search

y1z2g3 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

DefaultHttpUtilies implementation throw nullpointer #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
The implementation of
DefaultHttpUtilities.decryptStateFromCookie(HttpServletRequest) throws a
NullPointerException.

If the request does not contain cookies with name "state" then the line:
- String encrypted = c.getValue(); 
will throw a NullPointerException as there is no value for c.

What version of the product are you using? On what operating system?
1.4, java 5

Please provide any additional information below.
A (temporary) workaround could be to do a check for cookies with name
"state" before calling the decryptStateFromCookie method. This would mean,
however, that the calling party should know how the cookies are stored in
the request. This is not desirable.

Original issue reported on code.google.com by thijs.vo...@gmail.com on 19 Nov 2008 at 10:57

GoogleCodeExporter commented 8 years ago 
Updated decryptStateFromCookie() to return an empty map any time there are no 
cookies or no matching cookies.

Original comment by planetlevel on 26 Nov 2008 at 6:54