Details
-
Bug
-
Resolution: Timed out
-
Low
-
None
-
7.13.1, 8.0.2
-
None
-
7.13
-
Severity 3 - Minor
-
Description
Issue Summary
A servlet in our product Vivid Trace for Jira is used to redirect the browser agent to various URLs. In the case where the browser is to receive a URI using the mailto: schema, Jira's code at RedirectInterceptingResponse.isPathInCurrentContext() causes a NullPointerException. The NPE arises because the code erroneously assumes a non-null value at an intermediate method invocation in both method calling chains, described below.
It would be great if the fix makes it into all future Jira releases. (Kindly see suggested fix below).
Steps to Reproduce
Code sample to reproduce the bug:
public class RedirectionServlet extends HttpServlet { @Override protected void doGet( final HttpServletRequest request, final HttpServletResponse response ) throws ServletException, IOException { response.sendRedirect("mailto:blinky-bill@outback.au"); } }
Expected Results
Browser agent receives the redirect to the mailto: URI
Actual Results
Throws an NPE
java.lang.NullPointerException at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.isPathInCurrentContext(RedirectInterceptingResponse.java:73) [?:?] at java.util.Optional.filter(Optional.java:178) [?:1.8.0_152] at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.locationWithinCurrentContext(RedirectInterceptingResponse.java:64) [?:?] at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.forward(RedirectInterceptingResponse.java:48) [?:?] at com.atlassian.web.servlet.plugin.request.RedirectInterceptingResponse.sendRedirect(RedirectInterceptingResponse.java:36) [?:?] at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:138) [servlet-api.jar:?] at com.atlassian.core.filters.HeaderSanitisingResponseWrapper.sendRedirect(HeaderSanitisingResponseWrapper.java:85) [atlassian-core-5.0.9.jar:?] at vivid.trace.servlets.RedirectionServlet.doGet(RedirectionServlet.java:40) [?:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) [servlet-api.jar:?] [ ... remainder elided ... ]
Notes
- Bug not present in at least Jira version 6.3.13
- Bug is expressed on at least Jira versions 7.13.1, 8.0.2
Suggested fix
Current Jira code that causes the NPE:
private boolean isPathInCurrentContext(URI location) { final String contextPath = request.getContextPath(); return location.getRawPath().startsWith(contextPath) || !location.getRawPath().startsWith("/"); }
Suggested fix:
private boolean isPathInCurrentContext(URI location) { final String contextPath = request.getContextPath(); final String rawPath = location.getRawPath(); // NOTE: rawPath could be null. return rawPath != null && (rawPath.startsWith(contextPath) || !rawPath.startsWith("/")); }
Workaround
Currently, there is no known workaround for this behavior, however, a suggested fix is in place.