Fix NPE vulnerability in ApiException getCode/getStatusCode by changing return type

jimm-porch · jimm-porch · commit 2f5f63c819f0 · 2016-11-28T12:10:05.000-08:00
to a nullable value (just like com.twilio.exception.RestException)
diff --git a/src/main/java/com/twilio/exception/ApiException.java b/src/main/java/com/twilio/exception/ApiException.java
@@ -44,15 +44,15 @@ public ApiException(final String message, final Integer code, final String moreI
         this.status = status;
     }
 
-    public int getCode() {
+    public Integer getCode() {
         return code;
     }
 
     public String getMoreInfo() {
         return moreInfo;
     }
 
-    public int getStatusCode() {
+    public Integer getStatusCode() {
         return status;
     }
 }
diff --git a/src/test/java/com/twilio/exception/ApiExceptionTest.java b/src/test/java/com/twilio/exception/ApiExceptionTest.java
@@ -0,0 +1,53 @@
+package com.twilio.exception;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertSame;
+
+@SuppressWarnings("ThrowableInstanceNeverThrown")
+public class ApiExceptionTest {
+
+    private final String anyMessage = "message for test";
+    private final Throwable anyCause = new RuntimeException("some root cause");
+    private final String anyMoreInfo = "more info";
+    private final int anyErrorCode = 123;
+    private final int anyHttpStatus = 200;
+
+
+    @Test
+    public void singleArgConstructorShouldPreserveMessage() {
+        ApiException error = new ApiException(anyMessage);
+        assertEquals(anyMessage, error.getMessage());
+    }
+
+    @Test
+    public void twoArgConstructorShouldPreserveMessageAndCause() {
+        ApiException error = new ApiException(anyMessage, anyCause);
+        assertEquals("Message", anyMessage, error.getMessage());
+        assertSame("Cause", anyCause, error.getCause());
+    }
+
+    @Test
+    public void fullConstructorShouldPreserveAllValues() {
+        ApiException error = new ApiException(anyMessage, anyErrorCode, anyMoreInfo, anyHttpStatus, anyCause);
+        assertEquals("Message", anyMessage, error.getMessage());
+        assertSame("Cause", anyCause, error.getCause());
+        assertEquals("More info", anyMoreInfo, error.getMoreInfo());
+        assertEquals("Error code", anyErrorCode, error.getCode().intValue());
+        assertEquals("Status code", anyHttpStatus, error.getStatusCode().intValue());
+    }
+
+    @Test
+    public void getCodeShouldNotThrowExceptionWhenCodeIsNull() {
+        ApiException error = new ApiException(anyMessage);
+        assertEquals(null, error.getCode());
+    }
+
+    @Test
+    public void getStatusCodeShouldNotThrowExceptionWhenCodeIsNull() {
+        ApiException error = new ApiException(anyMessage);
+        assertEquals(null, error.getStatusCode());
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -44,15 +44,15 @@ public ApiException(final String message, final Integer code, final String moreI`
`44`	`44`	`this.status = status;`
`45`	`45`	`}`
`46`	`46`
`47`		`- public int getCode() {`
	`47`	`+ public Integer getCode() {`
`48`	`48`	`return code;`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`public String getMoreInfo() {`
`52`	`52`	`return moreInfo;`
`53`	`53`	`}`
`54`	`54`
`55`		`- public int getStatusCode() {`
	`55`	`+ public Integer getStatusCode() {`
`56`	`56`	`return status;`
`57`	`57`	`}`
`58`	`58`	`}`