Fix potential NPE in quarkus-csrf-reactive when no MediaType is found

- Fixes #35285
quarkusio · Aug 10, 2023 · 0330d89 · 0330d89
1 parent cefaf6d
commit 0330d89
Showing 1 changed file with 11 additions and 13 deletions.
diff --git a/...ime/src/main/java/io/quarkus/csrf/reactive/runtime/CsrfRequestResponseReactiveFilter.java b/...ime/src/main/java/io/quarkus/csrf/reactive/runtime/CsrfRequestResponseReactiveFilter.java
@@ -96,18 +96,21 @@ public void filter(ResteasyReactiveContainerRequestContext requestContext, Routi
             }
         } else if (config.verifyToken) {
             // unsafe HTTP method, token is required
-
-            if (!isMatchingMediaType(requestContext.getMediaType(), MediaType.APPLICATION_FORM_URLENCODED_TYPE)
-                    && !isMatchingMediaType(requestContext.getMediaType(), MediaType.MULTIPART_FORM_DATA_TYPE)) {
+            MediaType mediaType = requestContext.getMediaType();
+            // If no media type is sent, assume application/x-www-form-urlencoded
+            if (mediaType == null) {
+                mediaType = MediaType.APPLICATION_FORM_URLENCODED_TYPE;
+            }
+            if (!MediaType.APPLICATION_FORM_URLENCODED_TYPE.isCompatible(mediaType)
+                    && !MediaType.MULTIPART_FORM_DATA_TYPE.isCompatible(mediaType)) {
                 if (config.requireFormUrlEncoded) {
-                    LOG.debugf("Request has the wrong media type: %s", requestContext.getMediaType().toString());
+                    LOG.debugf("Request has the wrong media type: %s", mediaType.toString());
                     requestContext.abortWith(badClientRequest());
-                    return;
                 } else {
-                    LOG.debugf("Request has the  media type: %s, skipping the token verification",
-                            requestContext.getMediaType().toString());
-                    return;
+                    LOG.debugf("Request has the media type: %s, skipping the token verification",
+                            mediaType.toString());
                 }
+                return;
             }
 
             if (!requestContext.hasEntity()) {
@@ -148,11 +151,6 @@ public void filter(ResteasyReactiveContainerRequestContext requestContext, Routi
         }
     }
 
-    private static boolean isMatchingMediaType(MediaType contentType, MediaType expectedType) {
-        return contentType.getType().equals(expectedType.getType())
-                && contentType.getSubtype().equals(expectedType.getSubtype());
-    }
-
     private static Response badClientRequest() {
         return Response.status(400).build();
     }