NPE on empty request for scan/passive
Closed this issue · 1 comments
tharvik commented
I was able to trigger a NPE with
curl -i http://localhost:8001/scan/passive -X POST -H 'Content-Type: application/json' -d '{"host": "liftsecurity.io", "port": 443, "useHttps": true, "request": "", "response": "SFRUUCAyMDAgT0s="}'java.lang.NullPointerException
at burp.mrc.doPassiveScan(Unknown Source)
at burp.ApiServer.lambda$new$22(ApiServer.java:233)
at spark.SparkBase$1.handle(SparkBase.java:174)
at spark.webserver.MatcherFilter.doFilter(MatcherFilter.java:144)
at spark.webserver.JettyHandler.doHandle(JettyHandler.java:54)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:179)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:451)
at org.eclipse.jetty.server.HttpChannel.run(HttpChannel.java:252)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:266)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:240)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:596)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:527)
at java.lang.Thread.run(Thread.java:745)
tomsteele commented
Great find! This will for sure be fixed in 3.0.0