WordPress-Android icon indicating copy to clipboard operation
WordPress-Android copied to clipboard
verified publisher icon wordpress-mobile

fix: potential null dereference on serviceId

Open rng70-or opened this issue 2 years ago β€’ 1 comments

In file: PublicizeTable.java there is the following code segment

if (serviceId == null && serviceId.isEmpty()) {
            return false;
        }

if the serviceId value is null then then logical if check result in NullPointerException due to && operator.

To Test:

Regression Notes

  1. Potential unintended areas of impact

    • null pointer dereference

  2. What I did to test those areas of impact (or what existing automated tests I relied on)

    • The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.

  3. What automated tests I added (or what prevented me from doing so)

    • this is a potential null pointer which results due to inappropriate && operator in this specific case.

PR Submission Checklist:

  • [x] I have completed the Regression Notes.
  • [x] I have considered adding accessibility improvements for my changes.
  • [x] I have considered if this change warrants user-facing release notes and have added them to RELEASE-NOTES.txt if necessary.

UI Changes Testing Checklist:

  • [ ] Portrait and landscape orientations.
  • [ ] Light and dark modes.
  • [ ] Fonts: Larger, smaller and bold text.
  • [ ] High contrast.
  • [ ] Talkback.
  • [ ] Languages with large words or with letters/accents not frequently used in English.
  • [ ] Right-to-left languages. (Even if translation isn’t complete, formatting should still respect the right-to-left layout)
  • [ ] Large and small screen sizes. (Tablet and smaller phones)
  • [ ] Multi-tasking: Split screen and Pop-up view. (Android 10 or higher)

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.

The bug is found by running the iCR tool by OpenRefactory, Inc. and then manually triaging the results.

rng70-or avatar Dec 11 '23 10:12 rng70-or

Warnings
:warning: PR is not assigned to a milestone.

Generated by :no_entry_sign: dangerJS

peril-wordpress-mobile[bot] avatar Dec 11 '23 10:12 peril-wordpress-mobile[bot]

@ParaskP7 – would you be able to take a look at this?

Thanks!

jkmassel avatar Jul 09 '24 22:07 jkmassel

Sure think @jkmassel , will take a look at it today, thanks for the ping! πŸ‘

ParaskP7 avatar Jul 10 '24 06:07 ParaskP7

PS: Apologies for the long wait on that, but this is now done, merged, congrats on your contribution! πŸŽ‰ πŸš€ ❀️

ParaskP7 avatar Jul 10 '24 11:07 ParaskP7