From 1c6286f3bcec1cb31aa67e8b24f74cbb9bc06dce Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 6 Mar 2019 10:22:46 -0500 Subject: [PATCH 1/2] Add a null check of type before type is used --- .../autopsy/centralrepository/datamodel/AbstractSqlEamDb.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java index 5dc8bff71f..e81f248c8e 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java @@ -1095,6 +1095,9 @@ abstract class AbstractSqlEamDb implements EamDb { * @throws CorrelationAttributeNormalizationException */ private String prepareGetInstancesSql(CorrelationAttributeInstance.Type aType, List values) throws CorrelationAttributeNormalizationException { + if (aType == null) { + throw new CorrelationAttributeNormalizationException("Cannot get instances for null correlation type"); + } String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); String sql = "SELECT " From b5cd66fe7fa5b203360d9f77aba1fde5d7cd87de Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 6 Mar 2019 11:46:31 -0500 Subject: [PATCH 2/2] Move checks for argument validity to public methods --- .../datamodel/AbstractSqlEamDb.java | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java index e81f248c8e..37e0bf59f2 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java @@ -1060,16 +1060,34 @@ abstract class AbstractSqlEamDb implements EamDb { @Override public List getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException { + if (value == null) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances for null value"); + } return getArtifactInstancesByTypeValues(aType, Arrays.asList(value)); } @Override public List getArtifactInstancesByTypeValues(CorrelationAttributeInstance.Type aType, List values) throws EamDbException, CorrelationAttributeNormalizationException { + if (aType == null) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances for null type"); + } + if (values == null || values.isEmpty()) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances without specified values"); + } return getArtifactInstances(prepareGetInstancesSql(aType, values), aType); } @Override public List getArtifactInstancesByTypeValuesAndCases(CorrelationAttributeInstance.Type aType, List values, List caseIds) throws EamDbException, CorrelationAttributeNormalizationException { + if (aType == null) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances for null type"); + } + if (values == null || values.isEmpty()) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances without specified values"); + } + if (caseIds == null || caseIds.isEmpty()) { + throw new CorrelationAttributeNormalizationException("Cannot get artifact instances without specified cases"); + } String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); String sql = " and " @@ -1095,9 +1113,6 @@ abstract class AbstractSqlEamDb implements EamDb { * @throws CorrelationAttributeNormalizationException */ private String prepareGetInstancesSql(CorrelationAttributeInstance.Type aType, List values) throws CorrelationAttributeNormalizationException { - if (aType == null) { - throw new CorrelationAttributeNormalizationException("Cannot get instances for null correlation type"); - } String tableName = EamDbUtil.correlationTypeToInstanceTableName(aType); String sql = "SELECT "