Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-69086

Servlet response redirect to mailto: URI schema causes NPE

    XMLWordPrintable

Details

    • Bug
    • Resolution: Timed out
    • Low
    • None
    • 7.13.1, 8.0.2
    • Java API
    • None

    Description

      Issue Summary

      A servlet in our product Vivid Trace for Jira is used to redirect the browser agent to various URLs. In the case where the browser is to receive a URI using the mailto: schema, Jira's code at RedirectInterceptingResponse.isPathInCurrentContext() causes a NullPointerException. The NPE arises because the code erroneously assumes a non-null value at an intermediate method invocation in both method calling chains, described below.

      It would be great if the fix makes it into all future Jira releases. (Kindly see suggested fix below).

      Steps to Reproduce

      Code sample to reproduce the bug:

      public class RedirectionServlet extends HttpServlet {

    @Override
    protected void doGet(
            final HttpServletRequest request,
                         final HttpServletResponse response
    ) throws ServletException, IOException {
        response.sendRedirect("mailto:blinky-bill@outback.au");
    }

}

      Expected Results

      Browser agent receives the redirect to the mailto: URI

      Actual Results

      Throws an NPE

      java.lang.NullPointerException
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.isPathInCurrentContext(RedirectInterceptingResponse.java:73) [?:?]
	at java.util.Optional.filter(Optional.java:178) [?:1.8.0_152]
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.locationWithinCurrentContext(RedirectInterceptingResponse.java:64) [?:?]
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.forward(RedirectInterceptingResponse.java:48) [?:?]
	at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.sendRedirect(RedirectInterceptingResponse.java:36) [?:?]
	at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) [servlet-api.jar:?]
	at com.atlassian.core.filters.HeaderSanitisingResponseWrapper.sendRedirect(HeaderSanitisingResponseWrapper.java:85) [atlassian-core-5.0.9.jar:?]
	at vivid.trace.servlets.RedirectionServlet.doGet(RedirectionServlet.java:40) [?:?]
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) [servlet-api.jar:?]
	[ ... remainder elided ... ]

      Notes

      • Bug not present in at least Jira version 6.3.13
      • Bug is expressed on at least Jira versions 7.13.1, 8.0.2

      Suggested fix

      Current Jira code that causes the NPE:

          private boolean isPathInCurrentContext(URI location) {
        final String contextPath = request.getContextPath();
        return location.getRawPath().startsWith(contextPath) || !location.getRawPath().startsWith("/");
    }

      Suggested fix:

          private boolean isPathInCurrentContext(URI location) {
        final String contextPath = request.getContextPath();
        final String rawPath = location.getRawPath();
        // NOTE: rawPath could be null.
        return rawPath != null && (rawPath.startsWith(contextPath) || !rawPath.startsWith("/"));
    }

      Workaround

      Currently, there is no known workaround for this behavior, however, a suggested fix is in place.

      Attachments

        Activity

          People

            Unassigned Unassigned
            iragudo Ian
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: