knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kmin...@apache.org
Subject knox git commit: [KNOX-687] - Address new Coverity Scan issues
Date Mon, 14 Mar 2016 19:47:27 GMT
Repository: knox
Updated Branches:
  refs/heads/master 687dd1da9 -> 7edeac5d8


[KNOX-687] - Address new Coverity Scan issues


Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/7edeac5d
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/7edeac5d
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/7edeac5d

Branch: refs/heads/master
Commit: 7edeac5d80e161663fea14bafd4d7f662d25d767
Parents: 687dd1d
Author: Kevin Minder <kminder@apache.org>
Authored: Mon Mar 14 15:47:26 2016 -0400
Committer: Kevin Minder <kminder@apache.org>
Committed: Mon Mar 14 15:47:26 2016 -0400

----------------------------------------------------------------------
 .../filter/JWTAccessTokenAssertionFilter.java   |  7 +++++--
 .../jwt/filter/JWTAuthCodeAssertionFilter.java  | 13 +++++++-----
 .../apache/hadoop/gateway/GatewayServer.java    |  4 +++-
 .../gateway/deploy/DeploymentFactory.java       | 22 ++++++++++++++------
 .../impl/ApplicationDeploymentContributor.java  |  5 ++++-
 .../services/security/impl/JettySSLService.java |  9 +++++++-
 .../gateway/service/knoxsso/WebSSOResource.java | 13 +++++++++---
 7 files changed, 54 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
index 6db6f6c..b6efb63 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAccessTokenAssertionFilter.java
@@ -150,11 +150,14 @@ public class JWTAccessTokenAssertionFilter extends AbstractIdentityAssertionFilt
     JWTToken token = null;
     try {
       token = authority.issueToken(p, serviceName, "RS256", expires);
+      // Coverity CID 1327961
+      if( token != null ) {
+        accessToken = token.toString();
+      }
     } catch (TokenServiceException e) {
       log.unableToIssueToken(e);
     }
-    accessToken = token.toString();
-    
+
     return accessToken;
   }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
index 43ca88e..d15d727 100644
--- a/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
+++ b/gateway-provider-security-jwt/src/main/java/org/apache/hadoop/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.java
@@ -75,11 +75,14 @@ public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter
         
         HashMap<String, Object> map = new HashMap<String, Object>();
         // TODO: populate map from JWT authorization code
-        map.put("iss", authCode.getIssuer());
-        map.put("sub", authCode.getPrincipal());
-        map.put("aud", authCode.getAudience());
-        map.put("exp", authCode.getExpires());
-        map.put("code", authCode.toString());
+        // Coverity CID 1327960
+        if( authCode != null ) {
+          map.put( "iss", authCode.getIssuer() );
+          map.put( "sub", authCode.getPrincipal() );
+          map.put( "aud", authCode.getAudience() );
+          map.put( "exp", authCode.getExpires() );
+          map.put( "code", authCode.toString() );
+        }
         if (url != null) {
           map.put("tke", url);
         }

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java
index 947c53f..f902544 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/GatewayServer.java
@@ -289,7 +289,9 @@ public class GatewayServer {
       services.start();
       DeploymentFactory.setGatewayServices(services);
       server.start();
-      log.startedGateway( server.jetty.getURI().getPort() );
+      // Coverity CID 1352654
+      URI uri = server.jetty.getURI();
+      log.startedGateway( uri != null ? uri.getPort() : -1 );
       return server;
     }
   }

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/DeploymentFactory.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/DeploymentFactory.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/DeploymentFactory.java
index 4815595..d30cb33 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/DeploymentFactory.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/DeploymentFactory.java
@@ -559,15 +559,25 @@ public abstract class DeploymentFactory {
       if( application == null ) {
         String servletName = context.getTopology().getName() + SERVLET_NAME_SUFFIX;
         ServletType<WebAppDescriptor> servlet = findServlet( context, servletName );
-        servlet.createInitParam()
-            .paramName( GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_PARAM )
-            .paramValue( "/WEB-INF/" + GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_DEFAULT
);
+        // Coverity CID 1352314
+        if( servlet == null ) {
+          throw new DeploymentException( "Missing servlet " + servletName );
+        } else {
+          servlet.createInitParam()
+              .paramName( GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_PARAM )
+              .paramValue( "/WEB-INF/" + GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_DEFAULT
);
+        }
       } else {
         String servletName = context.getTopology().getName() + FILTER_NAME_SUFFIX;
         FilterType<WebAppDescriptor> filter = findFilter( context, servletName );
-        filter.createInitParam()
-            .paramName( GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_PARAM )
-            .paramValue( "/WEB-INF/" + GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_DEFAULT
);
+        // Coverity CID 1352313
+        if( filter == null ) {
+          throw new DeploymentException( "Missing filter " + servletName );
+        } else {
+          filter.createInitParam()
+              .paramName( GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_PARAM )
+              .paramValue( "/WEB-INF/" + GatewayServlet.GATEWAY_DESCRIPTOR_LOCATION_DEFAULT
);
+        }
       }
       if (gatewayServices != null) {
         gatewayServices.finalizeContribution(context);

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ApplicationDeploymentContributor.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ApplicationDeploymentContributor.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ApplicationDeploymentContributor.java
index 3f68ede..f93c38a 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ApplicationDeploymentContributor.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/deploy/impl/ApplicationDeploymentContributor.java
@@ -134,7 +134,10 @@ public class ApplicationDeploymentContributor extends ServiceDeploymentContribut
   private void contributeRewriteRules(DeploymentContext context, Service service) {
     if ( serviceRules != null ) {
       UrlRewriteRulesDescriptor clusterRules = context.getDescriptor("rewrite");
-      clusterRules.addRules(serviceRules);
+      // Coverity CID 1352312
+      if( clusterRules != null ) {
+        clusterRules.addRules( serviceRules );
+      }
     }
   }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
----------------------------------------------------------------------
diff --git a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
index 3d73c36..ac4bfa3 100644
--- a/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
+++ b/gateway-server/src/main/java/org/apache/hadoop/gateway/services/security/impl/JettySSLService.java
@@ -240,8 +240,15 @@ public class JettySSLService implements SSLService {
 
   private static KeyStore loadKeyStore( String fileName, String storeType, char[] storePass
) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
     KeyStore keystore = KeyStore.getInstance(storeType);
+    //Coverity CID 1352655
     InputStream is = new FileInputStream(fileName);
-    keystore.load( is, storePass );
+    try {
+      keystore.load( is, storePass );
+    } finally {
+      if( is != null ) {
+        is.close();
+      }
+    }
     return keystore;
   }
 

http://git-wip-us.apache.org/repos/asf/knox/blob/7edeac5d/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
index 5dcead1..1daa514 100644
--- a/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
+++ b/gateway-service-knoxsso/src/main/java/org/apache/hadoop/gateway/service/knoxsso/WebSSOResource.java
@@ -27,6 +27,7 @@ import javax.servlet.ServletContext;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import javax.ws.rs.GET;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -166,8 +167,10 @@ public class WebSSOResource {
 
     try {
       JWT token = ts.issueToken(p, "RS256", System.currentTimeMillis() + tokenTTL);
-
-      addJWTHadoopCookie(original, token);
+      // Coverity CID 1327959
+      if( token != null ) {
+        addJWTHadoopCookie( original, token );
+      }
 
       if (removeOriginalUrlCookie) {
         removeOriginalUrlCookie(response);
@@ -195,7 +198,11 @@ public class WebSSOResource {
 
     if (!enableSession) {
       // invalidate the session to avoid autologin
-      request.getSession(false).invalidate();
+      // Coverity CID 1352857
+      HttpSession session = request.getSession(false);
+      if( session != null ) {
+        session.invalidate();
+      }
     }
 
     return Response.seeOther(location).entity("{ \"redirectTo\" : " + original + " }").build();


Mime
View raw message