-
-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bugfix] guard against NPE in securitymanager #5158
base: develop
Are you sure you want to change the base?
Conversation
@reinhapa unfortunately, our fix for the IdFunctionTest only worked on my local machine. |
if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) { | ||
final Subject effectiveUser = context.getEffectiveUser(); | ||
if (effectiveUser != null && ( | ||
realUser == null || !sameUserWithSameGroups(realUser, effectiveUser))) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
realUser
will never be null
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems to be possible, looking at the initial bug report in #4670
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If context.realUser returns null - then that indicates a serious bug elsewhere that needs to be solved. Changing the code here will only hide that bug and make it much harder to find!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
throw XPathexception instead ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would consider actually throwing a RuntimeException and shutting down - as at this point the security of the system is completely compromised
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try that and see if tests still pass
|
||
if (!sameUserWithSameGroups(context.getRealUser(), context.getEffectiveUser())) { | ||
final Subject effectiveUser = context.getEffectiveUser(); | ||
if (effectiveUser != null && ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be much cleaner to move the null check into the function sameUserWithSameGroups
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
subjectToXml(builder, context.getRealUser()); | ||
builder.endElement(); | ||
final Subject realUser = context.getRealUser(); | ||
if (realUser != null) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
realUser will never be null
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see comment above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
throw XPathException in this case?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A null value should not happen but... defensive programming in a complex application is not a too bad idea I'd say.
A log to detect the situation/throw exception ... both would be OK for me.
Move null check into function sameUserWithSameGroups.
@reinhapa It turned out that the same fix had to be applied to the other two tests for IdFunction as well. Now they all pass. 🎉 |
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
Description:
Reference:
supersedes #4671
fixes #4670
Type of tests: