4

OPTION を ORDER に含まれる配列リストに保存しようとすると、null ポインター例外がスローされます。ユーザーが(ビューで)クリックするたびに、各オプションを ORDER クラスの配列リストに保存しようとしています。関数は正しいオプション ID で正しく呼び出されます。ただし、配列リストに保存しようとするたびに、null 例外が発生します。ただし、注文クラスの id やその他の属性を変更して保存することはできます。どんな助けでも大歓迎です。

コントローラ クラス:

public static Result selectedOption(Long id) {
        System.out.println("Option selected: [" + id + "]     " + "[" + OptionType.find.byId(id).getName() + "]");
        Session session = Http.Context.current().session();
        Orders current = Orders.find.byId(Long.parseLong(session.get("current_id")));
        System.out.println("SESSION ID: " + session.get("current_id"));

        current.optionType.add(OptionType.find.byId(id));
        current.save();

        return ok(pickOptions.render("Options", OptionType.find.where().like("priority", id.toString()).findList()));
    }

オーダークラス

package models;


import java.util.ArrayList;
import java.util.List;

import javax.persistence.*;

import play.db.ebean.*;
import play.data.validation.*;

@Entity 
public class Orders extends Model {
    private static final long serialVersionUID = 1L;

    @Id
    public Long id;

    @Constraints.Required
    public boolean is_florida;      // String so form will take leading zero's

    public List<OptionType> optionType;

    public static Finder<Long,Orders> find = new Finder<Long,Orders>(Long.class, Orders.class);  

    public Orders(boolean is_florida) {
        this.is_florida = is_florida;
        this.optionType = new ArrayList<OptionType>();
    }

    public void setIsFlorida(boolean is_florida) {
        this.is_florida = is_florida;
    }

    public boolean getIsFlorida() {
        return is_florida;
    }
}

ルートファイル

GET     /category/option/:id        controllers.Builder.selectedOption(id:Long)

ビューからの呼び出しのスクリプト

<script>
    $('.select_it, .myState').on('click', function(e){
        var id = $(this).attr('id');

        $(this).toggleClass('myState');

        jsRoutes.controllers.Builder.selectedOption(id).ajax({
            success : function(data) {}
        });
    });
</script>

注文が初期化されるコントローラ クラス

public static Result selectedLocation(String location) {現在の注文。

if(location.equals("ma")) {
    System.out.println("Setting location: [Mid-Atlantic]");
        current = new Orders(false);
} else {
    System.out.println("Setting location: [Florida]");
        current = new Orders(true);
}

current.save();

Session session = Http.Context.current().session();
session.put("current_id", current.id.toString());

System.out.println("Storing id into current session, id: " + session.get("current_id"));
System.out.println("Create a new order in table: [" + current.id + "]   isFlorida: [" + current.is_florida + "]");

return redirect(routes.Builder.pickCate("1"));
}

スタックトレース

    2013-10-29 00:05:45,334 - [ERROR] - from play in play-internal-execution-context-1 
Cannot invoke the action, eventually got an error: java.lang.NullPointerException

2013-10-29 00:05:45,341 - [ERROR] - from application in play-internal-execution-context-1 


! @6g507nja5 - Internal server error, for (GET) [/category/option/1] ->

play.api.Application$$anon$1: Execution exception[[NullPointerException: null]]
    at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.0]
    at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2$$anonfun$applyOrElse$3.apply(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at scala.Option.map(Option.scala:145) [scala-library.jar:na]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2.applyOrElse(PlayDefaultUpstreamHandler.scala:261) [play_2.10.jar:2.2.0]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$2.applyOrElse(PlayDefaultUpstreamHandler.scala:257) [play_2.10.jar:2.2.0]
    at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:33) [scala-library.jar:na]
    at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:411) [scala-library.jar:na]
    at scala.concurrent.Future$$anonfun$recoverWith$1.apply(Future.scala:408) [scala-library.jar:na]
    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:29) [scala-library.jar:na]
    at play.api.libs.iteratee.Execution$$anon$1.execute(Execution.scala:43) [play-iteratees_2.10.jar:2.2.0]
    at scala.concurrent.impl.CallbackRunnable.executeWithValue(Promise.scala:37) [scala-library.jar:na]
    at scala.concurrent.impl.Promise$DefaultPromise.tryComplete(Promise.scala:133) [scala-library.jar:na]
    at scala.concurrent.Promise$class.complete(Promise.scala:55) [scala-library.jar:na]
    at scala.concurrent.impl.Promise$DefaultPromise.complete(Promise.scala:58) [scala-library.jar:na]
    at scala.concurrent.Future$$anonfun$map$1.apply(Future.scala:254) [scala-library.jar:na]
    at scala.concurrent.Future$$anonfun$map$1.apply(Future.scala:249) [scala-library.jar:na]
    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:29) [scala-library.jar:na]
    at scala.concurrent.forkjoin.ForkJoinTask$AdaptedRunnableAction.exec(ForkJoinTask.java:1361) [scala-library.jar:na]
    at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260) [scala-library.jar:na]
    at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339) [scala-library.jar:na]
    at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979) [scala-library.jar:na]
    at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107) [scala-library.jar:na]
Caused by: java.lang.NullPointerException: null
    at controllers.Builder.selectedOption(Builder.java:38) ~[na:na]
    at Routes$$anonfun$routes$1$$anonfun$applyOrElse$12$$anonfun$apply$12.apply(routes_routing.scala:193) ~[na:na]
    at Routes$$anonfun$routes$1$$anonfun$applyOrElse$12$$anonfun$apply$12.apply(routes_routing.scala:193) ~[na:na]
    at play.core.Router$HandlerInvoker$$anon$7$$anon$2.invocation(Router.scala:183) ~[play_2.10.jar:2.2.0]
    at play.core.Router$Routes$$anon$1.invocation(Router.scala:377) ~[play_2.10.jar:2.2.0]
    at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:56) ~[play_2.10.jar:2.2.0]
    at play.core.j.JavaAction$$anon$3.apply(JavaAction.scala:91) ~[play_2.10.jar:2.2.0]
    at play.core.j.JavaAction$$anon$3.apply(JavaAction.scala:90) ~[play_2.10.jar:2.2.0]
    at play.core.j.FPromiseHelper$$anonfun$flatMap$1.apply(FPromiseHelper.scala:82) ~[play_2.10.jar:2.2.0]
    at play.core.j.FPromiseHelper$$anonfun$flatMap$1.apply(FPromiseHelper.scala:82) ~[play_2.10.jar:2.2.0]
    at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:278) ~[scala-library.jar:na]
    at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:274) ~[scala-library.jar:na]
    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:29) [scala-library.jar:na]
    at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:37) ~[play_2.10.jar:2.2.0]
    at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:42) ~[akka-actor_2.10.jar:2.2.0]
    at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:386) ~[akka-actor_2.10.jar:2.2.0]
    ... 4 common frames omitted

