it will freeze in the Sahara soon, won't it?
Also, does our coverity license/account allow for it?
On Fri, Sep 5, 2014 at 3:09 PM, sebgoa <run...@gmail.com> wrote:
>
> On Sep 5, 2014, at 3:00 PM, Daan Hoogland <daan.hoogl...@gmail.com> wrote:
>
> > H,
> >
> > We are not anywhere near perfect (or arguably good) but according to
> > coverity we are improving:
> > <q>
> > *3.17*
> > Defect Density
> > <q/> However:
> > <q>Defect changes since previous build dated Aug 29, 2014
> > *8* Newly detected
> > *0* Eliminated
> > </q> and <q>Defects by status for current build
> > *2,961*Total defects
> > *1,395*Outstanding
> > *75*Dismissed
> > *1,491*Fixed
> > </q> lets keep it up all.
> >
>
> FWIW, there is a coverity scan Travis Add-on …so technically we could run
> coverity on every commit…if everyone is bored and does not know what to do
> next :)
>
> >
> >
> > On Fri, Sep 5, 2014 at 2:07 PM, <scan-ad...@coverity.com> wrote:
> >
> >>
> >> Hi,
> >>
> >>
> >> Please find the latest report on new defect(s) introduced to cloudstack
> >> found with Coverity Scan.
> >>
> >> Defect(s) Reported-by: Coverity Scan
> >> Showing 8 of 8 defect(s)
> >>
> >>
> >> ** CID 1237195: Dereference null return value (NULL_RETURNS)
> >> /server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java: 305
> in
> >>
> org.apache.cloudstack.network.lb.CertServiceImpl.createCertResponse(com.cloud.network.dao.SslCertVO,
> >> java.util.List)()
> >>
> >> ** CID 1237196: Dereference null return value (NULL_RETURNS)
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 220 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 220 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >>
> >> ** CID 1237197: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 219 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >>
> >> ** CID 1232335: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucketObjectVersions(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucketObjectVersions(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >>
> >> ** CID 1232337: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucket(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >>
> >> ** CID 1232336: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >>
> >> ** CID 1232334: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >>
> >> ** CID 1232333: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >>
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1237195: Dereference null return value (NULL_RETURNS)
> >> /server/src/org/apache/cloudstack/network/lb/CertServiceImpl.java: 305
> in
> >>
> org.apache.cloudstack.network.lb.CertServiceImpl.createCertResponse(com.cloud.network.dao.SslCertVO,
> >> java.util.List)()
> >> 299 SslCertResponse response = new SslCertResponse();
> >> 300
> >> 301 Account account =
> >> _accountDao.findByIdIncludingRemoved(cert.getAccountId());
> >> 302 if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
> >> 303 // find the project
> >> 304 Project project =
> >> _projectMgr.findByProjectAccountIdIncludingRemoved(account.getId());
> >>>>> CID 1237195: Dereference null return value (NULL_RETURNS)
> >>>>> Calling a method on null object "project".
> >> 305 response.setProjectId(project.getUuid());
> >> 306 response.setProjectName(project.getName());
> >> 307 } else {
> >> 308 response.setAccountName(account.getAccountName());
> >> 309 }
> >> 310
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1237196: Dereference null return value (NULL_RETURNS)
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 220 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >> 214 public static String generateSAMLRequestSignature(String
> >> urlEncodedString, PrivateKey signingKey)
> >> 215 throws NoSuchAlgorithmException, SignatureException,
> >> InvalidKeyException, UnsupportedEncodingException {
> >> 216 String url = urlEncodedString + "&SigAlg=" +
> >> URLEncoder.encode(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1,
> >> HttpUtils.UTF_8);
> >> 217 Signature signature =
> Signature.getInstance("SHA1withRSA");
> >> 218 signature.initSign(signingKey);
> >> 219 signature.update(url.getBytes());
> >>>>> CID 1237196: Dereference null return value (NULL_RETURNS)
> >>>>> Dereferencing a pointer that might be null
> >> "org.opensaml.xml.util.Base64.encodeBytes(signature.sign(), 8)" when
> >> calling "java.net.URLEncoder.encode(java.lang.String,
> java.lang.String)".
