In file: DeserializationModelCreator.java, class: DeserializationModelCreator, there is a method createObjectDeserializer that there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program. A developer should introduce null checks in the appropriate path or initialize the object explicitly.
Path of Possible Null Pointer Dereference
In file DeserializationModelCreator.java the following line of code (line 226)
invokes a method call of JsonbCreator class findByName
public CreatorModel findByName(String paramName) {
for (CreatorModel param : params) {
if (param.getName().equals(paramName)) {
return param;
}
}
return null;
}
which can return null which was not properly checked before referencing CreatorModel from DeserializationModelCreator.java (line 227)
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
Motivation
In file: DeserializationModelCreator.java, class: DeserializationModelCreator, there is a method createObjectDeserializer that there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program. A developer should introduce null checks in the appropriate path or initialize the object explicitly.
Path of Possible Null Pointer Dereference
In file DeserializationModelCreator.java the following line of code (line 226)
invokes a method call of
JsonbCreatorclassfindByNamewhich can return null which was not properly checked before referencing
CreatorModelfrom DeserializationModelCreator.java (line 227)Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.