dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #23641
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 11519: Fixed nullpointer vulnerability in expressionservice
------------------------------------------------------------
revno: 11519
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-07-25 17:09:58 +0200
message:
Fixed nullpointer vulnerability in expressionservice
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/expression/DefaultExpressionService.java
dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/expression/ExpressionServiceTest.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/expression/DefaultExpressionService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/expression/DefaultExpressionService.java 2013-05-27 11:57:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/expression/DefaultExpressionService.java 2013-07-25 15:09:58 +0000
@@ -152,11 +152,25 @@
return null;
}
- final double denominatorValue = calculateExpression( generateExpression( indicator.getExplodedDenominatorFallback(), valueMap, constantMap, days, false ) );
+ final String numeratorExpression = generateExpression( indicator.getExplodedDenominatorFallback(), valueMap, constantMap, days, false );
+
+ if ( numeratorExpression == null )
+ {
+ return null;
+ }
+
+ final double denominatorValue = calculateExpression( numeratorExpression );
if ( !isEqual( denominatorValue, 0d ) )
{
- final double numeratorValue = calculateExpression( generateExpression( indicator.getExplodedNumeratorFallback(), valueMap, constantMap, days, false ) );
+ final String denominatorExpression = generateExpression( indicator.getExplodedNumeratorFallback(), valueMap, constantMap, days, false );
+
+ if ( denominatorExpression == null )
+ {
+ return null;
+ }
+
+ final double numeratorValue = calculateExpression( denominatorExpression );
final double annualizationFactor = period != null ? DateUtils.getAnnualizationFactor( indicator, period.getStartDate(), period.getEndDate() ) : 1d;
final double factor = indicator.getIndicatorType().getFactor();
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/expression/ExpressionServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/expression/ExpressionServiceTest.java 2013-05-27 11:07:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/expression/ExpressionServiceTest.java 2013-07-25 15:09:58 +0000
@@ -334,6 +334,18 @@
assertEquals( "12.0+5", expressionService.generateExpression( expressionD, valueMap, constantMap, 5, false ) );
assertEquals( "12.0*2.0", expressionService.generateExpression( expressionE, valueMap, constantMap, null, false ) );
}
+
+ @Test
+ public void testGenerateExpressionMapNullIfNoValues()
+ {
+ Map<DataElementOperand, Double> valueMap = new HashMap<DataElementOperand, Double>();
+
+ Map<String, Double> constantMap = new HashMap<String, Double>();
+
+ assertNull( expressionService.generateExpression( expressionA, valueMap, constantMap, null, true ) );
+ assertNull( expressionService.generateExpression( expressionD, valueMap, constantMap, 5, true ) );
+ assertNotNull( expressionService.generateExpression( expressionE, valueMap, constantMap, null, false ) );
+ }
@Test
public void testGetExpressionValue()
