github-advanced-security[bot] commented on code in PR #981:
URL: https://github.com/apache/syncope/pull/981#discussion_r1946496493
##########
core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/DefaultMappingManager.java:
##########
@@ -619,67 +610,67 @@
LOG.debug("Get internal values for {} as '{}' on {}", any,
mapItem.getIntAttrName(), resource);
List<Any<?>> references = new ArrayList<>();
- Membership<?> membership = null;
if (intAttrName.getEnclosingGroup() == null
&& intAttrName.getRelatedAnyObject() == null
&& intAttrName.getRelationshipAnyType() == null
&& intAttrName.getRelationshipType() == null
&& intAttrName.getRelatedUser() == null) {
+
references.add(any);
}
- if (any instanceof GroupableRelatable<?, ?, ?, ?, ?>
groupableRelatable) {
- if (intAttrName.getEnclosingGroup() != null) {
- Group group =
groupDAO.findByName(intAttrName.getEnclosingGroup()).orElse(null);
- if (group == null
- || any instanceof User
- ? !userDAO.findAllGroupKeys((User)
any).contains(group.getKey())
- : any instanceof AnyObject
- ?
!anyObjectDAO.findAllGroupKeys((AnyObject) any).contains(group.getKey())
- : false) {
-
- LOG.warn("No (dyn) membership for {} in {}, ignoring",
- intAttrName.getEnclosingGroup(),
groupableRelatable);
- } else {
- references.add(group);
- }
- } else if (intAttrName.getRelatedUser() != null) {
- User user =
userDAO.findByUsername(intAttrName.getRelatedUser()).orElse(null);
- if (user == null ||
user.getRelationships(groupableRelatable.getKey()).isEmpty()) {
- LOG.warn("No relationship for {} in {}, ignoring",
- intAttrName.getRelatedUser(), groupableRelatable);
- } else if (groupableRelatable.getType().getKind() ==
AnyTypeKind.USER) {
- LOG.warn("Users cannot have relationship with other users,
ignoring");
- } else {
- references.add(user);
- }
- } else if (intAttrName.getRelatedAnyObject() != null) {
- AnyObject anyObject =
anyObjectDAO.findById(intAttrName.getRelatedAnyObject()).orElse(null);
- if (anyObject == null ||
groupableRelatable.getRelationships(anyObject.getKey()).isEmpty()) {
- LOG.warn("No relationship for {} in {}, ignoring",
- intAttrName.getRelatedAnyObject(),
groupableRelatable);
- } else {
- references.add(anyObject);
- }
- } else if (intAttrName.getRelationshipAnyType() != null &&
intAttrName.getRelationshipType() != null) {
- RelationshipType relationshipType =
relationshipTypeDAO.findById(
- intAttrName.getRelationshipType()).orElse(null);
- AnyType anyType =
anyTypeDAO.findById(intAttrName.getRelationshipAnyType()).orElse(null);
- if (relationshipType == null ||
groupableRelatable.getRelationships(relationshipType).isEmpty()) {
- LOG.warn("No relationship for type {} in {}, ignoring",
- intAttrName.getRelationshipType(),
groupableRelatable);
- } else if (anyType == null) {
- LOG.warn("No anyType {}, ignoring",
intAttrName.getRelationshipAnyType());
- } else {
-
references.addAll(groupableRelatable.getRelationships(relationshipType).stream().
- filter(relationship ->
anyType.equals(relationship.getRightEnd().getType())).
- map(Relationship::getRightEnd).
- toList());
- }
- } else if (intAttrName.getMembershipOfGroup() != null) {
- membership =
groupDAO.findByName(intAttrName.getMembershipOfGroup()).
- flatMap(group ->
groupableRelatable.getMembership(group.getKey())).
- orElse(null);
+ Membership<?> membership = null;
+
+ if (intAttrName.getEnclosingGroup() != null) {
+ Group group =
groupDAO.findByName(intAttrName.getEnclosingGroup()).orElse(null);
+ if (group == null
+ || any instanceof User
+ ? !userDAO.findAllGroupKeys((User)
any).contains(group.getKey())
Review Comment:
## Dereferenced variable may be null
Variable [group](1) may be null at this access as suggested by [this](2)
null guard.
[Show more
details](https://github.com/apache/syncope/security/code-scanning/1789)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@syncope.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
