[
https://issues.apache.org/jira/browse/WW-5546?focusedWorklogId=968710&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-968710
]
ASF GitHub Bot logged work on WW-5546:
--------------------------------------
Author: ASF GitHub Bot
Created on: 06/May/25 19:34
Start Date: 06/May/25 19:34
Worklog Time Spent: 10m
Work Description: sonarqubecloud[bot] commented on PR #1263:
URL: https://github.com/apache/struts/pull/1263#issuecomment-2855723988
## [](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1263)
**Quality Gate failed**
Failed conditions
 [7 Security
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_struts&pullRequest=1263&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true)
 [71.5% Coverage on New
Code](https://sonarcloud.io/component_measures?id=apache_struts&pullRequest=1263&metric=new_coverage&view=list)
(required ≥ 80%)
 [C Reliability Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1263)
(required ≥ A)
 [E Security Rating on New
Code](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1263)
(required ≥ A)
[See analysis details on SonarQube
Cloud](https://sonarcloud.io/dashboard?id=apache_struts&pullRequest=1263)
##
 Catch issues before they fail your Quality Gate with our IDE extension
 [SonarQube for
IDE](https://www.sonarsource.com/products/sonarlint/features/connected-mode/?referrer=pull-request)
Issue Time Tracking
-------------------
Worklog Id: (was: 968710)
Time Spent: 1h 20m (was: 1h 10m)
> NPE in AbstractFileUploadInterceptor
> ------------------------------------
>
> Key: WW-5546
> URL: https://issues.apache.org/jira/browse/WW-5546
> Project: Struts 2
> Issue Type: Bug
> Components: Core, Core Interceptors
> Affects Versions: 6.7.4
> Reporter: Barta Tamás
> Assignee: Lukasz Lenart
> Priority: Major
> Fix For: 6.8.0, 7.1.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> I got the following exception:
>
> {code:java}
> java.lang.NullPointerException: Cannot invoke "java.io.File.length()" because
> "this.file" is null
> at
> deployment.deployment.ear//org.apache.struts2.dispatcher.multipart.StrutsUploadedFile.length(StrutsUploadedFile.java:52)
> at
> deployment.deployment.ear//org.apache.struts2.interceptor.AbstractFileUploadInterceptor.acceptFile(AbstractFileUploadInterceptor.java:133)
> at
> deployment.deployment.ear//org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:232)
> at
> deployment.deployment.ear//com.opensymphony.xwork2.interceptor.AbstractInterceptor.intercept(AbstractInterceptor.java:36)
> at
> deployment.deployment.ear//com.opensymphony.xwork2.DefaultActionInvocation.executeConditional(DefaultActionInvocation.java:303)
> {code}
> I think the bug is in AbstractFileUploadInterceptor:
>
>
> {code:java}
> if (file.getContent() == null) {
> String errMsg = getTextMessage(action,
> STRUTS_MESSAGES_ERROR_UPLOADING_KEY, new String[]{originalFilename});
>
> errorMessages.add(errMsg);
> LOG.warn(errMsg);
> }
> if (maximumSize != null && maximumSize < file.length()) { {code}
> If file.getContent() is null (which means StrutsUploadedFile.file is null),
> then warning is logged but there is no "return false" so execution continues
> and file.length() will throw NPE as file is null in StrutsUploadedFile.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
