Description
the ImportImpl code at line 275 is prone to NPE because EffectiveNodeType.getPropertyDefinition(String, int, boolean) may return null (in contrast to the second variant that throws ConstraintViolationException if no matching definition is found.
the code looks as follows:
EffectiveNodeType ent = effectiveNodeTypeProvider.getEffectiveNodeType(tree);
PropertyDefinition def = ent.getPropertyDefinition(pi.getName(), pi.getType(), pi.isUnknownMultiple());
if (def.isProtected()) {
...
}
proposed fix (adding a check for null):
EffectiveNodeType ent = effectiveNodeTypeProvider.getEffectiveNodeType(tree); PropertyDefinition def = ent.getPropertyDefinition(pi.getName(), pi.getType(), pi.isUnknownMultiple()); if (def == null) { throw new ConstraintViolationException("No matching property definition found for " + pi.getName()); } if (def.isProtected()) { ... }
i spotted the issue while writing an import test for OAK-8190 with property type mismatch.
Attachments
Issue Links
- blocks
-
OAK-8190 Dedicated authorization for system users
- Closed
- is related to
-
OAK-9436 Session.getImportContentHandler() adds new nodes/properties to transient space despite ConstraintViolationException
- Open
-
OAK-8218 ReadOnlyNodeTypeManager.isNodeType prone to NPE
- Closed
-
OAK-8216 Consistently add nullability annotations with spi.nodetype package and implementation
- Closed