[
https://issues.apache.org/jira/browse/SQOOP-1784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14222537#comment-14222537
]
Veena Basavaraj commented on SQOOP-1784:
----------------------------------------
Lastly thinking more about the actual patch. here are few things that should be
addressed.
The code at the least should have some comments saying why this order matters.
This might bite us again, it might take forever for a developer to realize that
changing the order of the statements has implications that are not obvious.
There may other params added in future and making sure they are read in the
right order is not always obvious
Alternatively, some defensive coding might be good.
Second, we can have a wrapper HttpServletRequestWrapper that forces how we do
getParameter.
http://stackoverflow.com/questions/5872109/httpservletrequest-getparameter-and-getreader
> Sqoop2: Sending POST request to link or job end-point might end up with NPE
> ---------------------------------------------------------------------------
>
> Key: SQOOP-1784
> URL: https://issues.apache.org/jira/browse/SQOOP-1784
> Project: Sqoop
> Issue Type: Bug
> Affects Versions: 1.99.4
> Reporter: Jarek Jarcec Cecho
> Assignee: Jarek Jarcec Cecho
> Fix For: 1.99.5
>
> Attachments: SQOOP-1784.patch
>
>
> I was testing few patches on real cluster and noticed that creating link on
> current head of {{sqoop2}} branch can lead to NPE in {{LinkBean}}. I've
> traced the code and found out that
> {{[ctx.getRequest().getReader()|https://github.com/apache/sqoop/blob/sqoop2/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java#L114]}}
> is returning empty buffer and as a result the subsequent call to
> {{JSONValue.parse}} returns {{null}} and we hit {{NullPointerException}}
> later in {{LInkBean}}.
> This one was quite hard to crack, but I believe that I've isolated the
> problem. In SQOOP-1774 we've changed the way to get username from header to
> URL parameter and we're using
> {{[ServletRequest.getParameter()|https://github.com/apache/sqoop/blob/sqoop2/server/src/main/java/org/apache/sqoop/server/RequestContext.java#L121]}}
> method for that. Carefully reading it's
> [javadoc|https://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#getParameter(java.lang.String)]
> I found out that:
> {quote}
> If the parameter data was sent in the request body, such as occurs with an
> HTTP POST request, then reading the body directly via getInputStream() or
> getReader() can interfere with the execution of this method
> {quote}
> And hence I'm assuming that getting the username has processed the request
> body already and thus we got the eventual {{NullPointerException}}.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