> >> 220 return
> >> URLEncoder.encode(Base64.encodeBytes(signature.sign(),
> >> Base64.DONT_BREAK_LINES), HttpUtils.UTF_8);
> >> 221 }
> >> 222
> >> 223 public static KeyPair generateRandomKeyPair() throws
> >> NoSuchProviderException, NoSuchAlgorithmException {
> >> 224 Security.addProvider(new BouncyCastleProvider());
> >> 225 KeyPairGenerator keyPairGenerator =
> >> KeyPairGenerator.getInstance("RSA", "BC");
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 220 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >> 214 public static String generateSAMLRequestSignature(String
> >> urlEncodedString, PrivateKey signingKey)
> >> 215 throws NoSuchAlgorithmException, SignatureException,
> >> InvalidKeyException, UnsupportedEncodingException {
> >> 216 String url = urlEncodedString + "&SigAlg=" +
> >> URLEncoder.encode(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1,
> >> HttpUtils.UTF_8);
> >> 217 Signature signature =
> Signature.getInstance("SHA1withRSA");
> >> 218 signature.initSign(signingKey);
> >> 219 signature.update(url.getBytes());
> >>>>> CID 1237196: Dereference null return value (NULL_RETURNS)
> >>>>> Dereferencing a pointer that might be null
> >> "org.opensaml.xml.util.Base64.encodeBytes(signature.sign(), 8)" when
> >> calling "java.net.URLEncoder.encode(java.lang.String,
> java.lang.String)".
> >> 220 return
> >> URLEncoder.encode(Base64.encodeBytes(signature.sign(),
> >> Base64.DONT_BREAK_LINES), HttpUtils.UTF_8);
> >> 221 }
> >> 222
> >> 223 public static KeyPair generateRandomKeyPair() throws
> >> NoSuchProviderException, NoSuchAlgorithmException {
> >> 224 Security.addProvider(new BouncyCastleProvider());
> >> 225 KeyPairGenerator keyPairGenerator =
> >> KeyPairGenerator.getInstance("RSA", "BC");
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1237197: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
> >> /utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java: 219 in
> >>
> org.apache.cloudstack.utils.auth.SAMLUtils.generateSAMLRequestSignature(java.lang.String,
> >> java.security.PrivateKey)()
> >> 213
> >> 214 public static String generateSAMLRequestSignature(String
> >> urlEncodedString, PrivateKey signingKey)
> >> 215 throws NoSuchAlgorithmException, SignatureException,
> >> InvalidKeyException, UnsupportedEncodingException {
> >> 216 String url = urlEncodedString + "&SigAlg=" +
> >> URLEncoder.encode(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1,
> >> HttpUtils.UTF_8);
> >> 217 Signature signature =
> Signature.getInstance("SHA1withRSA");
> >> 218 signature.initSign(signingKey);
> >>>>> CID 1237197: Dm: Dubious method used (FB.DM_DEFAULT_ENCODING)
> >>>>> Found reliance on default encoding: String.getBytes()
> >> 219 signature.update(url.getBytes());
> >> 220 return
> >> URLEncoder.encode(Base64.encodeBytes(signature.sign(),
> >> Base64.DONT_BREAK_LINES), HttpUtils.UTF_8);
> >> 221 }
> >> 222
> >> 223 public static KeyPair generateRandomKeyPair() throws
> >> NoSuchProviderException, NoSuchAlgorithmException {
> >> 224 Security.addProvider(new BouncyCastleProvider());
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1232335: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucketObjectVersions(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232335: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucketObjectVersions(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232335: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1232337: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeGetBucket(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232337: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1232336: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232336: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1232334: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232334: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> *** CID 1232333: Cross-site scripting (XSS)
> >> /awsapi/src/com/cloud/bridge/service/S3RestServlet.java: 451 in
> >>
> com.cloud.bridge.service.controller.s3.S3BucketAction.executeListMultipartUploads(javax.servlet.http.HttpServletRequest,
> >> javax.servlet.http.HttpServletResponse)()
> >> 445
> >> 446 public static void endResponse(HttpServletResponse response,
> >> String content) {
> >> 447 try {
> >> 448 byte[] data = content.getBytes();
> >> 449 response.setContentLength(data.length);
> >> 450 OutputStream os = response.getOutputStream();
> >>>>> CID 1232333: Cross-site scripting (XSS)
> >>>>> Printing to HTML output.
> >> 451 os.write(data);
> >> 452 os.close();
> >> 453 } catch (Throwable e) {
> >> 454 logger.error("Unexpected exception " +
> e.getMessage(),
> >> e);
> >> 455 }
> >> 456 }
> >>
> >>
> >>
> >>
> ________________________________________________________________________________________________________
> >> To view the defects in Coverity Scan visit,
> >> http://scan.coverity.com/projects/943?tab=overview
> >>
> >> To unsubscribe from the email notification for new defects,
> >> http://scan5.coverity.com/cgi-bin/unsubscribe.py
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Daan
>
>
--
Daan
