Fix Potential Null Dereference

[rng70-or]

In file: WorkerUtils.java, method loadProperties() returns a null value on condition. Which can later raise a NullPointerException if not handled properly.

For an example,

public static Properties loadAndValidateHelixProps(String helixConfigFile) {
    Properties properties = loadProperties(helixConfigFile);
    if (!properties.containsKey(Constants.HELIX_ZK_SERVER)) {
      String msg = String
          .format("properties %s required on helix config file: %s", Constants.HELIX_ZK_SERVER,
              helixConfigFile);
      LOGGER.info(msg);
      throw new IllegalArgumentException(msg);
    }

    return properties;
  }

here variable properties is assigned the returned value of that method which can be initialized with null value. If so, then later inside the if-statement it will raise a null pointer exception.

A fix was not generated here because it is significantly difficult to generate a fix here since the method that returns the null value is used in many places. Possibly a case for empty Properties to be used or in every places check if the returned value is null or not.

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.