-
Notifications
You must be signed in to change notification settings - Fork 24.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix potential NPE in UsersTool #37660
Conversation
I found the first UserException thrown in #execute marked as dead code when accidentally switching this from a warning to an error. It looks like the output of FileUserPasswdStore.parseFile a line above shouldn't be wrapped into another map since its output can be null. Looking at Commit fab5e21 I wonder what changed this back? The history of this file is a bit unclear to me, but I think L225 should be changed.
Pinging @elastic/es-security |
@elasticmachine run the gradle build tests 2 |
@@ -221,7 +222,7 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th | |||
|
|||
Path file = FileUserPasswdStore.resolveFile(env); | |||
FileAttributesChecker attributesChecker = new FileAttributesChecker(file); | |||
Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(file, null, env.settings())); | |||
Map<String, char[]> users = FileUserPasswdStore.parseFile(file, null, env.settings()); | |||
if (users == null) { | |||
throw new UserException(ExitCodes.CONFIG, "Configuration file [" + file + "] is missing"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently this looks dead. Furthermore, FileUserPasswdStore.parseFile can return null which I think will then create an NPE in the HashMap ctor.
if (users == null) { | ||
throw new UserException(ExitCodes.CONFIG, "Configuration file [" + file + "] is missing"); | ||
} | ||
if (users.containsKey(username) == false) { | ||
throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist"); | ||
} | ||
final Hasher hasher = Hasher.resolve(XPackSettings.PASSWORD_HASHING_ALGORITHM.get(env.settings())); | ||
users = new HashMap<>(users); // make modifiable |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same approach as in L129
@elasticmachine run elasticsearch-ci/2 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Nice catch
@cbuescher this also looks like a issue in 6.x. Do you mind backporting to 6.x and 6.6? |
It looks like the output of FileUserPasswdStore.parseFile shouldn't be wrapped into another map since its output can be null. Doing this wrapping after the null check (which potentially raises an exception) instead.
It looks like the output of FileUserPasswdStore.parseFile shouldn't be wrapped into another map since its output can be null. Doing this wrapping after the null check (which potentially raises an exception) instead.
I found the first UserException thrown in #execute marked as dead code when
accidentally switching this from a warning to an error. It looks like the output
of FileUserPasswdStore.parseFile a line above shouldn't be wrapped into another
map since its output can be null. Looking at Commit fab5e21 I wonder what
changed this back? The history of this file is a bit unclear to me, but I think
L225 should be changed.