pYqa2vI8pmrceflJUo2Pr6M11V7M6exwKRKOak3pDSTgT68e6SOTlK3PZfkFxqJE0k-3D