Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Null Pointer when using NullConfigurationProvider #83

Closed
ghost opened this issue Sep 7, 2017 · 0 comments
Closed

Null Pointer when using NullConfigurationProvider #83

ghost opened this issue Sep 7, 2017 · 0 comments

Comments

@ghost
Copy link

ghost commented Sep 7, 2017

If the configuration factory is set to NullConfigurationProviderFactory there is a null pointer exception when printing out the configuration.

java.lang.NullPointerException
at org.owasp.csrfguard.CsrfGuard.toString(CsrfGuard.java:497)
at org.owasp.csrfguard.CsrfGuardServletContextListener.printConfigIfConfigured(CsrfGuardServletContextListener.java:101)
at org.owasp.csrfguard.CsrfGuardServletContextListener.contextInitialized(CsrfGuardServletContextListener.java:86)

This is because NullConfigurationProvider returns NULL for getPrng()

public SecureRandom getPrng() {
return null;
}

and the rest of the code (including CsrfGuard.toString()) assumes getPrng() returns non-null.

However, I'm not sure if NullConfigurationProvider is still supported.

My use case:

I am integrating CSRFGuard with a project and would like to specify the csrfguard.properties file as an environment variable. I created a custom ConfigurationProvider (works great) but if I cannot read the given file I wanted to default to NullConfigurationProvider.

Because of this bug I will default to Overlay instead, which will do.

Is NullConfigurationProvider still supported?

Edit: added a PR just in case it is.

aramrami added a commit that referenced this issue May 13, 2019
…onprovider

Fixes #83 Null pointer when using NullConfigurationProvider
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants