Skip to content

Added null check to CorsPolicyBuilder #19831

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
5 commits merged into from
Mar 30, 2020

Conversation

chrispickford
Copy link
Contributor

It was noticed that there is no null checking in the CorsPolicyBuilder.GetNormalizedOrigin method after a NullReferenceException was picked up. In the case that a null string is passed to the method via WithOrigins (in our case it was because a configuration file read failed) this change throws an ArgumentNullException which gives a clearer indication of what has failed.

Addresses #19830

@dnfclas
Copy link

dnfclas commented Mar 13, 2020

CLA assistant check
All CLA requirements met.

Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable to me. Thanks for the fix!

@ghost
Copy link

ghost commented Mar 13, 2020

Hello @anurse!

Because this pull request has the auto-merge label, I will be glad to assist with helping to merge this pull request once all check-in policies pass.

p.s. you can customize the way I help with merging this pull request, such as holding this pull request until a specific person approves. Simply @mention me (@msftbot) and give me an instruction to get started! Learn more here.

@mkArtakMSFT mkArtakMSFT added area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates and removed area-middleware labels Mar 13, 2020
Copy link
Contributor

@analogrelay analogrelay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the test you added is failing:

Assert.Throws() Failure

Expected: typeof(System.ArgumentNullException)

Actual: typeof(System.NullReferenceException): Object reference not set to an instance of an object.

---- System.NullReferenceException : Object reference not set to an instance of an object.

Looking at sharplab, what your test actually does is pass a null array rather than an array with a null item.

Working with params is a little tricky, as you can see since I approved the change without realizing this would happen! Good thing we have tests!

I'd suggest a few changes here:

  1. Add a null-check directly on WithOrigins and keep the current test you've added

  2. Add a second test that explicitly constructs an array with an empty element and passes it to WithOrigins (i.e. .WithOrigins(new string[] { "foo", null, "bar" })) and validate that the inner ArgumentNullException is properly thrown.

I think that will resolve the issue and add a little more coverage here.

@mkArtakMSFT
Copy link
Contributor

@chrispickford you still haven't addressed @anurse 's comment regarding what you're actually testing. Your test doesn't match your change. Do you want to give this another try?

@mkArtakMSFT mkArtakMSFT self-assigned this Mar 18, 2020
@chrispickford
Copy link
Contributor Author

@mkArtakMSFT @anurse Apologies for the delay, I've updated the test and added extra null check.

@chrispickford
Copy link
Contributor Author

@anurse @Tratcher I'm not sure what's going on with the CI build. Any pointers?

@mkArtakMSFT mkArtakMSFT reopened this Mar 29, 2020
@mkArtakMSFT
Copy link
Contributor

Closed and reopened the PR to re-trigger the build

@mkArtakMSFT mkArtakMSFT requested a review from analogrelay March 29, 2020 07:39
@mkArtakMSFT
Copy link
Contributor

@anurse this is blocked on you to sign-off.

@analogrelay
Copy link
Contributor

I’m not able to do it from my phone but I’m happy to have my review dismissed to unblock merging if there are other approving reviews.

@ghost ghost merged commit 3eb778f into dotnet:master Mar 30, 2020
@chrispickford chrispickford deleted the corspolicybuilder-nullref branch July 28, 2020 13:01
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants