ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Abhay Kulkarni <akulka...@hortonworks.com>
Subject FW: New Defects reported by Coverity Scan for Apache Ranger
Date Thu, 21 Sep 2017 15:49:42 GMT
Contributors/Committers,

Please review and fix as appropriate.

Thanks!

On 9/21/17, 12:35 AM, "scan-admin@coverity.com" <scan-admin@coverity.com>
wrote:

>
>Hi,
>
>Please find the latest report on new defect(s) introduced to Apache
>Ranger found with Coverity Scan.
>
>9 new defect(s) introduced to Apache Ranger found with Coverity Scan.
>3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
>recent build analyzed by Coverity Scan.
>
>New defect(s) Reported-by: Coverity Scan
>Showing 9 of 9 defect(s)
>
>
>** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 159 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 159 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>153                                                     }
>154                                             }
>155                                     }
>156                                     if (MapUtils.isEmpty(
>roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) &&
>MapUtils.isEmpty(roleUserMap)) {
>157                                             System.out.println("users
>with given user role are not there");
>158                                             logger.error("users with
>given user role are not there");
>>>>     CID 167209:  FindBugs: Bad practice  (FB.DM_EXIT)
>>>>     
>>>>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOn
>>>>Role(List) invokes System.exit(...), which shuts down the entire
>>>>virtual machine.
>159                                             System.exit(1);
>160                                     } else {
>161                                             if
>(!MapUtils.isEmpty(roleSysAdminMap)) {
>162                                                     for (String key :
>roleSysAdminMap.keySet()) {
>163               
>System.out.println(roleSysAdminMap.get(key) + " : " + key);
>164                                                     }
>
>** CID 167208:  Incorrect expression  (USELESS_CALL)
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167208:  Incorrect expression  (USELESS_CALL)
>/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBase
>dUserSearchUtil.java: 89 in
>org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.TestGetUsersBa
>sedOnRole()()
>83     
>84                
>Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
>85                
>Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_SYS_ADMIN)).t
>henReturn(listXXPortalUser);
>86     
>87                
>roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
>88     
>>>>     CID 167208:  Incorrect expression  (USELESS_CALL)
>>>>     Calling 
>>>>"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoM
>>>>gr).getXXPortalUser()" is only useful for its return value, which is
>>>>ignored.
>89                Mockito.verify(daoMgr).getXXPortalUser();
>90                
>Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ADMIN)
>;
>91     
>92            } catch(Exception e) {
>93                fail("test failed due to: " + e.getMessage());
>94            }
>
>** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien
>tImpl.java: 63 in 
>org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf
>Updated(long, long)()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167207:  FindBugs: Internationalization  (FB.DM_DEFAULT_ENCODING)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/RangerAdminClien
>tImpl.java: 63 in 
>org.apache.ranger.services.knox.RangerAdminClientImpl.getServicePoliciesIf
>Updated(long, long)()
>57                 basedir = new File(".").getCanonicalPath();
>58             }
>59     
>60             java.nio.file.Path cachePath =
>FileSystems.getDefault().getPath(basedir, "/src/test/resources/" +
>cacheFilename);
>61             byte[] cacheBytes = Files.readAllBytes(cachePath);
>62     
>>>>     CID 167207:  FindBugs: Internationalization
>>>>(FB.DM_DEFAULT_ENCODING)
>>>>     Found reliance on default encoding: new String(byte[]).
>63             return gson.fromJson(new String(cacheBytes),
>ServicePolicies.class);
>64         }
>65     
>66         public void grantAccess(GrantRevokeRequest request) throws
>Exception {
>67     
>68         }
>
>** CID 167206:  Incorrect expression  (USELESS_CALL)
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167206:  Incorrect expression  (USELESS_CALL)
>/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBase
>dUserSearchUtil.java: 132 in
>org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.TestValidateUs
>erAndFetchUserList()()
>126             
>Mockito.when(xXPortalUserDao.findByRole(Mockito.anyString())).thenReturn(l
>istXXPortalUser);
>127     
>128             roleBasedUserSearchUtil.validateUserAndFetchUserList();
>129             Mockito.verify(daoMgr,
>Mockito.atLeast(2)).getXXPortalUser();
>130             
>Mockito.verify(xXPortalUserDao).findByLoginId(Mockito.anyString());
>131             
>Mockito.verify(xUserService).getXUserByUserName(xxPortalUser.getLoginId())
>;
>>>>     CID 167206:  Incorrect expression  (USELESS_CALL)
>>>>     Calling 
>>>>"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoM
>>>>gr).getXXModuleDef()" is only useful for its return value, which is
>>>>ignored.
>132             Mockito.verify(daoMgr).getXXModuleDef();
>133             
>Mockito.verify(xXModuleDefDao).findAccessibleModulesByUserId(Mockito.anyLo
>ng(), Mockito.anyLong());
>134             
>Mockito.verify(userMgr).encrypt(Mockito.anyString(),Mockito.anyString());
>135             Mockito.verify(xXPortalUserDao,
>Mockito.atLeast(2)).findByRole(Mockito.anyString());
>136     
>137         }
>138     
>
>** CID 167205:  Incorrect expression  (USELESS_CALL)
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167205:  Incorrect expression  (USELESS_CALL)
>/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBase
>dUserSearchUtil.java: 129 in
>org.apache.ranger.patch.cliutil.TestRoleBasedUserSearchUtil.TestValidateUs
>erAndFetchUserList()()
>123             
>Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
>124             
>Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(Mockito.anyLong(
>), Mockito.anyLong())).thenReturn(permissionList);
>125             
>Mockito.when(userMgr.encrypt(Mockito.anyString(),Mockito.anyString())).the
>nReturn(currentEncryptedPassword);
>126             
>Mockito.when(xXPortalUserDao.findByRole(Mockito.anyString())).thenReturn(l
>istXXPortalUser);
>127     
>128             roleBasedUserSearchUtil.validateUserAndFetchUserList();
>>>>     CID 167205:  Incorrect expression  (USELESS_CALL)
>>>>     Calling 
>>>>"(org.apache.ranger.db.RangerDaoManager)org.mockito.Mockito.verify(daoM
>>>>gr, org.mockito.Mockito.atLeast(2)).getXXPortalUser()" is only useful
>>>>for its return value, which is ignored.
>129             Mockito.verify(daoMgr,
>Mockito.atLeast(2)).getXXPortalUser();
>130             
>Mockito.verify(xXPortalUserDao).findByLoginId(Mockito.anyString());
>131             
>Mockito.verify(xUserService).getXUserByUserName(xxPortalUser.getLoginId())
>;
>132             Mockito.verify(daoMgr).getXXModuleDef();
>133             
>Mockito.verify(xXModuleDefDao).findAccessibleModulesByUserId(Mockito.anyLo
>ng(), Mockito.anyLong());
>134             
>Mockito.verify(userMgr).encrypt(Mockito.anyString(),Mockito.anyString());
>
>** CID 167204:  Null pointer dereferences  (NULL_RETURNS)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/KnoxRangerTest.j
>ava: 151 in 
>org.apache.ranger.services.knox.KnoxRangerTest.createTopology()()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167204:  Null pointer dereferences  (NULL_RETURNS)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/KnoxRangerTest.j
>ava: 151 in 
>org.apache.ranger.services.knox.KnoxRangerTest.createTopology()()
>145         /**
>146          * Creates a topology that is deployed to the gateway
>instance for the test suite.
>147          * Note that this topology is shared by all of the test
>methods in this suite.
>148          * @return A populated XML structure for a topology file.
>149          */
>150         private static XMLTag createTopology() {
>>>>     CID 167204:  Null pointer dereferences  (NULL_RETURNS)
>>>>     Calling a method on null object
>>>>"org.apache.ranger.services.knox.KnoxRangerTest.ldapTransport.getAccept
>>>>or()".
>151             XMLTag xml = XMLDoc.newDocument( true )
>152                 .addRoot( "topology" )
>153                 .addTag( "gateway" )
>154                 .addTag( "provider" )
>155                 .addTag( "role" ).addText( "webappsec" )
>156                 .addTag("name").addText("WebAppSec")
>
>** CID 167203:  FindBugs: Bad practice
>(FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/KnoxRangerTest.j
>ava: 125 in 
>org.apache.ranger.services.knox.KnoxRangerTest.setupGateway()()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167203:  FindBugs: Bad practice
>(FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE)
