Please take a look at how this sentence will cause a null pointer problem.

problem description

fortify tool scan prompt

the environmental background of the problems and what methods you have tried

The

code is scanned by the customer headquarters using the fortify tool, and the scanning strategy is unknown.

related codes 

    public static String simpleHttpMapRequest(String location, Map requestMap) {
        String resultString = "";

        SslContextFactory sslContextFactory = new SslContextFactory();
        HttpClient httpClient = new HttpClient(sslContextFactory);

        try {
            httpClient.start();
            Request request = httpClient.POST(location);
            if (requestMap != null) for (Object entryObj : requestMap.entrySet()) {
                Map.Entry requestEntry = (Map.Entry) entryObj;
                if(requestEntry!=null){
                    request.param(requestEntry.getKey() != null ? requestEntry.getKey().toString() : null,requestEntry.getValue() != null ? requestEntry.getValue().toString() : null);
                }
            }
            ContentResponse response = request.send();
            resultString = StringUtilities.toStringCleanBom(response.getContent());
        } catch (Exception e) {
            throw new BaseException("Error in http client request", e);
        } finally {
            try {
                httpClient.stop();
            } catch (Exception e) {
                logger.error("Error stopping http client", e);
            }
        }
        return resultString;
    }

what result do you expect? What is the error message actually seen? 

request.param(requestEntry.getKey() != null ? requestEntry.getKey().toString() : null,requestEntry.getValue() != null ? requestEntry.getValue().toString() : null);

I think there is no problem after checking it again and again with the context. Please take a look at it

.
Secure java
Aug.23,2021

in the end, if there is really nothing there, this result will be formed:
request.param (null);

if entryObj is null, it will NPE when it is forcefully converted to Map.Entry.

< hr >

the above random answer, did not look at the source code (cover your face), if there is really nothing wrong, it is a false alarm, this is very normal, code inspection tools can not guarantee 100% correct check, a lot of complex context references, tools are not aware of, idea sometimes false positives

request can't it be null ?

Previous: The problem of v-for cooperating with swiper in vue

Next: There is a problem accessing web pages with curl in linux!

css mysql arrays josn react html typescript webpack npm sass R objective-c .net sql-server jquery python-3.x angularjs django angular excel regex iphone ajax linux xml pandas vba spring database wordpress string wpf xcode windows bash postgresql oracle multithreading eclipse list firebase algorithm macos forms image scala visual-studio azure bootstrap spring-boot react-native python-2.7 docker performance function winforms matlab powershell apache dataframe api sqlite numpy rest shell selenium flutter dart maven loops qt swing android-studio csv express file class tensorflow sorting codeigniter perl
© 2021 CodesHelper
Advertising Contact us About us
Menu