Skip to content

Add null check for ApiKeyPair in getUserByApiKey#12938

Open
daviftorres wants to merge 9 commits intoapache:mainfrom
daviftorres:getUserByApiKey-not-checking-for-null-pointers
Open

Add null check for ApiKeyPair in getUserByApiKey#12938
daviftorres wants to merge 9 commits intoapache:mainfrom
daviftorres:getUserByApiKey-not-checking-for-null-pointers

Conversation

@daviftorres
Copy link
Copy Markdown
Contributor

@daviftorres daviftorres commented Mar 31, 2026

Description

The function getUserByApiKey does not check for null pointers. This is likely safe from a security perspective, but it’s still a code smell and should be improved. It can be fixed easily using the same approach as in line 3160.

  • I classified this as an issue type "bug",
  • Since missing API keys are a common and expected condition (not all users have API Keys set),
  • And I marked the severity as trivial because (in my limited understanding) it does not appear to have any real impact.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • Build/CI
  • Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Bug Severity

  • BLOCKER
  • Critical
  • Major
  • Minor
  • Trivial

Screenshots (if appropriate):

How Has This Been Tested?

No, it was not tested, it is just a static analysis of the code.

How did you try to break this feature and the system with this change?

No.

@daviftorres
Merge pull request #1 from apache/main
9755ba5 
Pulling upstream.
@daviftorres
Merge branch 'apache:main' into main
e476a68
@daviftorres
Merge branch 'apache:main' into main
de4adaa
@daviftorres
Merge branch 'apache:main' into main
efafe00
@daviftorres
Merge branch 'apache:main' into main
6e9af51
@daviftorres
Merge branch 'apache:main' into main
b6b5bfd
@daviftorres
Add null check for ApiKeyPair in getUserByApiKey
a849925 
The function getUserByApiKey was not checking for null pointers. I think this is safe from the perspective of security, but this is a smell. And it can be easily addressed with the same solution used in line 3160.
@daviftorres daviftorres changed the title Get user by api key not checking for null pointers Add null check for ApiKeyPair in getUserByApiKey Mar 31, 2026
DaanHoogland
DaanHoogland approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm,

however, it is not needed because the only place AccountManagerImpl.getUserByApiKey(..) is from the API and the GetUserCmd has a required Parameter apiKey. That said, it doesn’t hurt to protect the system agains prodigy and add the null check. It would make more sense before usage in that case.

@codecov
Copy link
Copy Markdown

codecov bot commented Mar 31, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 3.52%. Comparing base (5d61ba3) to head (5d22e56).

❗ There is a different number of reports uploaded between BASE (5d61ba3) and HEAD (5d22e56). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (5d61ba3) HEAD (5d22e56)
unittests 1 0
Additional details and impacted files 
@@              Coverage Diff              @@
##               main   #12938       +/-   ##
=============================================
- Coverage     18.02%    3.52%   -14.50%     
=============================================
  Files          5973      464     -5509     
  Lines        537466    40063   -497403     
  Branches      65991     7534    -58457     
=============================================
- Hits          96855     1414    -95441     
+ Misses       429689    38461   -391228     
+ Partials      10922      188    -10734
Flag Coverage Δ
uitests 3.52% <ø> (ø)
unittests ?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DaanHoogland DaanHoogland DaanHoogland approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@daviftorres @DaanHoogland