[jira] [Created] (GROOVY-11522) Possible Null Pointer Dereference in VariableScopeVisitor.java

Fri, 15 Nov 2024 01:22:49 -0800 

Zaki created GROOVY-11522:
-----------------------------

             Summary: Possible Null Pointer Dereference in 
VariableScopeVisitor.java
                 Key: GROOVY-11522
                 URL: https://issues.apache.org/jira/browse/GROOVY-11522
             Project: Groovy
          Issue Type: Bug
            Reporter: Zaki


h1. {color:#172b4d}Overview{color}

{color:#172b4d}In file: 
[*VariableScopeVisitor.java*|https://github.com/apache/groovy/blob/master/src/main/java/org/codehaus/groovy/classgen/VariableScopeVisitor.java#L649],
 there is a potential case of null pointer dereference. In method 
{{*visitFieldExpression*}} inside class {{{}*VariableScopeVisitor*{}}}, there 
is a call to {{*checkVariableContextAccess*}} which passes {{*variable*}} as a 
parameter and the {{*variable*}} object comes from 
{{{}*findVariableDeclaration(name)*{}}}, likely locating the variable using its 
name. 
{color}

 
{code:java}
    @Override
    public void visitFieldExpression(final FieldExpression expression) {
        String name = expression.getFieldName();
        //TODO: change that to get the correct scope
        Variable variable = findVariableDeclaration(name);
        checkVariableContextAccess(variable, expression);
    }{code}
Inside *checkVariableContextAccess* method *variable* is immediately referenced 
in the call *variable.isInStaticContext()* without any kind of null-checking.
{code:java}
    private void checkVariableContextAccess(final Variable variable, final 
Expression expression) {
        if (variable.isInStaticContext()) {
            ...
        }
    } {code}
But *findVariableDeclaration* returns null in cases where name equals super or 
this. In these cases *variable.isInStaticContext()* will cause 
{*}NullPointerException{*}.
{code:java}
private Variable findVariableDeclaration(final String name) {        
     if ("super".equals(name) || "this".equals(name)) return null;    
         ...                   
} {code}
 
h3. Sponsorship and Support

{color:#172b4d}This work is done by the security researchers from OpenRefactory 
and is supported by the [Open Source Security Foundation 
(OpenSSF)|https://openssf.org/]: [Project 
Alpha-Omega|https://alpha-omega.dev/]. Alpha-Omega is a project partnering with 
open source software project maintainers to systematically find new, 
as-yet-undiscovered vulnerabilities in open source code - and get them fixed - 
to improve global software supply chain security.{color}

{color:#172b4d}The bug is found by running the iCR tool by [OpenRefactory, 
Inc.|https://openrefactory.com/] and then manually triaging the results.{color}

 

 

 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to