アップデート

Option クラスの名前を OptionType に変更しようとしましたが、それでも同じエラーが発生します。

配列への追加オプション タイプをコメント アウトしたときの出力例。

Setting location: [Florida]
Storing id into current session, id: 1000
Create a new order in table: [1000]   isFlorida: [true]
Category selected: [Cold Subs]
Option selected: [1]     [BBQ]
SESSION ID: 1000
Option selected: [2]     [Chipotle]
SESSION ID: 1000
Option selected: [6]     [Mayo]
SESSION ID: 1000
Option selected: [5]     [Marinara]
SESSION ID: 1000
Option selected: [9]     [Sweet Onion]
SESSION ID: 1000
4

1 に答える 1

5

以下に記載されているプレイのいくつかのバージョンで

  • プレイ 2.1.0 - 2.1.2
  • プレイ 2.0 - 2.0.5
  • プレイ 1.2 - 1.2.5
  • プレイ 1.1 - 1.1.2
  • プレイ 1.0 - 1.0.3.3

Play セッション/Cookie に null 値を設定すると、問題は発生しません。しかし、ほとんどの残りのバージョンでは、以下の問題が発生します。

! @6hamjmcc5 - Internal server error, for (GET) [/blah/blah] ->

play.api.Application$$anon$1: Execution exception[[NullPointerException: null]]
    at play.api.Application$class.handleError(Application.scala:287) ~[play_2.10.jar:2.1.5]
    at play.api.DefaultApplication.handleError(Application.scala:381) [play_2.10.jar:2.1.5]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$play$core$server$netty$PlayDefaultUpstreamHandler$$handle$1$1.apply(PlayDefaultUpstreamHandler.scala:143) [play_2.10.jar:2.1.5]
    at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$play$core$server$netty$PlayDefaultUpstreamHandler$$handle$1$1.apply(PlayDefaultUpstreamHandler.scala:139) [play_2.10.jar:2.1.5]
    at play.api.libs.concurrent.PlayPromise$$anonfun$extend1$1.apply(Promise.scala:113) [play_2.10.jar:2.1.5]
    at play.api.libs.concurrent.PlayPromise$$anonfun$extend1$1.apply(Promise.scala:113) [play_2.10.jar:2.1.5]
java.lang.NullPointerException: null
    at java.net.URLEncoder.encode(URLEncoder.java:205) ~[na:1.7.0_45]
    at play.api.mvc.CookieBaker$$anonfun$4.apply(Http.scala:410) ~[play_2.10.jar:2.1.5]
    at play.api.mvc.CookieBaker$$anonfun$4.apply(Http.scala:409) ~[play_2.10.jar:2.1.5]
    at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:244) ~[scala-library.jar:na]
    at scala.collection.TraversableLike$$anonfun$map$1.apply(TraversableLike.scala:244) ~[scala-library.jar:na]
    at scala.collection.immutable.HashMap$HashMap1.foreach(HashMap.scala:224) ~[scala-library.jar:na]

これは、sessioninjection と null バイトのセッション値を使用してセキュリティ ループ全体を回避するためです。

この問題の回避策は、セッションに設定する前に null 値をチェックすることです。

これは将来誰かを助けるかもしれません。

http://www.playframework.com/security/vulnerability/20130806-SessionInjection

于 2014-02-20T02:35:20.897 に答える