- Notifications
You must be signed in to change notification settings - Fork38.6k
Description
Summary
In your repository (MAVENorg.springframework:spring-web @ 6.1.12), we have found a bug that may require your attention.
In file: AbstractNamedValueArgumentResolver.java, class: KotlinDelegate, method: hasDefaultValue, there is a potential Null pointer dereference at:
Line 341 in3476425
| Methodmethod =Objects.requireNonNull(parameter.getMethod()); |
In other places of the code (e.g.,
spring-framework/spring-core/src/main/java/org/springframework/core/MethodParameter.java
Line 513 ind79258a
| Methodmethod =getMethod(); |
spring-framework/spring-core/src/main/java/org/springframework/core/MethodParameter.java
Line 774 ind79258a
| Methodmethod =getMethod(); |
getMethod method was checked for null value. But if we put it directly insideObjects.requireNonNull, we may have an exception.A potential fix will be to replace the following line
Methodmethod =Objects.requireNonNull(parameter.getMethod());
with
Methodmethod =parameter.getMethod();if (method ==null) {returnfalse;}
Another option could be to useObjects.requireNonNullElse.
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by theOpen Source Security Foundation (OpenSSF):Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.