CWE-157193 GenerateTasksInAssignmentAction failing with a

NullPointerException

src/main/java/com/compuware/ispw/restapi/HttpRequestExecution.java

@@ -17,12 +17,10 @@
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.List;
-
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509ExtendedTrustManager;
-
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpHost;
 import org.apache.http.HttpResponse;
@@ -34,14 +32,12 @@
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.protocol.BasicHttpContext;
 import org.apache.http.protocol.HttpContext;
-
 import com.cloudbees.plugins.credentials.CredentialsMatchers;
 import com.cloudbees.plugins.credentials.CredentialsProvider;
 import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
 import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
 import com.compuware.ispw.restapi.IspwRestApiRequest.DescriptorImpl;
 import com.compuware.ispw.restapi.IspwRestApiRequestStep.Execution;
-import com.compuware.ispw.restapi.action.GetSetInfoAction;
 import com.compuware.ispw.restapi.action.IAction;
 import com.compuware.ispw.restapi.action.IspwCommand;
 import com.compuware.ispw.restapi.auth.Authenticator;
@@ -51,18 +47,16 @@
 import com.compuware.ispw.restapi.util.ReflectUtils;
 import com.compuware.ispw.restapi.util.RequestAction;
 import com.compuware.ispw.restapi.util.RestApiUtils;
-import com.compuware.jenkins.common.configuration.HostConnection;
 import com.google.common.collect.Range;
 import com.google.common.io.ByteStreams;
-
 import hudson.AbortException;
 import hudson.CloseProofOutputStream;
 import hudson.EnvVars;
 import hudson.FilePath;
-import hudson.model.Item;
-import hudson.model.TaskListener;
 import hudson.model.AbstractBuild;
 import hudson.model.BuildListener;
+import hudson.model.Item;
+import hudson.model.TaskListener;
 import hudson.remoting.RemoteOutputStream;
 import hudson.security.ACL;
 import jenkins.security.MasterToSlaveCallable;
@@ -98,28 +92,19 @@ public class HttpRequestExecution extends MasterToSlaveCallable<ResponseContentS
 	// create poller for rest api request
 	static HttpRequestExecution createPoller(String setId,
 			IspwRestApiRequest http, EnvVars envVars,
-			AbstractBuild<?, ?> build, TaskListener taskListener) {
+			AbstractBuild<?, ?> build, TaskListener taskListener) throws AbortException {
 		return createPoller(setId, null, http, envVars, build, taskListener);
 	}
 
 	//create poller for rest api request
 	static HttpRequestExecution createPoller(String setId, WebhookToken webhookToken, IspwRestApiRequest http, EnvVars envVars,
-			AbstractBuild<?, ?> build, TaskListener taskListener) {
+			AbstractBuild<?, ?> build, TaskListener taskListener) throws AbortException {
 
 		PrintStream logger = taskListener.getLogger();
 		IAction action = ReflectUtils.createAction(IspwCommand.GetSetInfo, logger);
 
-		String cesUrl = StringUtils.EMPTY;
-		String cesIspwHost = StringUtils.EMPTY;
-
-		HostConnection hostConnection = RestApiUtils.getCesUrl(http.getConnectionId());
-		if (hostConnection != null) {
-			cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-
-			String host = StringUtils.trimToEmpty(hostConnection.getHost());
-			String port = StringUtils.trimToEmpty(hostConnection.getPort());
-			cesIspwHost = host + "-" + port;
-		}
+		String cesUrl = RestApiUtils.getCesUrl(http.getConnectionId());
+		String cesIspwHost = RestApiUtils.getIspwHostLabel(http.getConnectionId());
 
 		String cesIspwToken = RestApiUtils.getCesToken(http.getCredentialsId(), build.getParent());
 		if (RestApiUtils.isIspwDebugMode())
@@ -149,27 +134,18 @@ static HttpRequestExecution createPoller(String setId, WebhookToken webhookToken
 	//create poller for rest api request step
 	static HttpRequestExecution createPoller(String setId,
 			IspwRestApiRequestStep step, TaskListener taskListener,
-			Execution execution) {
+			Execution execution) throws AbortException {
 		return createPoller(setId, null, step, taskListener, execution);
 	}
 
 	//create poller for rest api request step
-	static HttpRequestExecution createPoller(String setId, WebhookToken webhookToken, IspwRestApiRequestStep step, TaskListener taskListener, Execution execution) {
+	static HttpRequestExecution createPoller(String setId, WebhookToken webhookToken, IspwRestApiRequestStep step, TaskListener taskListener, Execution execution) throws AbortException {
 
 		PrintStream logger = taskListener.getLogger();
 		IAction action = ReflectUtils.createAction(IspwCommand.GetSetInfo, logger);
 
