xoai icon indicating copy to clipboard operation
xoai copied to clipboard
verified publisher icon DSpace

Several potential NullPointerException bugs.

Open ITWOI opened this issue 6 years ago • 2 comments

Hi all,

Our tool has found several potential NPE bugs.

  1. In the statement filters.add(new ScopedFilter(context.getSet(setSpec).getCondition(), Scope.Set)); at line 168, context.getSet(setSpec) may return null according to its definition at line 110.

  2. Similar to 1, statements String until = request.getString(Until); and String from = request.getString(From); may return null according to the definition of method getString at line 112. The usage of variables until and ```from`` is as follows (from lines 92 to 97):

        String until = request.getString(Until);
        String from = request.getString(From);
        if (isTrueThat(until, is(not(nullValue())))
                && isTrueThat(from, is(not(nullValue())))
                && from.length() != until.length())
            throw new BadArgumentException("Distinct granularities provided for until and from parameters");
  1. The method formatForPrefix may return null. The following code in method createHeader may use the null because method canDisseminate :
        MetadataFormat format = getContext().formatForPrefix(parameters
                .getMetadataPrefix());
        if (!itemIdentifier.isDeleted() && !canDisseminate(itemIdentifier, format))
            throw new InternalOAIException("The item repository is currently providing items which cannot be disseminated with format "+format.getPrefix());

Note that method canDisseminate uses the argument format by return !format.hasCondition() || format.getCondition()...; at line 129

Thanks.

ITWOI avatar Nov 14 '19 06:11 ITWOI

Hi, we have reported the bugs a while ago would you please take a look and confirm if they are real bugs. We have been conducting an experiment to measure the accuracy of our static checker. We would be deeply appreciated if you can provide some feedback!

ITWOI avatar Nov 21 '19 10:11 ITWOI

@ITWOI : Apologies, but at this time the XOAI library is only maintained when a new DSpace release warrants a bug fix. That is why response here is rare. Unfortunately, at this time, all of our volunteer developers are concentrating on new overhaul of the DSpace software (to prepare for a v7 release). That means I expect very little attention will be paid to XOAI until that DSpace v7 development starts to ramp down sometime in 2020. In the meantime, bug tickets here may not receive a lot of attention, until a developer can be found with time to spend on these issues.

tdonohue avatar Nov 21 '19 22:11 tdonohue