Switch order of literals to prevent NullPointerException #868
Conversation
…-java/switch-literal-first Switch order of literals to prevent NullPointerException
|
|
| @@ -77,7 +77,7 @@ public static <T> T handle(ObjectMapper objectMapper, | |||
|
|
|||
| private static boolean isJsonMime(String mime) { | |||
| String jsonMime = "(?i)^(application/json|[^;/ \t]+/[^;/ \t]+[+]json)[ \t]*(;.*)?$"; | |||
| return mime != null && (mime.matches(jsonMime) || mime.equals("*/*")); | |||
| return mime != null && (mime.matches(jsonMime) || "*/*".equals(mime)); | |||
There was a problem hiding this comment.
Useless. Non-null value here is already asserted.
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -82,8 +82,8 @@ private String checkScope(String scope) { | |||
| return null; | |||
| } | |||
|
|
|||
| if (!scope.equalsIgnoreCase("ORG") | |||
| && !scope.equalsIgnoreCase("PROJECT")) { | |||
| if (!"ORG".equalsIgnoreCase(scope) | |||
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -60,7 +60,7 @@ public void checkPermission(Permission perm) { | |||
| String path = perm.getName(); | |||
|
|
|||
| // allow all local paths | |||
| if (!path.startsWith("/") && !path.equals(ALL_FILES_TOKEN)) { | |||
| if (!path.startsWith("/") && !ALL_FILES_TOKEN.equals(path)) { | |||
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -278,7 +278,7 @@ default Set<VariableMapping> getVarMap(Map<String, Object> options, String key) | |||
| result.add(new VariableMapping(null, sourceExpr, sourceValue, target, true)); | |||
| } | |||
|
|
|||
| if (key.equals("in") && getWithItems(options) != null) { | |||
| if ("in".equals(key) && getWithItems(options) != null) { | |||
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -121,7 +121,7 @@ private static void validateSpec(Trigger t, List<String> errors) { | |||
|
|
|||
| private static void validateTimezone(Trigger t, List<String> errors) { | |||
| String triggerName = t.name(); | |||
| if (!triggerName.equals("cron")) { | |||
| if (!"cron".equals(triggerName)) { | |||
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -260,7 +260,7 @@ private UserType assertUserType(String username, String domain, UserType type) { | |||
| } | |||
|
|
|||
| private UserType assertSsoUserType(UserPrincipal u, UserType type) { | |||
| if (u.getRealm().equals(SSO_REALM_NAME)) { | |||
| if (SSO_REALM_NAME.equals(u.getRealm())) { | |||
| @@ -118,7 +118,7 @@ public String getConfirmationMessage() { | |||
|
|
|||
| @Override | |||
| public void setUp() { | |||
| if (this.skip.equals("true")) { | |||
| if ("true".equals(this.skip)) { | |||
| @@ -70,7 +70,7 @@ public AuthenticationToken createToken(ServletRequest request, ServletResponse r | |||
| String header = req.getHeader(AUTHORIZATION_HEADER); | |||
| if (header != null) { | |||
| String[] as = header.split(" "); | |||
| if (as.length != 2 || !as[0].equals(HEADER_PREFIX)) { | |||
| if (as.length != 2 || !HEADER_PREFIX.equals(as[0])) { | |||
There was a problem hiding this comment.
The purpose of this change is to be proactively defensive. Though it may be negligibly faster to run this way, it also conforms to a best practice and makes the code easier to read. Also, since the behavior is otherwise equivalent, there is no cost to this change.
| @@ -186,7 +186,7 @@ private static Map<String, String> getDependencyVersionsFromFile(RunnerJob job) | |||
| } | |||
|
|
|||
| private static boolean isLatestVersion(String v) { | |||
| return v.equalsIgnoreCase("latest"); | |||
| return "latest".equalsIgnoreCase(v); | |||
|
This bot need more training. |
|
@ibodrov thanks for the feedback on this PR! I'm a maintainer of @pixeebot and just wanted to point out that @pixeebot is not actually using AI to make this change. We use an OSS framework called Codemodder: https://github.com/pixee/codemodder-java This particular codemod is implemented here: https://github.com/pixee/codemodder-java/blob/main/core-codemods/src/main/java/io/codemodder/codemods/SwitchLiteralFirstComparisonsCodemod.java A big part of our philosophy is to introduce proactively defensive changes that have no downside. In this particular case, it seems you've identified four places where the code potentially benefits from this hardening and five places where maybe it's not as obviously useful. Given that, I'm curious whether you see any downside to merging the code as-is given that it's a defensive change that also reflects a best practice? Your feedback is appreciated. |
This change defensively switches the order of literals in comparison expressions to ensure that no null pointer exceptions are unexpectedly thrown. Runtime exceptions especially can cause exceptional and unexpected code paths to be taken, and this can result in unexpected behavior.
Both simple vulnerabilities (like information disclosure) and complex vulnerabilities (like business logic flaws) can take advantage of these unexpected code paths.
Our changes look something like this:
More reading
Powered by: pixeebot (codemod ID: pixee:java/switch-literal-first)