Examples of errors detected by the V6060 diagnostic
V6060. The reference was used before it was verified against null.
Bouncy Castle
V6060 [CWE-476] The 'params' reference was utilized before it was verified against null. Check lines: 27, 25. XMSSMTPrivateKeyParameters.java 27
private XMSSMTPrivateKeyParameters(Builder builder)
{
super(true, builder.params.getDigest().getAlgorithmName());
params = builder.params;
if (params == null)
{
throw new NullPointerException("params == null");
}
....
}
Similar errors can be found in some other places:
- V6060 [CWE-476] The 'clientCertificate' reference was utilized before it was verified against null. Check lines: 110, 99. MockTlsServer.java 110
- V6060 [CWE-476] The 'readCrl' reference was utilized before it was verified against null. Check lines: 2461, 2459. CertTest.java 2461
- V6060 [CWE-476] The 'serverCertificate' reference was utilized before it was verified against null. Check lines: 118, 107. MockTlsClient.java 118
- And 5 additional diagnostic messages.
Elasticsearch
V6060 The 'node' reference was utilized before it was verified against null. RestTasksAction.java(152), RestTasksAction.java(151)
private void buildRow(Table table, boolean fullId,
boolean detailed, DiscoveryNodes discoveryNodes,
TaskInfo taskInfo) {
....
DiscoveryNode node = discoveryNodes.get(nodeId);
....
// Node information. Note that the node may be null because it has
// left the cluster between when we got this response and now.
table.addCell(fullId ? nodeId : Strings.substring(nodeId, 0, 4));
table.addCell(node == null ? "-" : node.getHostAddress());
table.addCell(node.getAddress().address().getPort());
table.addCell(node == null ? "-" : node.getName());
table.addCell(node == null ? "-" : node.getVersion().toString());
....
}
Elasticsearch
V6060 The 'cause' reference was utilized before it was verified against null. StartupException.java(76), StartupException.java(73)
private void printStackTrace(Consumer<String> consumer) {
Throwable originalCause = getCause();
Throwable cause = originalCause;
if (cause instanceof CreationException) {
cause = getFirstGuiceCause((CreationException)cause);
}
String message = cause.toString(); // <=
consumer.accept(message);
if (cause != null) { // <=
// walk to the root cause
while (cause.getCause() != null) {
cause = cause.getCause();
}
....
}
....
}
CUBA Platform
V6060 The 'descriptionPopup' reference was utilized before it was verified against null. SuggestPopup.java(252), SuggestPopup.java(251)
protected void updateDescriptionPopupPosition() {
int x = getAbsoluteLeft() + WIDTH;
int y = getAbsoluteTop();
descriptionPopup.setPopupPosition(x, y);
if (descriptionPopup!=null) {
descriptionPopup.setPopupPosition(x, y);
}
}
CUBA Platform
V6060 The 'tableModel' reference was utilized before it was verified against null. DesktopAbstractTable.java(1580), DesktopAbstractTable.java(1564)
protected Column addRuntimeGeneratedColumn(String columnId) {
// store old cell editors / renderers
TableCellEditor[] cellEditors =
new TableCellEditor[tableModel.getColumnCount() + 1]; // <=
TableCellRenderer[] cellRenderers =
new TableCellRenderer[tableModel.getColumnCount() + 1]; // <=
for (int i = 0; i < tableModel.getColumnCount(); i++) { // <=
Column tableModelColumn = tableModel.getColumn(i);
if (tableModel.isGeneratedColumn(tableModelColumn)) { // <=
TableColumn tableColumn = getColumn(tableModelColumn);
cellEditors[i] = tableColumn.getCellEditor();
cellRenderers[i] = tableColumn.getCellRenderer();
}
}
Column col = new Column(columnId, columnId);
col.setEditable(false);
columns.put(col.getId(), col);
if (tableModel != null) { // <=
tableModel.addColumn(col);
}
....
}
Similar errors can be found in some other places:
- V6060 The 'tableModel' reference was utilized before it was verified against null. DesktopAbstractTable.java(596), DesktopAbstractTable.java(579)
Huawei Cloud
V6060 The 'params' reference was utilized before it was verified against null. DomainService.java(49), DomainService.java(46)
public Domains list(Map<String, String> params)
{
Preconditions.checkNotNull(params.get("page_size"), ....);
Preconditions.checkNotNull(params.get("page_number"), ....);
Invocation<Domains> domainInvocation = get(Domains.class, uri("/domains"));
if (params != null) { // <=
....
}
return domainInvocation.execute(this.buildExecutionOptions(Domains.class));
}
Similar errors can be found in some other places:
- V6060 The 'params' reference was utilized before it was verified against null. DomainService.java(389), DomainService.java(387)
- V6060 The 'params' reference was utilized before it was verified against null. DomainService.java(372), DomainService.java(369)
- V6060 The 'params' reference was utilized before it was verified against null. DomainService.java(353), DomainService.java(350)
XMage
V6060 The 'player' reference was utilized before it was verified against null. VigeanIntuition.java(79), VigeanIntuition.java(78)
@Override
public boolean apply(Game game, Ability source) {
MageObject sourceObject = game.getObject(source.getSourceId());
Player player = game.getPlayer(source.getControllerId());
Library library = player.getLibrary(); // <=
if (player != null && sourceObject != null && library != null) { // <=
....