>/knox-agent/src/test/java/org/apache/ranger/services/knox/KnoxRangerTest.j
>ava: 125 in 
>org.apache.ranger.services.knox.KnoxRangerTest.setupGateway()()
>119             config.setGatewayServicesDir(targetDir.getPath() +
>File.separator + "services");
>120     
>121             File topoDir = new File( config.getGatewayTopologyDir() );
>122             topoDir.mkdirs();
>123     
>124             File deployDir = new File(
>config.getGatewayDeploymentDir() );
>>>>     CID 167203:  FindBugs: Bad practice
>>>>(FB.RV_RETURN_VALUE_IGNORED_BAD_PRACTICE)
>>>>     Another occurrence here
>125             deployDir.mkdirs();
>126     
>127             File descriptor = new File( topoDir, "cluster.xml" );
>128             FileOutputStream stream = new FileOutputStream(
>descriptor );
>129             createTopology().toStream( stream );
>130             stream.close();
>
>** CID 167202:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 268 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.validateUserAndFet
>chUserList()()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167202:  FindBugs: Bad practice  (FB.DM_EXIT)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 268 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.validateUserAndFet
>chUserList()()
>262                                     logger.error("Getting User's List
>with the mentioned role failure. Detail:  \n",e);
>263                                     System.exit(1);
>264                             }
>265                     } else {
>266                             System.out.println("User does not exist
>in DB!!");
>267                             logger.error("User does not exist in DB");
>>>>     CID 167202:  FindBugs: Bad practice  (FB.DM_EXIT)
>>>>     Another occurrence here
>268                             System.exit(1);
>269                     }
>270             }
>
>** CID 167201:  FindBugs: Performance  (FB.WMI_WRONG_MAP_ITERATOR)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 173 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>
>
>__________________________________________________________________________
>______________________________
>*** CID 167201:  FindBugs: Performance  (FB.WMI_WRONG_MAP_ITERATOR)
>/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUse
>rSearchUtil.java: 173 in
>org.apache.ranger.patch.cliutil.RoleBasedUserSearchUtil.getUsersBasedOnRol
>e(java.util.List)()
>167                                                     for (String key :
>roleKeyAdminMap.keySet()) {
>168               
>System.out.println(roleKeyAdminMap.get(key) + " : " + key);
>169                                                     }
>170                                             }
>171                                             if
>(!MapUtils.isEmpty(roleUserMap)) {
>172                                                     for (String key :
>roleUserMap.keySet()) {
>>>>     CID 167201:  FindBugs: Performance  (FB.WMI_WRONG_MAP_ITERATOR)
>>>>     Another occurrence here
>173               
>System.out.println(roleUserMap.get(key) + " : " + key);
>174                                                     }
>175                                             }
>176                                             if
>(userRoleList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
>177               
>System.out.println("ROLE_SYS_ADMIN Total Count : " +
>roleSysAdminMap.size());
>178                                             }
>
>
>__________________________________________________________________________
>______________________________
>To view the defects in Coverity Scan visit,
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX11zsOWMf5dv3Q9Mogo-2FGua3FsLRTF
>ft2V-2FOFC9o0P2e0-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pM-2F
>BtyNXoM4dIBzKwHlbDYw5bsQYgnbUmUHQnzAV04-2F2xz-2FfZ-2BVjbh7vlB6nJK2NBqeybiJ
>WWdK66K2mzeUcqxy8ZTU4tC-2B-2BLIhUJbqctcbHdUNiLof6a-2FPdOttSUvrknbX90rT-2Bh
>Cxep13Mnm2vkrnwuonBGtRfRirTU-2BJRc-2BuU488-2BXbE-2B5uMJveoRThKNo-3D
>
>To manage Coverity Scan email notifications for
>"akulkarni@hortonworks.com", click
>https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V
>05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4rq896qxTW4IjcOjjCxcjhdwy7bkx
>0GaYF4jcZRTENcC8UedPeL4l2t0VBzV197ihjH14Ve5jAkEZTKufdAcDuKGDIx74O-2BWzK0Pb
>pXpwQLY-3D_eYGgfjRVvnymu7-2Fg39LOcg-2Fwh01uR5A1l1-2BVcR3oH7pM-2FBtyNXoM4dI
>BzKwHlbDYw5bsQYgnbUmUHQnzAV04-2F3tyQ0lMxHlzYVsCwh-2F90iyU254AUBBkyvH0W6mX3
>I3XgJbDfqeNmJNVTJrOEZ9bzZL4dfjrvISowcrcB5LjqqRS8no5UFDti7fsHevc3cgcFQ95cOq
>dmOixDFacCxxkEShFxwJtrNVpdXnWXt1OOEI-3D
>


Mime
View raw message