Skip to content

model.getBuild() called twice creates potential inconsistency in BuildHelper.getPlugin() #371

Description

@elharo

Affected version: 4.0.0-beta-5+

Description:

BuildHelper.getPlugin() at line 86 calls model.getBuild() twice:

public static Plugin getPlugin(Model model, String pluginGa) {
    Plugin plugin = getPlugin(model.getBuild(), pluginGa);
    if (model.getBuild() != null && plugin == null) {
        plugin = getPlugin(model.getBuild().getPluginManagement(), pluginGa);
    }
    return plugin;
}

If the model is backed by a lazy-loading or mutable proxy, the two calls could return different values — e.g., the first returns null, the second returns a non-null Build. In that case, the null guard at line 87 passes, but then the non-null Build could have a PluginManagement that gets queried. Conversely, if the first call returns a non-null Build and the second returns null, line 88 would NPE on model.getBuild().getPluginManagement().

Impact: Low likelihood but a correctness concern. The result should be captured in a local variable.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions