You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In file SimpleDateFormatObjectDescription.java, line 117, format is assigned from the returned value of super.createObject() method. The code of BeanObjectDescription.createObject() (super.createObject()) suggests that the method might return null in case of any exception. But the returned value is not checked for null in SimpleDateFormatObjectDescription.createObject() method. This may cause Null Pointer exception as in line 119 and 122, applyPattern() and applyLocalizedPattern() methods are called on format.
The static analysis tool was ran on jcommon version: v1.0.23
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
The text was updated successfully, but these errors were encountered:
Summary
In file
SimpleDateFormatObjectDescription.java, line 117,formatis assigned from the returned value ofsuper.createObject()method. The code ofBeanObjectDescription.createObject()(super.createObject()) suggests that the method might return null in case of any exception. But the returned value is not checked for null inSimpleDateFormatObjectDescription.createObject()method. This may cause Null Pointer exception as in line 119 and 122,applyPattern()andapplyLocalizedPattern()methods are called onformat.The static analysis tool was ran on
jcommonversion:v1.0.23Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed - to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
The text was updated successfully, but these errors were encountered: