One NPE in RouterChain.java

[containerAnalyzer]

Hello,

Our static analyzer found a following potential NPE. We have checked the feasibility of this execution trace. It is necessary to defend this vulnerability to improve the code quality.

Here is the bug trace.

1. Return null to caller
   

   sofa-rpc/core/api/src/main/java/com/alipay/sofa/rpc/ext/ExtensionLoader.java

   Line 428 in 4f824e2

   return all == null ? null : all.get(alias);

2. Function getExtensionClass executes and stores the return value to the parameter of add, which can be null
   

   sofa-rpc/core/api/src/main/java/com/alipay/sofa/rpc/client/RouterChain.java

   Line 149 in 4f824e2

   extensionRouters.add(EXTENSION_LOADER.getExtensionClass(routerAlias));

3. Function add executes and returns. One of the elements in extensionRouters can be null.
   

   sofa-rpc/core/api/src/main/java/com/alipay/sofa/rpc/client/RouterChain.java

   Line 149 in 4f824e2

   extensionRouters.add(EXTENSION_LOADER.getExtensionClass(routerAlias));

4. Function next executes and stores the return value to extensionRouter (extensionRouter can be null)
   

   sofa-rpc/core/api/src/main/java/com/alipay/sofa/rpc/client/RouterChain.java

   Line 167 in 4f824e2

   for (ExtensionClass<Router> extensionRouter : extensionRouters) {

5. extensionRouter is passed as this pointer to function getExtInstance (extensionRouter can be null), which will lead to null pointer dereference
   

   sofa-rpc/core/api/src/main/java/com/alipay/sofa/rpc/client/RouterChain.java

   Line 168 in 4f824e2

   Router actualRoute = extensionRouter.getExtInstance();

Commit: 4f824e2

[OrezzerO]

Thank you for reporting the bug. When ConsumerConfig is set a wrong router alias ,it will throw NPE.We will appreciate if you can submit a PR. 🙏