fix: check on possible null pointer dereference

[rng70-or]

Motivation

In file: DeserializationModelCreator.java, class: DeserializationModelCreator, there is a method createObjectDeserializer that there is a potential Null pointer dereference. This may throw an unexpected null pointer exception which, if unhandled, may crash the program. A developer should introduce null checks in the appropriate path or initialize the object explicitly.

Path of Possible Null Pointer Dereference

In file DeserializationModelCreator.java the following line of code (line 226)

CreatorModel creatorModel = creator.findByName(s);

invokes a method call of JsonbCreator class findByName

public CreatorModel findByName(String paramName) {
        for (CreatorModel param : params) {
            if (param.getName().equals(paramName)) {
                return param;
            }
        }
        return null;
    }

which can return null which was not properly checked before referencing CreatorModel from DeserializationModelCreator.java (line 227)

Sponsorship and Support:

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.