fix: protect against NPE (#1085)

close: #1084
micronaut-projects · Jun 1, 2021 · dc054f3 · dc054f3
1 parent 6d17f3d
commit dc054f3
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 1 deletion.
diff --git a/...aws-api-proxy/src/main/java/io/micronaut/function/aws/proxy/MicronautAwsProxyRequest.java b/...aws-api-proxy/src/main/java/io/micronaut/function/aws/proxy/MicronautAwsProxyRequest.java
@@ -16,6 +16,7 @@
 package io.micronaut.function.aws.proxy;
 
 import com.amazonaws.serverless.proxy.internal.SecurityUtils;
+import com.amazonaws.serverless.proxy.internal.jaxrs.AwsProxySecurityContext;
 import com.amazonaws.serverless.proxy.model.*;
 import com.amazonaws.services.lambda.runtime.Context;
 import io.micronaut.core.annotation.Internal;
@@ -103,11 +104,31 @@ public class MicronautAwsProxyRequest<T> implements HttpRequest<T> {
         }
         setAttribute(LAMBDA_CONTEXT_PROPERTY, lambdaContext);
         setAttribute(JAX_SECURITY_CONTEXT_PROPERTY, config);
-        if (securityContext != null && requestContext != null) {
+        if (isSecurityContextPresent (securityContext)) {
             setAttribute("micronaut.AUTHENTICATION", securityContext.getUserPrincipal());
         }
     }
 
+    /**
+     *
+     * @param securityContext Security Context
+     * @return returns false if the security context is not present, the associated event is null or the event's request context is null
+     */
+    static boolean isSecurityContextPresent(@Nullable SecurityContext securityContext) {
+        if (securityContext == null) {
+            return false;
+        }
+        if (securityContext instanceof AwsProxySecurityContext) {
+            AwsProxySecurityContext awsProxySecurityContext = (AwsProxySecurityContext) securityContext;
+            if (awsProxySecurityContext.getEvent() == null ||
+                    awsProxySecurityContext.getEvent().getRequestContext() == null ||
+                    awsProxySecurityContext.getEvent().getRequestContext().getIdentity() == null) {
+                           return false;
+            }
+        }
+        return true;
+    }
+
     /**
      * The backing {@link AwsProxyRequest} object.
      *

diff --git a/...proxy/src/test/groovy/io/micronaut/function/aws/proxy/MicronautAwsProxyRequestSpec.groovy b/...proxy/src/test/groovy/io/micronaut/function/aws/proxy/MicronautAwsProxyRequestSpec.groovy
@@ -0,0 +1,31 @@
+package io.micronaut.function.aws.proxy
+
+import com.amazonaws.serverless.proxy.internal.jaxrs.AwsProxySecurityContext
+import com.amazonaws.serverless.proxy.model.AwsProxyRequest
+import spock.lang.Specification
+
+class MicronautAwsProxyRequestSpec extends Specification {
+
+    void "MicronautAwsProxyRequest::isSecurityContextPresent does not throw NPE"() {
+        when:
+        boolean isPresent = MicronautAwsProxyRequest.isSecurityContextPresent(null)
+
+        then:
+        noExceptionThrown()
+        !isPresent
+
+        when:
+        isPresent = MicronautAwsProxyRequest.isSecurityContextPresent(new AwsProxySecurityContext(null, null))
+
+        then:
+        noExceptionThrown()
+        !isPresent
+
+        when:
+        isPresent = MicronautAwsProxyRequest.isSecurityContextPresent(new AwsProxySecurityContext(null, new AwsProxyRequest()))
+
+        then:
+        noExceptionThrown()
+        !isPresent
+    }
+}