UserAgentUtilImpl throws NPE when user-agent HTTP header is null

XMLWordPrintable

    • Type: Bug
    • Resolution: Fixed
    • Priority: Low
    • 4.1.2
    • Affects Version/s: 4.0.1
    • Component/s: None
    • Environment:

      4.0.1 on JAC

    • 4

      In the JAC logs there appear to be cases where users are hitting JAC with a null user-agent header. UserAgentUtilImpl does not check for null and throws an NPE.

      To reproduce:
      1) From the command-line, run:

      telnet <hostname> <port>

      2) Send the following command:

      GET http://<hostname>:<port>/secure/Dashboard.jspa HTTP/1.0

      You should get an error page back from JIRA and a stack trace in the logs.
      I'm not sure why users are sending requests with no user-agent, but it is possible that some web crawlers are doing so.

      The null user-agent value is retrieved by AccessKeyHelperImpl and passed to getUserAgentInfo in UserAgentImpl:

      AccessKeyHelperImpl.java

      51  final String userAgent = request.getHeader(BrowserUtils.USER_AGENT_HEADER);
52  final UserAgentUtil userAgentUtil = new UserAgentUtilImpl();
53  return userAgentUtil.getUserAgentInfo(userAgent);

      UserAgentUtilImpl.java

      12    public UserAgent getUserAgentInfo(String userAgent)
13    {
14        return new UserAgent(getBrowser(userAgent), getOS(userAgent));
15    }
...
86    private Browser getBrowser(String userAgent)
87    {
88        for (BrowserFamily browserFamily : BrowserFamily.values())
89        {
90            if (userAgent.contains(browserFamily.getUserAgentString()))

      Stack trace:

      2009-12-02 16:08:32,518 http-j2ee.jira.atlassian.com%2F127.0.0.101-8080-Processor95 ERROR anonymous 58111x207x105 74hiey 
http://jira.atlassian.com/secure/Dashboard.jspa [com.atlassian.velocity.Defau
ltVelocityManager] MethodInvocationException occurred getting message body from Velocity: java.lang.NullPointerException
java.lang.NullPointerException
        at com.atlassian.jira.util.UserAgentUtilImpl.getBrowser(UserAgentUtilImpl.java:90)
        at com.atlassian.jira.util.UserAgentUtilImpl.getUserAgentInfo(UserAgentUtilImpl.java:14)
        at com.atlassian.jira.web.util.AccessKeyHelperImpl.getUserAgent(AccessKeyHelperImpl.java:53)
        at com.atlassian.jira.web.util.AccessKeyHelperImpl.isAccessKeySafe(AccessKeyHelperImpl.java:31)
        at sun.reflect.GeneratedMethodAccessor420.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:234)
        at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:201)
        at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:175)
        at org.apache.velocity.runtime.parser.node.ASTReference.evaluate(ASTReference.java:307)
        at org.apache.velocity.runtime.parser.node.ASTExpression.evaluate(ASTExpression.java:45)
        at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:68)
        at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:230)
        at org.apache.velocity.runtime.directive.VelocimacroProxy.render(VelocimacroProxy.java:172)
        at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:114)
        at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:55)
        at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:70)
        at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:55)
        at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:70)
        at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:55)
        at org.apache.velocity.runtime.directive.Foreach.render(Foreach.java:166)
        at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:114)
        at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:55)
        at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:70)
        at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:230)
        at org.apache.velocity.Template.merge(Template.java:256)
        at org.apache.velocity.app.VelocityEngine.mergeTemplate(VelocityEngine.java:450)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:77)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:61)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:56)
        at com.atlassian.jira.web.component.AbstractWebComponent.getHtml(AbstractWebComponent.java:33)
        at com.atlassian.jira.web.component.webfragment.WebFragmentWebComponent.getHtml(WebFragmentWebComponent.java:48)
        at sun.reflect.GeneratedMethodAccessor430.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:234)
        at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:201)
        at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:175)
        at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:220)
        at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:230)
        at org.apache.velocity.Template.merge(Template.java:256)
        at org.apache.velocity.app.VelocityEngine.mergeTemplate(VelocityEngine.java:450)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:77)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:61)
        at com.atlassian.velocity.DefaultVelocityManager.getEncodedBody(DefaultVelocityManager.java:56)
        at com.atlassian.jira.plugin.JiraResourcedModuleDescriptor.getHtml(JiraResourcedModuleDescriptor.java:105)
        at com.atlassian.jira.plugin.navigation.TopNavigationModuleDescriptor.getTopNavigationHtml(TopNavigationModuleDescriptor.java:81)
        at com.atlassian.jira.plugin.navigation.DefaultPluggableTopNavigation.getHtml(DefaultPluggableTopNavigation.java:23)
        at org.apache.jsp.decorators.general_jsp._jspService(general_jsp.java:301)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:679)
        at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:584)
        at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:497)
        at com.opensymphony.module.sitemesh.filter.PageFilter.writeDecorator(PageFilter.java:173)
        at com.opensymphony.module.sitemesh.filter.PageFilter.applyDecorator(PageFilter.java:158)
        at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:62)
        at com.atlassian.jira.web.filters.SitemeshExcludePathFilter.doFilter(SitemeshExcludePathFilter.java:40)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.seraph.filter.SecurityFilter.doFilter(SecurityFilter.java:206)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.security.auth.trustedapps.filter.TrustedApplicationsFilter.doFilter(TrustedApplicationsFilter.java:98)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.seraph.filter.BaseLoginFilter.doFilter(BaseLoginFilter.java:131)
        at com.atlassian.jira.web.filters.JiraLoginFilter.doFilter(JiraLoginFilter.java:70)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
        at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter$1.doFilter(DelegatingPluginFilter.java:66)
        at com.atlassian.oauth.serviceprovider.internal.servlet.OAuthFilter.doFilter(OAuthFilter.java:69)
        at com.atlassian.plugin.servlet.filter.DelegatingPluginFilter.doFilter(DelegatingPluginFilter.java:74)
        at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:42)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.util.profiling.filters.ProfilingFilter.doFilter(ProfilingFilter.java:99)
        at com.atlassian.jira.web.filters.JIRAProfilingFilter.doFilter(JIRAProfilingFilter.java:16)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.jira.web.filters.ActionCleanupDelayFilter.doFilter(ActionCleanupDelayFilter.java:59)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.jira.web.filters.RequestCleanupFilter.doFilter(RequestCleanupFilter.java:53)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.johnson.filters.AbstractJohnsonFilter.doFilter(AbstractJohnsonFilter.java:72)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:350)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.gzipfilter.GzipFilter.doFilterInternal(GzipFilter.java:81)
        at com.atlassian.gzipfilter.GzipFilter.doFilter(GzipFilter.java:51)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.plugin.servlet.filter.IteratingFilterChain.doFilter(IteratingFilterChain.java:46)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:55)
        at com.atlassian.plugin.servlet.filter.ServletFilterModuleContainerFilter.doFilter(ServletFilterModuleContainerFilter.java:41)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.jira.web.filters.CurlyQuotesFilter.doFilter(CurlyQuotesFilter.java:24)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.core.filters.cache.AbstractCachingFilter.doFilter(AbstractCachingFilter.java:33)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.core.filters.encoding.AbstractEncodingFilter.doFilter(AbstractEncodingFilter.java:41)
        at com.atlassian.core.filters.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:31)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.atlassian.jira.startup.JiraStartupChecklistFilter.doFilter(JiraStartupChecklistFilter.java:72)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:874)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
        at java.lang.Thread.run(Thread.java:619)

              Assignee:
              metapoint
              Reporter:
              Penny Wyatt (On Leave to July 2021)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 12h
                  12h