What is the bug?
ApacheHttpClient5Options.of(...) and RestClientOptions.of(...) assume TransportOptions.queryParameters() is non-null.
Both methods call .forEach(...) directly.
If queryParameters() returns null, they throw NullPointerException.
How can one reproduce the bug?
- Create a
TransportOptions implementation where queryParameters() returns null.
- Call
ApacheHttpClient5Options.of(customOptions) or RestClientOptions.of(customOptions).
NullPointerException is thrown.
What is the expected behavior?
Both methods should handle null query parameters as empty parameters and not throw.
Do you have any additional context?
options == null is already guarded by call sites, so this issue is not about null options:
ApacheHttpClient5Transport.java:141ApacheHttpClient5Transport.java:177RestClientTransport.java:109RestClientTransport.java:201
options.headers() is effectively non-null in built-in implementations:
TransportOptions.DefaultImpl always initializes headers to an empty/non-empty list:
TransportOptions.java:139headers() returns that list directly:
TransportOptions.java:145ApacheHttpClient5Options.headers() and RestClientOptions.headers() both return collected lists, not null:
ApacheHttpClient5Options.java:68
RestClientOptions.java:88
However, the parameter map (queryParameters()) can be null today:
ApacheHttpClient5Options.java:73RestClientOptions.java:96
And both conversion methods call .forEach(...) on it without a null check:
ApacheHttpClient5Options.java:229RestClientOptions.java:66
So the concrete NPE source in this issue is queryParameters() == null, not options == null.
As a defensive hardening step, we can also guard against options == null and options.headers() == null in these conversion methods, even though they are not the primary failure path in this issue.
What is the bug?
ApacheHttpClient5Options.of(...)andRestClientOptions.of(...)assumeTransportOptions.queryParameters()is non-null.Both methods call
.forEach(...)directly.If
queryParameters()returnsnull, they throwNullPointerException.How can one reproduce the bug?
TransportOptionsimplementation wherequeryParameters()returnsnull.ApacheHttpClient5Options.of(customOptions)orRestClientOptions.of(customOptions).NullPointerExceptionis thrown.What is the expected behavior?
Both methods should handle
nullquery parameters as empty parameters and not throw.Do you have any additional context?
options == nullis already guarded by call sites, so this issue is not about nulloptions:ApacheHttpClient5Transport.java:141ApacheHttpClient5Transport.java:177RestClientTransport.java:109RestClientTransport.java:201options.headers()is effectively non-null in built-in implementations:TransportOptions.DefaultImplalways initializesheadersto an empty/non-empty list:TransportOptions.java:139headers()returns that list directly:TransportOptions.java:145ApacheHttpClient5Options.headers()andRestClientOptions.headers()both return collected lists, not null:ApacheHttpClient5Options.java:68RestClientOptions.java:88However, the parameter map (
queryParameters()) can be null today:ApacheHttpClient5Options.java:73RestClientOptions.java:96And both conversion methods call
.forEach(...)on it without a null check:ApacheHttpClient5Options.java:229RestClientOptions.java:66So the concrete NPE source in this issue is
queryParameters() == null, notoptions == null.As a defensive hardening step, we can also guard against
options == nullandoptions.headers() == nullin these conversion methods, even though they are not the primary failure path in this issue.