Skip to content

bug Potential NullPointerException in Sw360ProjectService.setObligationsFromAdminSection #3706

New issue
New issue
Open
#3709
Open
bug Potential NullPointerException in Sw360ProjectService.setObligationsFromAdminSection#3706
#3709
Labels
bugSomething isn't working
@ADITYA-CODE-SOURCE

Description

@ADITYA-CODE-SOURCE
ADITYA-CODE-SOURCE
opened on Feb 15, 2026

In Sw360ProjectService.java, the setObligationsFromAdminSection method has a potential NullPointerException vulnerability when the oblLevel parameter is null.
Location

  • File: rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/project/Sw360ProjectService.java
  • Lines: 738, 742, 746
    Issue
    The method calls oblLevel.equalsIgnoreCase(...) without checking if oblLevel is null. If oblLevel is null, it will throw NullPointerException.

Current Code (buggy):

if (oblLevel.equalsIgnoreCase("Project")) {
// ...
} else if (oblLevel.equalsIgnoreCase("Organization")) {
// ...
} else if (oblLevel.equalsIgnoreCase("Component")) {
// ...
}
Recommended Fix:

if ("Project".equalsIgnoreCase(oblLevel)) {
// ...
} else if ("Organization".equalsIgnoreCase(oblLevel)) {
// ...
} else if ("Component".equalsIgnoreCase(oblLevel)) {
// ...
}

This is a standard Java idiom to avoid NullPointerException - by putting the constant string first, if oblLevel is null, it simply returns false instead of throwing an NPE.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions