dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 18961: Event import, removed nullpointer vulnerability

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Tue, 21 Apr 2015 11:31:30 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 18961
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-04-21 13:30:59 +0200
message:
  Event import, removed nullpointer vulnerability
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
  dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/AnnotationUtils.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2015-02-26 15:21:29 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2015-04-21 11:30:59 +0000
@@ -355,6 +355,11 @@
         return false;
     }
 
+    public static String getSafeUsername( User user )
+    {
+        return user != null && user.getUsername() != null ? user.getUsername() : "[Unknown]";
+    }
+    
     // -------------------------------------------------------------------------
     // Getters and setters
     // -------------------------------------------------------------------------

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java	2015-03-12 15:18:35 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java	2015-04-21 11:30:59 +0000
@@ -553,7 +553,7 @@
             dueDate = DateUtils.parseDate( event.getDueDate() );
         }
 
-        String storedBy = getStoredBy( event, null, currentUserService.getCurrentUsername() );
+        String storedBy = getStoredBy( event, null, currentUserService.getCurrentUser() );
 
         if ( event.getStatus() == EventStatus.ACTIVE )
         {
@@ -650,7 +650,7 @@
             return;
         }
 
-        saveTrackedEntityComment( programStageInstance, event, getStoredBy( event, null, currentUserService.getCurrentUsername() ) );
+        saveTrackedEntityComment( programStageInstance, event, getStoredBy( event, null, currentUserService.getCurrentUser() ) );
     }
 
     @Override
@@ -845,13 +845,13 @@
         return true;
     }
 
-    private String getStoredBy( Event event, ImportSummary importSummary, String defaultUsername )
+    private String getStoredBy( Event event, ImportSummary importSummary, User fallbackUser )
     {
         String storedBy = event.getStoredBy();
 
         if ( storedBy == null )
         {
-            storedBy = defaultUsername;
+            storedBy = User.getSafeUsername( fallbackUser );
         }
         else if ( storedBy.length() >= 31 )
         {
@@ -862,7 +862,7 @@
                         + " is more than 31 characters, using current username instead" ) );
             }
 
-            storedBy = defaultUsername;
+            storedBy = User.getSafeUsername( fallbackUser );
         }
         return storedBy;
     }
@@ -981,7 +981,7 @@
 
         Date dueDate = DateUtils.parseDate( event.getDueDate() );
 
-        String storedBy = getStoredBy( event, importSummary, user.getUsername() );
+        String storedBy = getStoredBy( event, importSummary, user );
 
         if ( !dryRun )
         {

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/AnnotationUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/AnnotationUtils.java	2015-04-21 11:06:32 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/AnnotationUtils.java	2015-04-21 11:30:59 +0000
@@ -43,7 +43,7 @@
      * annotation of the given class.
      * 
      * @param target the target object.
-     * @param annotationClass the annotation class.
+     * @param annotationType the annotation class type.
      * @return a list of methods annotated with the given annotation.
      */
     public static List<Method> getAnnotatedMethods( Object target, Class<? extends Annotation> annotationType )