Affects: v5.3.22
Description
Building a response with etags can result in a NullPointerException if the argument for etag is null. Surprisingly, HttpHeaders.setETag(@Nullable String etag) handles null arguments and is called in ResponseEntity.DefaultBuilder.eTag(String etag).
Sample Code
var response = ResponseEntity
.ok()
.eTag(null)
.body(body);Effected Code
|
public BodyBuilder eTag(String etag) { |
|
if (!etag.startsWith("\"") && !etag.startsWith("W/\"")) { |
|
etag = "\"" + etag; |
|
} |
|
if (!etag.endsWith("\"")) { |
|
etag = etag + "\""; |
|
} |
|
this.headers.setETag(etag); |
|
return this; |
|
} |
|
public void setETag(@Nullable String etag) { |
|
if (etag != null) { |
|
Assert.isTrue(etag.startsWith("\"") || etag.startsWith("W/"), |
|
"Invalid ETag: does not start with W/ or \""); |
|
Assert.isTrue(etag.endsWith("\""), "Invalid ETag: does not end with \""); |
|
set(ETAG, etag); |
|
} |
|
else { |
|
remove(ETAG); |
|
} |
|
} |
Solution
- Allow
null strings
- remove etag for
null strings (like HttpHeaders.setETag() already does)
Therefore it should be safe just to call HttpHeaders.setETag() for null values:
public BodyBuilder eTag(String etag) {
if (etag != null && !etag.startsWith("\"") && !etag.startsWith("W/\"")) {
etag = "\"" + etag;
}
if (etag != null && !etag.endsWith("\"")) {
etag = etag + "\"";
}
this.headers.setETag(etag);
return this;
}
Affects: v5.3.22
Description
Building a response with etags can result in a
NullPointerExceptionif the argument foretagisnull. Surprisingly,HttpHeaders.setETag(@Nullable String etag)handlesnullarguments and is called inResponseEntity.DefaultBuilder.eTag(String etag).Sample Code
Effected Code
spring-framework/spring-web/src/main/java/org/springframework/http/ResponseEntity.java
Lines 565 to 574 in b72ee5f
spring-framework/spring-web/src/main/java/org/springframework/http/HttpHeaders.java
Lines 1042 to 1052 in b72ee5f
Solution
nullstringsnullstrings (likeHttpHeaders.setETag()already does)Therefore it should be safe just to call
HttpHeaders.setETag()fornullvalues: