-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix OpenSearch NullPointerException for "scope" UUID that is not a community or collection #9482
Fix OpenSearch NullPointerException for "scope" UUID that is not a community or collection #9482
Conversation
Fixes a NullPointerException when the "scope" parameter provided to the OpenSearch endpoint is a valid UUID, but is not a UUID associated with a Community or Collection. Instead of throwing a NullPointerException, this change modifies the code to return a null scope (resulting in an "unscoped" OpenSearch request), which is the same behavior that occurs when the UUID is invalid, or otherwise not usable.
I tried linking this issue with #9481 by putting a "Fixes" keyword in the "References" section of pull request description, but it did not work because the base branch for the pull request is "dspace-7_x", not the default branch (as explained in https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue). I do not have write permissions to the repository, so I am unable to manually link this pull request to the issue. If someone could do that (or explain how I can do it), I would appreciate it. Thanks. |
@dsteelma-umd : I've manually linked this PR as fixing #9481 |
Fixes a NullPointerException when the "scope" parameter provided to the OpenSearch endpoint is a valid UUID, but is not a UUID associated with a Community or Collection. Instead of throwing a NullPointerException, this change modifies the code to return a null scope (resulting in an "unscoped" OpenSearch request), as if the UUID were invalid, or otherwise not usable. This fix was provided to DSpace as Pull Request #9482 - <DSpace/DSpace#9482>. The customization markers added in this issue can be removed when MD-SOAR is updated to a DSpace version containing this change. https://umd-dit.atlassian.net/browse/LIBCIR-386
Fixes a NullPointerException when the "scope" parameter provided to the OpenSearch endpoint is a valid UUID, but is not a UUID associated with a Community or Collection. Instead of throwing a NullPointerException, this change modifies the code to return a null scope (resulting in an "unscoped" OpenSearch request), as if the UUID were invalid, or otherwise not usable. This fix was provided to DSpace as Pull Request DSpace#9482 - <DSpace#9482>. The customization markers added in this issue can be removed when DRUM is updated to a DSpace version containing this change. https://umd-dit.atlassian.net/browse/LIBDRUM-859
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks @dsteelma-umd ! These changes make sense and the IT proves that it is working properly.
Successfully created backport PR for |
References
Fixes #9481
Description
Fixes a NullPointerException that occurs when the OpenSearch endpoint receives a "scope" parameter that is a valid UUID, but which does not correspond to a community or collection.
While it is not believed to be possible to trigger this NullPointerException through the GUI, on our production system we have seen badly-behaved crawlers make thousands of requests an hour to the OpenSearch endpoint with UUIDs that do not correspond to a community or collection.
This pull request fixes the issue in the same manner as when an invalid UUID, or some other error, occurs when retrieving the scope -- the "resolveScope" method in "org.dspace.app.rest.utils.ScopeResolver" returns null, and ultimately an "unscoped" OpenSearch result is returned to the requestor.
Instructions for Reviewers
The NullPointerException occurs due to the following code (lines 44-46)
of the "resolveScope" in the org.dspace.app.rest.utils.ScopeResolver:
The
collectionService.find(context, uuid)
call will returnnull
if thegiven
uuid
is not a collection. This causes a NullPointerException when thegetID()
method is in called on the null object when theOpenSearchController.search
method attempts to use it as part of the Solr search.List of changes in this PR:
The pull request adds an additional null check to determine if the collection retrieval request has returned null, and if so, emits a warning to the log, and sets the
scopeObj
to null, which is then returned. This is consistent with theresolveScope
method's behavior of returning a nullscopeObj
if the UUID has an invalid format, or a SQLException occurs when retrieving the UUID. This results in an "unscoped" OpenSearch response being sent back to the requestor (i.e., an OpenSearch response equivalent to the "scope" parameter not being provided in the request).Added a
scopeNotCommunityOrCollectionUUIDTest
integration test to theorg.dspace.app.opensearch.OpenSearchControllerIT
to verify that an "unscoped" response is returned when the "scope" parameter in the request in a valid UUID that is not a community or collection.Include guidance for how to test or review your PR.
Note: The fix provided by this pull request is a minimal change which is consistent with the existing OpenSearch behavior that when given an invalid "scope" parameter, returns an "unscoped" OpenSearch response.
It could be argued it would be better to return an HTTP Status 400 (Bad Request) response when an invalid "scope" parameter is provided, but that would not be consistent with existing behavior (and changing the existing behavior seems outside the scope of this issue).
Verification Steps
The following steps require:
A DSpace 7.6.x backend, populated with data, and the change in the pull request. See https://wiki.lyrasis.org/display/DSPACE/Testing+DSpace+7+Pull+Requests for information on setting up a suitable environment.
The "curl" command on the local workstation.
Verify that:
Checklist
This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome). If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!
pom.xml
), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.