Skip to content

BCryptPasswordEncoder.encode() throws NPE #8317

New issue
New issue
Closed
Closed
BCryptPasswordEncoder.encode() throws NPE#8317
Assignees
rwinch
Labels
in: coreAn issue in spring-security-corestatus: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement
Milestone
5.4.0-M1
@alan-czajkowski

Description

@alan-czajkowski
alan-czajkowski
opened on Apr 2, 2020

spring-security/crypto/src/main/java/org/springframework/security/crypto/bcrypt/BCryptPasswordEncoder.java

Line 108 in 1de0cf5

return BCrypt.hashpw(rawPassword.toString(), salt);

BCryptPasswordEncoder.encode() throws a Null Pointer Exception (NPE) when passing in a null rawPassword and then rawPassword.toString() is called inside the method.

This method can and should be made null-safe, either:

  • check for null and return null, or
  • throw some kind of exception

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-corestatus: backportedAn issue that has been backported to maintenance branchestype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions