Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible Null Pointer Dereference in MustCallConsistencyAnalyzer.java #6878

Open
ZuhairORZaki opened this issue Oct 29, 2024 · 0 comments
Open

Comments

@ZuhairORZaki
Copy link

ZuhairORZaki commented Oct 29, 2024

Overview

In file: MustCallConsistencyAnalyzer.java, there is a potential case of null pointer dereference. In method incrementMustCallImpl inside class MustCallConsistencyAnalyzer, there is a call to TypesUtils.getTypeElement. Then getQualifiedName method is invoked on the supposedly returned TypeElement object.

  private void incrementMustCallImpl(TypeMirror type) {
    // only count uses of JDK classes, since that's what the paper reported
    if (!isJdkClass(TypesUtils.getTypeElement(type).getQualifiedName().toString())) {
      return;
    }
    checker.numMustCall++;
  }

But getTypeElement method of class TypesUtils can return null if the provided TypeMirror object doesn't correspond to a valid TypeElement object.

  public static @Nullable TypeElement getTypeElement(TypeMirror type) {
    Element element = ((Type) type).asElement();
    if (element == null) {
      return null;
    }
    if (ElementUtils.isTypeElement(element)) {
      return (TypeElement) element;
    }
    return null;
  }

If that happens it will cause a NullPointerException.

It is not immediately clear whether parameter type can always be converted to a TypeElement object when calling incrementMustCallImpl. In that case fixing it might seem unnecessary, but it is always recommended to not assume anything about data coming from outside a class.

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.

The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant