STORM-3470: fix null dereference in SimpleSaslServer authentication

[nescohen]

Fixes a possible null dereference in the case that nid is null on line 183. Switch to using a more flexible method of comparison (Objects.compare()) which will correctly compare one null on one non-null or two null values.

[srdo]

Thanks for the contribution @nescohen. I think we should create an issue to track this, as it's fixing a bug. Otherwise it won't show up in release notes, and it won't be obvious which Storm releases have this issue.

[nescohen]

@srdo, sounds good. I can create a jira issue and update the pr accordingly. Thanks!

[Ethanlm]

Nice catch. Thanks for contribution

[nescohen]

@srdo, Hey just update the PR with the jira issue number :)

[nescohen]

Nice catch. Thanks for contribution

Yeah, No problem :) This issue was actually found by Muse, an exciting upcoming static analysis platform focusing on finding deep, hard-to-find bugs so that developers can spend their time doing the fun part of writing new code. It will be free for life for open source projects. Would you guys be interested in turning it on for Storm? I would be happy to get you an activation code.

[Ethanlm]

Nice catch. Thanks for contribution

Yeah, No problem :) This issue was actually found by Muse, an exciting upcoming static analysis platform focusing on finding deep, hard-to-find bugs so that developers can spend their time doing the fun part of writing new code. It will be free for life for open source projects. Would you guys be interested in turning it on for Storm? I would be happy to get you an activation code.

I am not familiar with this tool. It might worth to discuss it in the dev mailing list for this.

[Ethanlm]

Please also update your commit message to include the jira number. I can then merge it. Thanks

[nescohen]

Please also update your commit message to include the jira number. I can then merge it. Thanks

Done. No Problem!

[nescohen]

Nice catch. Thanks for contribution

Yeah, No problem :) This issue was actually found by Muse, an exciting upcoming static analysis platform focusing on finding deep, hard-to-find bugs so that developers can spend their time doing the fun part of writing new code. It will be free for life for open source projects. Would you guys be interested in turning it on for Storm? I would be happy to get you an activation code.

I am not familiar with this tool. It might worth to discuss it in the dev mailing list for this.

For sure, I will reach out there.

Just to give you some context, I don't know if you are familiar with open source static analysis tools Infer from facebook and error-prone from Google. They can provide some really helpful results, but the problem is that they were created for the most part by researchers, and they tend to be less than convenient to get working. At MuseDev, we have been working to create a platform that can take a lot of this burden off of the end user, as well as providing results from a suite of tools and aggregating them together.

[Ethanlm]

Cool Thanks for the information. I will definitely take a look when I get a chance.

[nescohen]

Cool Thanks for the information. I will definitely take a look when I get a chance.

@Ethanlm Awesome. Feel free to reach to me if you have any questions!