abhu85 opened a new issue, #11740:
URL: https://github.com/apache/maven/issues/11740
### Affected version
4.1.0-SNAPSHOT (master)
### Bug description
In
`impl/maven-impl/src/main/java/org/apache/maven/impl/model/DefaultModelValidator.java`,
the `validateProfileId()` method is missing a null check before calling
`validProfileIds.contains(id)`.
Since `validProfileIds` is a `ConcurrentHashMap.newKeySet()` (which doesn't
allow null keys), passing a null profile ID will throw a `NullPointerException`
instead of a proper validation error.
**Inconsistency:**
The same file has two similar validation methods with inconsistent null
handling:
```java
// Line ~1743 - HAS null check (correct)
private boolean validateCoordinateId(..., String id, ...) {
if (id != null && validCoordinatesIds.contains(id)) {
return true;
}
// ...
}
// Line ~1794 - MISSING null check (bug)
private boolean validateProfileId(..., String id, ...) {
if (validProfileIds.contains(id)) { // Will throw NPE if id is null
return true;
}
// ...
}
```
### Expected behavior
`validateProfileId()` should handle null IDs gracefully by either:
1. Adding a null check like `validateCoordinateId()` does: `if (id != null
&& validProfileIds.contains(id))`
2. Or letting the subsequent validation report the proper error message
### Steps to reproduce
1. Create a POM with a profile that has a null/missing ID
2. Run validation with Maven 4
3. Observe NPE instead of proper validation error
### Proposed fix
```java
// Change from:
if (validProfileIds.contains(id)) {
// To:
if (id != null && validProfileIds.contains(id)) {
```
This makes it consistent with `validateCoordinateId()` and the compat module
fix in #11739.
---
*Discovered during code review of #11739*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
