浏览代码

json parsing exception handling, see Coverity issues 72297, 72296, 72295

Sebastian Stenzel 9 年之前
父节点
当前提交
d5b4fb4fe9

+ 5 - 0
main/filesystem-crypto/src/main/java/org/cryptomator/crypto/engine/impl/CryptorImpl.java

@@ -35,6 +35,7 @@ import org.cryptomator.crypto.engine.UnsupportedVaultFormatException;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.exc.InvalidFormatException;
 
 class CryptorImpl implements Cryptor {
 
@@ -99,9 +100,13 @@ class CryptorImpl implements Cryptor {
 		try {
 			final ObjectMapper om = new ObjectMapper();
 			keyFile = om.readValue(masterkeyFileContents, KeyFile.class);
+			if (keyFile == null) {
+				throw new InvalidFormatException("Could not read masterkey file", keyFile, KeyFile.class);
+			}
 		} catch (IOException e) {
 			throw new IllegalArgumentException("Unable to parse masterkeyFileContents", e);
 		}
+		assert keyFile != null;
 
 		// check version
 		if (keyFile.getVersion() != CURRENT_VAULT_VERSION || ArrayUtils.isEmpty(keyFile.getVersionMac())) {

+ 4 - 0
main/ui/src/main/java/org/cryptomator/ui/model/VaultObjectMapperProvider.java

@@ -27,6 +27,7 @@ import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializerProvider;
+import com.fasterxml.jackson.databind.exc.InvalidFormatException;
 import com.fasterxml.jackson.databind.module.SimpleModule;
 
 @Singleton
@@ -70,6 +71,9 @@ public class VaultObjectMapperProvider implements Provider<ObjectMapper> {
 		@Override
 		public Vault deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException, JsonProcessingException {
 			final JsonNode node = jp.readValueAsTree();
+			if (node == null || !node.has("path")) {
+				throw new InvalidFormatException("Node is null or doesn't contain a path.", node, Vault.class);
+			}
 			final String pathStr = node.get("path").asText();
 			final Path path = FileSystems.getDefault().getPath(pathStr);
 			final Vault vault = vaultFactoy.createVault(path);