From 2220fd889e15c16d8855fa440697f34e78e4f035 Mon Sep 17 00:00:00 2001 From: Tuna Aksoy Date: Tue, 27 Jun 2017 16:35:51 +0100 Subject: [PATCH] RM-5346: Null pointers should not be dereferenced --- .../capability/RMAfterInvocationProvider.java | 10 ++++++++-- .../script/ApplyDodCertModelFixesGet.java | 9 +++++++++ .../script/ApplyFixMob1573Get.java | 4 ++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProvider.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProvider.java index 784ac9b778..92acabb7c3 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProvider.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/capability/RMAfterInvocationProvider.java @@ -37,6 +37,7 @@ import java.util.Map; import java.util.Set; import java.util.StringTokenizer; +import org.alfresco.error.AlfrescoRuntimeException; import org.alfresco.module.org_alfresco_module_rm.model.RecordsManagementModel; import org.alfresco.repo.search.SimpleResultSetMetaData; import org.alfresco.repo.search.impl.lucene.PagingLuceneResultSet; @@ -172,7 +173,12 @@ public class RMAfterInvocationProvider extends RMSecurityCommon } else if (StoreRef.class.isAssignableFrom(returnedObject.getClass())) { - return decide(authentication, object, config, nodeService.getRootNode((StoreRef) returnedObject)).getStoreRef(); + NodeRef rootNodeRef = decide(authentication, object, config, nodeService.getRootNode((StoreRef) returnedObject)); + if (rootNodeRef == null) + { + throw new AlfrescoRuntimeException("Root node reference of '" + returnedObject + "' is null."); + } + return rootNodeRef.getStoreRef(); } else if (NodeRef.class.isAssignableFrom(returnedObject.getClass())) { @@ -208,7 +214,7 @@ public class RMAfterInvocationProvider extends RMSecurityCommon } else { - if (logger.isDebugEnabled()) + if (logger.isDebugEnabled() && object.getClass() != null) { logger.debug("Uncontrolled object - access allowed for " + object.getClass().getName()); } diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyDodCertModelFixesGet.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyDodCertModelFixesGet.java index b22f92feb1..4814e083e3 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyDodCertModelFixesGet.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyDodCertModelFixesGet.java @@ -105,6 +105,15 @@ public class ApplyDodCertModelFixesGet extends DeclarativeWebScript } M2Model customModel = readCustomContentModel(); + if (customModel == null) + { + final String msg = "Custom content model could not be read"; + if (logger.isErrorEnabled()) + { + logger.error(msg); + } + throw new AlfrescoRuntimeException(msg); + } String customAspectName = ASPECT_CUSTOM_ASSOCIATIONS.toPrefixString(namespaceService); M2Aspect customAssocsAspect = customModel.getAspect(customAspectName); diff --git a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyFixMob1573Get.java b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyFixMob1573Get.java index d8dfabbd35..e4e28d66a7 100644 --- a/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyFixMob1573Get.java +++ b/rm-community/rm-community-repo/source/java/org/alfresco/module/org_alfresco_module_rm/script/ApplyFixMob1573Get.java @@ -83,6 +83,10 @@ public class ApplyFixMob1573Get extends DeclarativeWebScript public Map executeImpl(WebScriptRequest req, Status status, Cache cache) { M2Model customModel = readCustomContentModel(); + if (customModel == null) + { + throw new AlfrescoRuntimeException("Custom content model could not be read"); + } // Go through every custom reference defined in the custom model and make sure that it // has many-to-many multiplicity