-		String cesUrl = StringUtils.EMPTY;
-		String cesIspwHost = StringUtils.EMPTY;
-
-		HostConnection hostConnection = RestApiUtils.getCesUrl(step.getConnectionId());
-		if (hostConnection != null) {
-			cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-
-			String host = StringUtils.trimToEmpty(hostConnection.getHost());
-			String port = StringUtils.trimToEmpty(hostConnection.getPort());
-			cesIspwHost = host + "-" + port;
-		}
+		String cesUrl = RestApiUtils.getCesUrl(step.getConnectionId());
+		String cesIspwHost = RestApiUtils.getIspwHostLabel(step.getConnectionId());
 
 		String cesIspwToken = RestApiUtils.getCesToken(step.getCredentialsId(), execution.getProject());
 		if (RestApiUtils.isIspwDebugMode())
@@ -515,23 +491,13 @@ public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngi
 	}
 
 	public static HttpRequestExecution createTaskInfoPoller(String setId, IspwRestApiRequest http, EnvVars envVars,
-			AbstractBuild<?, ?> build, BuildListener taskListener)
+			AbstractBuild<?, ?> build, BuildListener taskListener) throws AbortException
 	{
 		PrintStream logger = taskListener.getLogger();
 		IAction action = ReflectUtils.createAction(IspwCommand.GetSetTaskList, logger);
 
-		String cesUrl = StringUtils.EMPTY;
-		String cesIspwHost = StringUtils.EMPTY;
-
-		HostConnection hostConnection = RestApiUtils.getCesUrl(http.getConnectionId());
-		if (hostConnection != null)
-		{
-			cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-
-			String host = StringUtils.trimToEmpty(hostConnection.getHost());
-			String port = StringUtils.trimToEmpty(hostConnection.getPort());
-			cesIspwHost = host + "-" + port;
-		}
+		String cesUrl = RestApiUtils.getCesUrl(http.getConnectionId());
+		String cesIspwHost = RestApiUtils.getIspwHostLabel(http.getConnectionId());
 
 		String cesIspwToken = RestApiUtils.getCesToken(http.getCredentialsId(), build.getParent());
 		if (RestApiUtils.isIspwDebugMode())
@@ -556,24 +522,14 @@ public static HttpRequestExecution createTaskInfoPoller(String setId, IspwRestAp
 
 	// create poller for rest api request step
 	public static HttpRequestExecution createTaskInfoPoller(String setId, IspwRestApiRequestStep step,
-			TaskListener taskListener, Execution execution)
+			TaskListener taskListener, Execution execution) throws AbortException
 	{
 
 		PrintStream logger = taskListener.getLogger();
 		IAction action = ReflectUtils.createAction(IspwCommand.GetSetTaskList, logger);
 
-		String cesUrl = StringUtils.EMPTY;
-		String cesIspwHost = StringUtils.EMPTY;
-
-		HostConnection hostConnection = RestApiUtils.getCesUrl(step.getConnectionId());
-		if (hostConnection != null)
-		{
-			cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-
-			String host = StringUtils.trimToEmpty(hostConnection.getHost());
-			String port = StringUtils.trimToEmpty(hostConnection.getPort());
-			cesIspwHost = host + "-" + port;
-		}
+		String cesUrl = RestApiUtils.getCesUrl(step.getConnectionId());
+		String cesIspwHost = RestApiUtils.getIspwHostLabel(step.getConnectionId());
 
 		String cesIspwToken = RestApiUtils.getCesToken(step.getCredentialsId(), execution.getProject());
 		if (RestApiUtils.isIspwDebugMode())

src/main/java/com/compuware/ispw/restapi/IspwRestApiRequest.java

@@ -10,15 +10,12 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
-
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.AncestorInPath;
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.QueryParameter;
-
 import com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel;
 import com.cloudbees.plugins.credentials.common.StandardCredentials;
 import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
@@ -39,10 +36,8 @@
 import com.compuware.ispw.restapi.util.HttpRequestNameValuePair;
 import com.compuware.ispw.restapi.util.ReflectUtils;
 import com.compuware.ispw.restapi.util.RestApiUtils;
-import com.compuware.jenkins.common.configuration.HostConnection;
 import com.google.common.base.Strings;
 import com.google.common.collect.Range;
-
 import hudson.EnvVars;
 import hudson.Extension;
 import hudson.FilePath;
@@ -353,22 +348,8 @@ public boolean perform(AbstractBuild<?, ?> build, Launcher launcher, BuildListen
 		if (RestApiUtils.isIspwDebugMode())
 			logger.println("...ispwAction=" + ispwAction + ", httpMode=" + httpMode);
 
-		String cesUrl = StringUtils.EMPTY;
-		String cesIspwHost = StringUtils.EMPTY;
-
-		HostConnection hostConnection = RestApiUtils.getCesUrl(connectionId);
-		if (hostConnection != null) {
-			cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-			if(!cesUrl.startsWith("http")) {
-				logger.println("Host connection does NOT contain a valid CES URL. Please re-configure in 'Manage Jenkins | Configure System | Compuware Configurations' section");
-				return false;
-			}
-
-
-			String host = StringUtils.trimToEmpty(hostConnection.getHost());
-			String port = StringUtils.trimToEmpty(hostConnection.getPort());
-			cesIspwHost = host + "-" + port;
-		}
+		String cesUrl = RestApiUtils.getCesUrl(connectionId);
+		String cesIspwHost = RestApiUtils.getIspwHostLabel(connectionId);
 
 		String cesIspwToken = RestApiUtils.getCesToken(credentialsId, build.getParent());
 

src/main/java/com/compuware/ispw/restapi/IspwRestApiRequestStep.java

@@ -31,7 +31,6 @@
 import com.compuware.ispw.restapi.util.HttpRequestNameValuePair;
 import com.compuware.ispw.restapi.util.ReflectUtils;
 import com.compuware.ispw.restapi.util.RestApiUtils;
-import com.compuware.jenkins.common.configuration.HostConnection;
 import hudson.EnvVars;
 import hudson.Extension;
 import hudson.FilePath;
@@ -379,23 +378,8 @@ protected ResponseContentSupplier run() throws Exception {
 			if(RestApiUtils.isIspwDebugMode())
 				logger.println("ispwAction=" + step.ispwAction + ", httpMode=" + step.httpMode);
 
-			String cesUrl = StringUtils.EMPTY;
-			String cesIspwHost = StringUtils.EMPTY;
-
-			HostConnection hostConnection = RestApiUtils.getCesUrl(step.connectionId);
-			if (hostConnection != null) {
-				cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
-
-				if(!cesUrl.startsWith("http")) {
-					String errorMsg = "Host connection does NOT contain a valid CES URL. Please re-configure in 'Manage Jenkins | Configure System | Compuware Configurations' section";
-					logger.println(errorMsg);
-					throw new IllegalStateException(new Exception(errorMsg));
-				}
-
-				String host = StringUtils.trimToEmpty(hostConnection.getHost());
-				String port = StringUtils.trimToEmpty(hostConnection.getPort());
-				cesIspwHost = host + "-" + port;
-			}
+			String cesUrl = RestApiUtils.getCesUrl(step.connectionId);
+			String cesIspwHost = RestApiUtils.getIspwHostLabel(step.connectionId);
 
 			String cesIspwToken = RestApiUtils.getCesToken(step.credentialsId, run.getParent());
 

src/main/java/com/compuware/ispw/restapi/util/RestApiUtils.java

@@ -4,6 +4,8 @@
 import static com.cloudbees.plugins.credentials.CredentialsMatchers.withId;
 import static com.cloudbees.plugins.credentials.CredentialsProvider.lookupCredentials;
 import java.io.PrintStream;
+import java.net.MalformedURLException;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -173,11 +175,59 @@ public static ListBoxModel buildConnectionIdItems(@AncestorInPath Jenkins contex
 		return model;
 	}
 
-	public static HostConnection getCesUrl(String connectionId) {
+	public static HostConnection getHostConnection(String connectionId) {
 		CpwrGlobalConfiguration globalConfig = CpwrGlobalConfiguration.get();
 		HostConnection hostConnection = globalConfig.getHostConnection(connectionId);
 		return hostConnection;
 	}
+
+	public static String getCesUrl(String connectionId) throws AbortException {
+
+		HostConnection hostConnection = getHostConnection(connectionId);
+
+		String cesUrl = StringUtils.trimToEmpty(hostConnection.getCesUrl());
+
+		if (!cesUrl.toLowerCase().startsWith("http")) {
+			throw new AbortException(
+					"Host connection does NOT contain a valid CES URL. Please re-configure in 'Manage Jenkins | Configure System | Compuware Configurations' section; CES URL="
+							+ cesUrl);
+		}
+
+		try
+		{
+			URL url = new URL(cesUrl);
+			String protocol = url.getProtocol();
+			String host = url.getHost();
+			int port = url.getPort();
+
+			if (port <= 0) {
+				if("http".equals(protocol.toLowerCase())) {
+					port = 80;
+				} else if("https".equals(protocol.toLowerCase())) {
+					port = 443;
+				}
+			}
+
+			cesUrl = protocol + "://" + host + ":" + port;
+		} catch (MalformedURLException x) {
+			throw new AbortException(
+					"Host connection does NOT contain a valid CES URL. Please re-configure in 'Manage Jenkins | Configure System | Compuware Configurations' section: "
+							+ x.getMessage() + "; CES URL=" + cesUrl);
+		}
+
+		return cesUrl;
+	}
+
+	public static String getIspwHostLabel(String connectionId) {
+		HostConnection hostConnection = getHostConnection(connectionId);
+
+		String host = StringUtils.trimToEmpty(hostConnection.getHost());
+		String port = StringUtils.trimToEmpty(hostConnection.getPort());
+
+		String cesIspwHost = host + "-" + port;
+
+		return cesIspwHost;
+	}
 
 	public static String getCesToken(String credentialsId, Item item) {
 		List<StringCredentials> creds =