fix JENKINS-63974 NPE when shutting down with CSRF

javamelody · Oct 18, 2020 · ced58bc · ced58bc
1 parent 5b01c0a
commit ced58bc
Showing 1 changed file with 12 additions and 10 deletions.
diff --git a/javamelody-core/src/main/java/net/bull/javamelody/internal/web/html/HtmlAbstractReport.java b/javamelody-core/src/main/java/net/bull/javamelody/internal/web/html/HtmlAbstractReport.java
@@ -195,17 +195,19 @@ static String htmlEncodeButNotSpace(String text) {
 	public static String getCsrfTokenUrlPart() {
 		if (CSRF_PROTECTION_ENABLED) {
 			final HttpSession currentSession = SessionListener.getCurrentSession();
-			String csrfToken = (String) currentSession
-					.getAttribute(SessionListener.CSRF_TOKEN_SESSION_NAME);
-			if (csrfToken == null) {
-				final byte[] bytes = new byte[16];
-				new SecureRandom().nextBytes(bytes);
-				csrfToken = new String(Base64Coder.encode(bytes));
-				// '+' would break in the url parameters
-				csrfToken = csrfToken.replace('+', '0').replace('/', '1');
-				currentSession.setAttribute(SessionListener.CSRF_TOKEN_SESSION_NAME, csrfToken);
+			if (currentSession != null) {
+				String csrfToken = (String) currentSession
+						.getAttribute(SessionListener.CSRF_TOKEN_SESSION_NAME);
+				if (csrfToken == null) {
+					final byte[] bytes = new byte[16];
+					new SecureRandom().nextBytes(bytes);
+					csrfToken = new String(Base64Coder.encode(bytes));
+					// '+' would break in the url parameters
+					csrfToken = csrfToken.replace('+', '0').replace('/', '1');
+					currentSession.setAttribute(SessionListener.CSRF_TOKEN_SESSION_NAME, csrfToken);
+				}
+				return "&amp;" + HttpParameter.TOKEN + '=' + csrfToken;
 			}
-			return "&amp;" + HttpParameter.TOKEN + '=' + csrfToken;
 		}
 		return "";
 	}