restapi: Fix NullPointerException when using follow parameters#1015
restapi: Fix NullPointerException when using follow parameters#1015Artemi10 wants to merge 1 commit intooVirt:masterfrom
Conversation
Artemi10
force-pushed
the
bugfix/link-follower
branch
from
ee41425 to
70ea21f
Compare
|
Nice work, and sorry for the long time until there was any response on this matter. The issueThe end user creates a bad request to which the engine can't respond. It returns a server error because internally there is a NullPointerException. Your solutionIgnore the bad request formed by the user and return the requested information without the follows. What should be doneIt should be best practice that you don't ignore the exception but rather capture it and report it as a WebFaultException with response status BAD_REQUEST. I am open to discussion about this, but hiding the issue does not feel like the appropriate response. |
This not fully correct. Main issue to solve here is to able to response for entities without followed objects (described case 2) But I agree with you. It is better to return Bad Request when there no linked entity with given name (case 1). |
Fix the first scenario where “The requested entity does not have the specified followed entity” so that it returns an exception with HTTP 400 (Bad Request).
|
| try { | ||
| linkFollower.followLinks(entity, linksTree); | ||
| } catch (IllegalStateException e) { | ||
| throw new WebFaultException(e, detail(e), Status.BAD_REQUEST); |
There was a problem hiding this comment.
How you are using this WebFaultException is incorrect.
Status.BAD_REQUEST should be Response.Status.BAD_REQUEST. also it should be best practice that the fault string that is thrown is localized by using the function localize(). Great start already but you should look into how it is used in other parts of the codebase.
JasperB-TeamBlue
left a comment
JasperB-TeamBlue
left a comment
There was a problem hiding this comment.
The WebFaultException should be improved to be localized and just general build of the exception. Otherwise agree on the way the problem is now being tackled.
|
Thanks for the feedback. I’ve updated the WebFaultException to use a localized message (INCORRECT_FOLLOW_LINK), following the existing pattern used in other parts of the codebase. The overall approach remains unchanged.
|
Artemi10
force-pushed
the
bugfix/link-follower
branch
from
21fada6 to
28b6a4a
Compare
|
Could you please rebase your 3 commits into one? And also update the commit msg to include information about the usage of the BAD_REQUEST return. |
Artemi10
force-pushed
the
bugfix/link-follower
branch
from
28b6a4a to
fd7b58c
Compare
|
Thanks for the feedback. |
| } | ||
|
|
||
| @Test | ||
| public void testFollowLinksIfFollowIsIncorrect() throws SecurityException, IllegalArgumentException { |
There was a problem hiding this comment.
The previous test in this suite did indeed declare throw SecurityException, IllegalArgumentException but since these two exceptions are unchecked because they derive from RunTimeException. Best practice is to not declare them.
There was a problem hiding this comment.
Agreed. Removed unnecessary throws declarations for unchecked exceptions from the tests introduced in this PR.
oVirt RESTful API may produce NullPointerException while processing requests that include follow parameters. This leads to Internal Server Error (500 status code) is returned to the client. Two specific scenarios were identified that can trigger this issue. 1. Non-existent followed entities: The requested entity does not have the specified followed entity. 2. Null followed entities: The followed entity exists in the model but is set to null. This change adds appropriate null checks to avoid the NPE. If the requested entity does not contain the specified followed entity, a WebFaultException with HTTP 400 (Bad Request) is returned. If the followed entity is null, the response is returned without the followed entity. Signed-off-by: Liakh Artemii <aliakh@orionsoft.ru>
Artemi10
force-pushed
the
bugfix/link-follower
branch
from
fd7b58c to
a3056b0
Compare
3 participants
oVirt RESTful API may produce NullPointerException while processing requests that include follow parameters. This leads to Internal Server Error (500 status code) is returned to the client.
Two specific scenarios were identified that can trigger this issue:
This fix adds appropriate null checks to ensure that followed entity exists in requested entity, and it is not null.
Changes introduced with this PR
Added check to ensure that getter method for the followed entity is not null
Added check to ensure that fetched followed entity is not null
Added tests covering both scenarios
Are you the owner of the code you are sending in, or do you have permission of the owner?
Yes