}
}
WildFly
V6060 The 'dataSourceController' reference was utilized before it was verified against null. AbstractDataSourceAdd.java(399), AbstractDataSourceAdd.java(297)
void StepsecondRuntimeStep(....) throws OperationFailedException {
....
dataSourceController.getService() ....
....
if (dataSourceController != null) {....}
....
}
Bouncy Castle
V6060 The 'params' reference was utilized before it was verified against null. BCDSAPublicKey.java(54), BCDSAPublicKey.java(53)
BCDSAPublicKey(DSAPublicKeyParameters params) {
this.y = params.getY();
if (params != null) {
this.dsaSpec = new DSAParameterSpec(params.getParameters().getP(),
params.getParameters().getQ(),
params.getParameters().getG());
} else {
this.dsaSpec = null;
}
this.lwKeyParams = params;
}
NetBeans 21
V6060 The 'pfe' reference was utilized before it was verified against null. BundleStructure.java(423), BundleStructure.java(424)
public void setAllData(String key, String[] data) {
....
// remove superfluous data
if (getEntryCount() > data.length/3) {
for (int j=0; j < getEntryCount(); j++) {
PropertiesFileEntry pfe = getNthEntry(j);
PropertiesStructure ps = pfe.getHandler().getStructure();
if (pfe == null || ps == null) continue;
....
}
}
}
Keycloak
V6060 The 'attributeValue' reference was utilized before it was verified against null. BaseWriter.java 233 , BaseWriter.java 235
public void writeDateAttributeValue(XMLGregorianCalendar attributeValue)
throws ProcessingException {
....
StaxUtil.writeAttribute(
writer,
"xsi",
JBossSAMLURIConstants.XSI_NSURI.get(),
"type",
"xs:" + attributeValue.getXMLSchemaType().getLocalPart() // <=
);
if (attributeValue == null) {
StaxUtil.writeAttribute(
writer,
"xsi",
JBossSAMLURIConstants.XSI_NSURI.get(),
"nil",
"true"
);
....
}
Apache Solr
V6060 The 'pending' reference was utilized before it was verified against null. AbstractBasicDistributedZkTestBase.java 1664, AbstractBasicDistributedZkTestBase.java 1665
private void createNewCollection(final String collection)
throws InterruptedException {
....
pending.add(completionService.submit(call));
while (pending != null && pending.size() > 0) {
Future<Object> future = completionService.take();
if (future == null) return;
pending.remove(future);
}
}
GeoServer
V6060 The 'pd' reference was utilized before it was verified against null. DataPanel.java 117 , DataPanel.java 118
protected void updateAttributeStats(DataAttribute attribute)
throws IOException {
....
// check we can compute min and max
PropertyDescriptor pd = fs.getSchema().getDescriptor(attribute.getName());
Class<?> binding = pd.getType().getBinding();
if (pd == null
|| !Comparable.class.isAssignableFrom(binding)
|| Geometry.class.isAssignableFrom(binding)) {
return;
}
....
}
GeoServer
V6060 The 'e' reference was utilized before it was verified against null. ResourceAccessManagerWCSTest.java 186, ResourceAccessManagerWCSTest.java 193
@Test
public void testChallenge() throws Exception {
Map<String, Object> raw = getWorld();
try {
executeGetCoverageKvp(raw);
fail("This should have failed with a security exception");
} catch (Throwable e) {
// make sure we are dealing with some security exception
Throwable se = null;
while (e.getCause() != null && e.getCause() != e) {
e = e.getCause();
if (SecurityUtils.isSecurityException(e)) {
se = e;
}
}
if (e == null) { // <=
fail("We should have got some sort of SpringSecurityException");
} else {
// some mumbling about not having enough privileges
assertTrue(se.getMessage().contains("World"));
assertTrue(se.getMessage().contains("privileges"));
}
}
}
Most likely, it was intended to compare se to null.
GeoServer
V6060 The 'coverageViewInfo' reference was utilized before it was verified against null. CoverageViewAbstractPage.java 128, CoverageViewAbstractPage.java 132
public CoverageViewAbstractPage(
String workspaceName, String storeName,
String coverageName, CoverageInfo coverageInfo)
throws IOException {
....
// grab the coverage view
coverageViewInfo =
coverageInfo != null
? coverageInfo
: catalog.getResourceByStore(store, coverageName, CoverageInfo.class);
CoverageView coverageView =
coverageViewInfo
.getMetadata() // <=
.get(CoverageView.COVERAGE_VIEW, CoverageView.class);
// the type can be still not saved
if (coverageViewInfo != null) { // <=
coverageInfoId = coverageViewInfo.getId();
}
if (coverageView == null) {
throw new IllegalArgumentException(
"The specified coverage does not have a coverage view attached to it");
}
....
}
Apache Kafka
V6060 The 'input' reference was utilized before it was verified against null. ValuesTest.java 1212, ValuesTest.java 1213
protected SchemaAndValue roundTrip(...., SchemaAndValue input) {
String serialized = Values.convertToString(input.schema(),
input.value());
if (input != null && input.value() != null) {
....
}
....
}