Description
In InMemoryProjectManager.java, the deleteProject() method performs a containsKey() check followed by a separate get() call on the ConcurrentHashMap. Between these two calls, another thread could remove the entry, causing project to be null and triggering a NullPointerException on the subsequent project.getStatus() call.
Location
platform-mlops/platform-mlops-core/src/main/java/org/flossware/platform/mlops/core/InMemoryProjectManager.java, lines 136-147
if (!projects.containsKey(projectId)) { // check
throw new IllegalArgumentException("Project not found: " + projectId);
}
MlProject project = projects.get(projectId); // get - could be null if removed between check and get
if (project.getStatus() != ProjectStatus.ARCHIVED) { // NPE possibleImpact
NullPointerException under concurrent access- This is a classic TOCTOU (time-of-check-time-of-use) bug
Suggested Fix
Use a single get() call and check the result for null:
MlProject project = projects.get(projectId);
if (project == null) {
throw new IllegalArgumentException("Project not found: " + projectId);
}Note: Issue #371 may relate to deleteProject() but appears to cover a different aspect. This issue specifically addresses the TOCTOU race.
Labels
bug
Description
In
InMemoryProjectManager.java, thedeleteProject()method performs acontainsKey()check followed by a separateget()call on theConcurrentHashMap. Between these two calls, another thread could remove the entry, causingprojectto benulland triggering aNullPointerExceptionon the subsequentproject.getStatus()call.Location
platform-mlops/platform-mlops-core/src/main/java/org/flossware/platform/mlops/core/InMemoryProjectManager.java, lines 136-147Impact
NullPointerExceptionunder concurrent accessSuggested Fix
Use a single
get()call and check the result for null:Note: Issue #371 may relate to
deleteProject()but appears to cover a different aspect. This issue specifically addresses the TOCTOU race.Labels
bug