Handle null headers properly in auth filters.

byteduck-exploit · byteduck-exploit · commit 086296a3fb4c · 2025-05-16T05:29:03.000+02:00
diff --git a/src/main/kotlin/org/exploit/keeper/filter/KeeperAuthFilter.kt b/src/main/kotlin/org/exploit/keeper/filter/KeeperAuthFilter.kt
@@ -22,12 +22,12 @@ class KeeperAuthFilter(
             return
 
         val instanceId = p0.getHeaderString(KeeperAuthenticator.HEADER_INSTANCE_ID)
-            .toIntOrNull() ?: throw NotAuthorizedException("Invalid instance id")
+            ?.toIntOrNull() ?: throw NotAuthorizedException("Invalid instance id")
 
         val signature = p0.getHeaderString(KeeperAuthenticator.HEADER_SIGNATURE)
             ?: throw NotAuthorizedException("Missing signature")
 
-        val timestamp = p0.getHeaderString(KeeperAuthenticator.HEADER_TIMESTAMP).toLongOrNull()
+        val timestamp = p0.getHeaderString(KeeperAuthenticator.HEADER_TIMESTAMP)?.toLongOrNull()
             ?: throw NotAuthorizedException("Missing timestamp")
 
         try {
diff --git a/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt b/src/main/kotlin/org/exploit/keeper/filter/MachineAuthFilter.kt
@@ -42,7 +42,7 @@ class MachineAuthFilter(
             return
         }
 
-        val token = ctx.getHeaderString(HEADER)
+        val token: String? = ctx.getHeaderString(HEADER)
 
         if (token.isNullOrBlank()) {
             ctx.abortWith(Response.status(Response.Status.UNAUTHORIZED).build())

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ class MachineAuthFilter(`
`42`	`42`	`return`
`43`	`43`	`}`
`44`	`44`
`45`		`- val token = ctx.getHeaderString(HEADER)`
	`45`	`+ val token: String? = ctx.getHeaderString(HEADER)`
`46`	`46`
`47`	`47`	`if (token.isNullOrBlank()) {`
`48`	`48`	`ctx.abortWith(Response.status(Response.Status.UNAUTHORIZED).build())`