sonatype-lift[bot] commented on code in PR #975:
URL: https://github.com/apache/solr/pull/975#discussion_r948381273


##########
solr/core/src/java/org/apache/solr/security/AuthorizationUtils.java:
##########
@@ -0,0 +1,126 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.solr.security;
+
+import org.apache.http.HttpStatus;
+import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.core.CoreContainer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.lang.invoke.MethodHandles;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import static org.apache.solr.common.cloud.ZkStateReader.COLLECTION_PROP;
+import static 
org.apache.solr.common.params.CollectionParams.CollectionAction.CREATE;
+import static 
org.apache.solr.common.params.CollectionParams.CollectionAction.DELETE;
+import static 
org.apache.solr.common.params.CollectionParams.CollectionAction.RELOAD;
+import static org.apache.solr.servlet.HttpSolrCall.shouldAudit;
+
+public class AuthorizationUtils {
+    private static final Logger log = 
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+    private AuthorizationUtils() { /* Private ctor prevents instantiation */}
+
+    public static class AuthorizationFailure {
+        private final int statusCode;
+        private final String message;
+        public AuthorizationFailure(int statusCode, String message) {
+            this.statusCode = statusCode;
+            this.message = message;
+        }
+
+        public int getStatusCode() { return statusCode; }
+        public String getMessage() { return message; }
+    }
+
+    public static AuthorizationFailure authorize(HttpServletRequest 
servletReq, HttpServletResponse response,
+                                               CoreContainer cores, 
AuthorizationContext context) throws IOException {
+        log.debug("AuthorizationContext : {}", context);
+        AuthorizationResponse authResponse = 
cores.getAuthorizationPlugin().authorize(context);

Review Comment:
   💬 3 similar findings have been found in this PR
   
   ---
   
   *NULL_DEREFERENCE:*  object returned by `cores.getAuthorizationPlugin()` 
could be null and is dereferenced at line 60.
   
   ---
   
   <details><summary><b>Expand here to view all instances of this 
finding</b></summary><br/>
   
   <div align="center">
   
   | **File Path** | **Line Number** |
   | ------------- | ------------- |
   | solr/core/src/java/org/apache/solr/schema/BBoxField.java | 
[142](https://github.com/gerlowskija/solr/blob/f2959369e5541d377ee6ef34ae703ab4013b79d5/solr/core/src/java/org/apache/solr/schema/BBoxField.java#L142)|
   | solr/core/src/java/org/apache/solr/handler/component/QueryComponent.java | 
[1422](https://github.com/gerlowskija/solr/blob/f2959369e5541d377ee6ef34ae703ab4013b79d5/solr/core/src/java/org/apache/solr/handler/component/QueryComponent.java#L1422)|
   | solr/core/src/java/org/apache/solr/handler/component/QueryComponent.java | 
[1512](https://github.com/gerlowskija/solr/blob/f2959369e5541d377ee6ef34ae703ab4013b79d5/solr/core/src/java/org/apache/solr/handler/component/QueryComponent.java#L1512)|
   <p><a 
href="https://lift.sonatype.com/results/github.com/apache/solr/01GAPMKNSD4R1GX3CC4ST9P9MV?t=Infer|NULL_DEREFERENCE"
 target="_blank">Visit the Lift Web Console</a> to find more details in your 
report.</p></div></details>
   
   
   
   ---
   
   Reply with *"**@sonatype-lift help**"* for info about LiftBot commands.
   Reply with *"**@sonatype-lift ignore**"* to tell LiftBot to leave out the 
above finding from this PR.
   Reply with *"**@sonatype-lift ignoreall**"* to tell LiftBot to leave out all 
the findings from this PR and from the status bar in Github.
   
   When talking to LiftBot, you need to **refresh** the page to see its 
response. [Click here](https://help.sonatype.com/lift/talking-to-lift) to get 
to know more about LiftBot commands.
   
   ---
   
   Was this a good recommendation?
   [ [🙁 Not 
relevant](https://www.sonatype.com/lift-comment-rating?comment=317126461&lift_comment_rating=1)
 ] - [ [😕 Won't 
fix](https://www.sonatype.com/lift-comment-rating?comment=317126461&lift_comment_rating=2)
 ] - [ [😑 Not critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=317126461&lift_comment_rating=3)
 ] - [ [🙂 Critical, will 
fix](https://www.sonatype.com/lift-comment-rating?comment=317126461&lift_comment_rating=4)
 ] - [ [😊 Critical, fixing 
now](https://www.sonatype.com/lift-comment-rating?comment=317126461&lift_comment_rating=5)
 ]



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to