Fresh burp only. LoggerPlusPlus.jar fails to load with NullPointerException in java.util.List.sort()

[justinsteven]

Description

Burp v2023.6.2, running in openjdk version "17.0.7" 2023-04-18 from Debian, when freshly installed (i.e. no prior versions of LoggerPlusPlus have been run), upon loading LoggerPlusPlus.jar v3.20.0 (sha256 e9df1d905409b2a4e7b6550f5a011c6dbf5e32304b7bd39dfd005e798aa24707) fails with the following shown in the "Errors" tab:

java.lang.NullPointerException: Cannot invoke "java.util.List.sort(java.util.Comparator)" because "list" is null
	at java.base/java.util.Collections.sort(Collections.java:145)
	at com.nccgroup.loggerplusplus.logview.logtable.LogTableColumnModel.<init>(LogTableColumnModel.java:42)
	at com.nccgroup.loggerplusplus.logview.logtable.LogTableController.<init>(LogTableController.java:23)
	at com.nccgroup.loggerplusplus.logview.LogViewController.<init>(LogViewController.java:36)
	at com.nccgroup.loggerplusplus.LoggerPlusPlus.initialize(LoggerPlusPlus.java:84)
	at burp.Ztt1.Zh(Unknown Source)
	at burp.Zkaw.Zq(Unknown Source)
	at burp.Zkas.lambda$initialiseOnNewThread$0(Unknown Source)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

Loading a prior LoggerPlusPlus.jar and then loading v3.20.0 seems to resolve the problem.

git bisect

65b3839 is bad:

% git checkout 65b38390
HEAD is now at 65b3839 Update utilities version
% ./gradlew build

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.5.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 1s
7 actionable tasks: 7 up-to-date


... Open it in a fresh Burp v2023.6.2
... Crashes with:

java.lang.NullPointerException: Cannot invoke "java.util.List.sort(java.util.Comparator)" because "list" is null
	at java.base/java.util.Collections.sort(Collections.java:145)
	at com.nccgroup.loggerplusplus.logview.logtable.LogTableColumnModel.<init>(LogTableColumnModel.java:42)
	at com.nccgroup.loggerplusplus.logview.logtable.LogTableController.<init>(LogTableController.java:23)
	at com.nccgroup.loggerplusplus.logview.LogViewController.<init>(LogViewController.java:36)
	at com.nccgroup.loggerplusplus.LoggerPlusPlus.initialize(LoggerPlusPlus.java:80)
	at burp.Ztt1.Zh(Unknown Source)
	at burp.Zkaw.Zq(Unknown Source)
	at burp.Zkas.lambda$initialiseOnNewThread$0(Unknown Source)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

The prior commit, c35cdfe, is good (after fixing a build error):

% git checkout 65b38390^
Previous HEAD position was 65b3839 Update utilities version
HEAD is now at c35cdfe Update Elastic exporter to ElasticSearch 8.7

% ./gradlew build

> Task :compileJava FAILED
/pwd/src/main/java/com/nccgroup/loggerplusplus/filter/colorfilter/TableColorRule.java:10: error: package org.elasticsearch.common does not exist
import org.elasticsearch.common.Table;
                               ^
1 error

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':compileJava'.
> Compilation failed; see the compiler error output for details.

* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.5.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 2s
4 actionable tasks: 2 executed, 2 up-to-date


% # ... Uncomment 'implementation 'org.elasticsearch.client:elasticsearch-rest-high-level-client:7.17.9'' from build.gradle

% vim build.gradle


% # ... Try again

% ./gradlew build

> Task :compileJava
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

See https://docs.gradle.org/7.5.1/userguide/command_line_interface.html#sec:command_line_warnings

BUILD SUCCESSFUL in 10s
7 actionable tasks: 4 executed, 3 up-to-date


... Open it in a fresh Burp v2023.6.2
... It succeeds

The first bad commit (65b3839) upgraded com.github.CoreyD97:Burp-Montoya-Utilities from 07e3e02b to 234d21d and so the fault may lie there

Expected behavior

Loading a released LoggerPlusPlus.jar, or one built from HEAD of master, is successful even on a fresh Burp

[CoreyD97]

Thanks for the detailed issue, I really appreciate it. I think I know the cause for this and will push a update in the next few days.

I my testing I found that in some cases, the issue would resolve itself when the extension is reloaded. Hopefully this fixes things for you in the meantime.

Thanks again!

[CoreyD97]

Thanks again @justinsteven, sorry for the delay in handling this!

[justinsteven]

Thanks @CoreyD97 !