From 014fdc85a7e018df419aad3dce460f0e58d42f92 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 10 Nov 2013 16:40:15 -0500 Subject: Added null parameter checking. Some REST services have been modified to throw BadRequestException on null parameters. Ticket #749 --- .../com/netscape/cms/servlet/admin/GroupService.java | 16 ++++++++++++++++ .../com/netscape/cms/servlet/admin/UserService.java | 20 ++++++++++++++++++++ 2 files changed, 36 insertions(+) (limited to 'base/server/cms/src/com') diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java index 17c4387a3..065f93c8f 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/GroupService.java @@ -188,6 +188,8 @@ public class GroupService extends PKIService implements GroupResource { @Override public Response addGroup(GroupData groupData) { + if (groupData == null) throw new BadRequestException("Group data is null."); + String groupID = groupData.getID(); // ensure that any low-level exceptions are reported @@ -249,6 +251,8 @@ public class GroupService extends PKIService implements GroupResource { @Override public Response modifyGroup(String groupID, GroupData groupData) { + if (groupData == null) throw new BadRequestException("Group data is null."); + // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { @@ -346,6 +350,10 @@ public class GroupService extends PKIService implements GroupResource { @Override public GroupMemberData getGroupMember(String groupID, String memberID) { + + if (groupID == null) throw new BadRequestException("Group ID is null."); + if (memberID == null) throw new BadRequestException("Member ID is null."); + try { GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers)); processor.setUriInfo(uriInfo); @@ -362,6 +370,10 @@ public class GroupService extends PKIService implements GroupResource { @Override public Response addGroupMember(String groupID, String memberID) { + + if (groupID == null) throw new BadRequestException("Group ID is null."); + if (memberID == null) throw new BadRequestException("Member ID is null."); + GroupMemberData groupMemberData = new GroupMemberData(); groupMemberData.setID(memberID); groupMemberData.setGroupID(groupID); @@ -385,6 +397,10 @@ public class GroupService extends PKIService implements GroupResource { @Override public void removeGroupMember(String groupID, String memberID) { + + if (groupID == null) throw new BadRequestException("Group ID is null."); + if (memberID == null) throw new BadRequestException("Member ID is null."); + try { GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers)); processor.setUriInfo(uriInfo); diff --git a/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java b/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java index b32bf6756..c24154094 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java +++ b/base/server/cms/src/com/netscape/cms/servlet/admin/UserService.java @@ -256,6 +256,8 @@ public class UserService extends PKIService implements UserResource { @Override public Response addUser(UserData userData) { + if (userData == null) throw new BadRequestException("User data is null."); + IConfigStore cs = CMS.getConfigStore(); String userID = userData.getID(); @@ -380,6 +382,8 @@ public class UserService extends PKIService implements UserResource { @Override public Response modifyUser(String userID, UserData userData) { + if (userData == null) throw new BadRequestException("User data is null."); + // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures IConfigStore cs = CMS.getConfigStore(); @@ -598,6 +602,9 @@ public class UserService extends PKIService implements UserResource { @Override public UserCertData getUserCert(String userID, String certID) { + + if (certID == null) throw new BadRequestException("Certificate ID is null."); + try { if (userID == null) { log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID")); @@ -672,6 +679,8 @@ public class UserService extends PKIService implements UserResource { @Override public Response addUserCert(String userID, UserCertData userCertData) { + if (userCertData == null) throw new BadRequestException("Certificate data is null."); + // ensure that any low-level exceptions are reported // to the signed audit log and stored as failures try { @@ -870,6 +879,9 @@ public class UserService extends PKIService implements UserResource { @Override public void removeUserCert(String userID, String certID) { + if (userID == null) throw new BadRequestException("User ID is null."); + if (certID == null) throw new BadRequestException("Certificate ID is null."); + try { certID = URLDecoder.decode(certID, "UTF-8"); } catch (Exception e) { @@ -995,6 +1007,10 @@ public class UserService extends PKIService implements UserResource { @Override public Response addUserMembership(String userID, String groupID) { + + if (userID == null) throw new BadRequestException("User ID is null."); + if (groupID == null) throw new BadRequestException("Group ID is null."); + try { GroupMemberData groupMemberData = new GroupMemberData(); groupMemberData.setID(userID); @@ -1023,6 +1039,10 @@ public class UserService extends PKIService implements UserResource { @Override public void removeUserMembership(String userID, String groupID) { + + if (userID == null) throw new BadRequestException("User ID is null."); + if (groupID == null) throw new BadRequestException("Group ID is null."); + try { GroupMemberProcessor processor = new GroupMemberProcessor(getLocale(headers)); processor.setUriInfo(uriInfo); -- cgit