[sling-org-apache-sling-security] 02/06: SLING-4982 - NPE in ContentDispositionFilter

[ro...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.security-1.0.16
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git

commit 5842e4a6af2abbc4f1870c1bedb1cf960aa0abc7
Author: Antonio Sanso <as...@apache.org>
AuthorDate: Tue Sep 1 08:55:03 2015 +0000

    SLING-4982 - NPE in ContentDispositionFilter
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1700424 13f79535-47bb-0310-9956-ffa450edef68
---
 .../security/impl/ContentDispositionFilter.java    |  4 +-
 .../impl/ContentDispositionFilterTest.java         | 57 ++++++++++++++++++++++
 2 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
index 09f4424..96b2df0 100644
--- a/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ContentDispositionFilter.java
@@ -285,13 +285,13 @@ public class ContentDispositionFilter implements Filter {
             boolean jcrData = false;
             if (resource!= null) {
                 ValueMap props = resource.adaptTo(ValueMap.class);
-                if (props.containsKey(PROP_JCR_DATA) ) {
+                if (props != null && props.containsKey(PROP_JCR_DATA) ) {
                     jcrData = true;
                 } else {
                     Resource jcrContent = resource.getChild(JCR_CONTENT_LEAF);
                     if (jcrContent!= null) {
                         props = jcrContent.adaptTo(ValueMap.class);
-                        if (props.containsKey(PROP_JCR_DATA) ) {
+                        if (props != null && props.containsKey(PROP_JCR_DATA) ) {
                             jcrData = true;
                         }
                     }
diff --git a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
index f601135..49b1ae7 100644
--- a/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
+++ b/src/test/java/org/apache/sling/security/impl/ContentDispositionFilterTest.java
@@ -1474,4 +1474,61 @@ public class ContentDispositionFilterTest {
         
         Assert.assertTrue(result);
     }
+    
+    @Test
+    public void test_isJcrData6() throws Throwable {
+        contentDispositionFilter = new ContentDispositionFilter();
+        final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+        final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);       
+        final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+        
+        
+        final Resource resource = context.mock(Resource.class);
+        final ValueMap properties = context.mock(ValueMap.class);
+        
+        context.checking(new Expectations() {
+            {
+                allowing(resource).adaptTo(ValueMap.class);
+                will(returnValue(null));
+                allowing(resource).getChild(JCR_CONTENT_LEAF);
+                will(returnValue(null));
+            }
+        });     
+        
+        Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData",  new Class[]{Resource.class},new Object[]{resource});
+        
+        Assert.assertFalse(result);
+    }
+    
+    
+    @Test
+    public void test_isJcrData7() throws Throwable {
+        contentDispositionFilter = new ContentDispositionFilter();
+        final SlingHttpServletRequest request = context.mock(SlingHttpServletRequest.class);
+        final SlingHttpServletResponse response = context.mock(SlingHttpServletResponse.class);       
+        final ContentDispositionFilter.RewriterResponse rewriterResponse = contentDispositionFilter. new RewriterResponse(request, response);
+        
+        final Resource child = context.mock(Resource.class, "child");
+        final Resource resource = context.mock(Resource.class, "resource" );
+        final ValueMap properties = context.mock(ValueMap.class);
+        final ValueMap childPropoerties = context.mock(ValueMap.class, "childPropoerties");
+
+        
+        context.checking(new Expectations() {
+            {
+                allowing(resource).adaptTo(ValueMap.class);
+                will(returnValue(properties));
+                allowing(properties).containsKey(PROP_JCR_DATA);
+                will(returnValue(false));
+                allowing(resource).getChild(JCR_CONTENT_LEAF);
+                will(returnValue(child));
+                allowing(child).adaptTo(ValueMap.class);
+                will(returnValue(null));
+            }
+        });     
+        
+        Boolean result = (Boolean) PrivateAccessor.invoke(rewriterResponse,"isJcrData",  new Class[]{Resource.class},new Object[]{resource});
+        
+        Assert.assertFalse(result);
+    }
 }
\ No newline at end of file

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.