我正在努力解决在某些对象不存在的情况下解析 json 文件时如何避免空指针豁免。我有一个 json 文件的 pojo 表示,以便更好地处理。下面是一个示例 json 文件:
{
"Registry": "docker.io",
"ImageName": "postgres",
"Tag": "latest",
"Layers": [
{
"Layer": {
"Name": "556f99c912b469ef5c176cb058a3eb32d06dc19f5f482115c760724bbb1b0da6",
"NamespaceName": "debian:8",
"IndexedByVersion": 3,
"Features": [
{
"Name": "db5.3",
"NamespaceName": "debian:8",
"Version": "5.3.28-9",
"Vulnerabilities": [
{
"Name": "CVE-2017-10140",
"NamespaceName": "debian:8",
"Link": "https://security-tracker.debian.org/tracker/CVE-2017-10140",
"Severity": "Unknown",
"FixedBy": "5.3.28-9+deb8u1"
}
],
"AddedBy": "556f99c912b469ef5c176cb058a3eb32d06dc19f5f482115c760724bbb1b0da6"
},
{
"Name": "adduser",
"NamespaceName": "debian:8",
"Version": "3.113+nmu3",
"AddedBy": "556f99c912b469ef5c176cb058a3eb32d06dc19f5f482115c760724bbb1b0da6"
}
这是我的类,它应该获取 ScanReport 对象,尤其是漏洞:
Layers layers = new Layers();
Layer layer = new Layer();
// List<Layers> de.security.reports.ScanReport.getLayers()
File reportFile = new File("reports/json/analysis-postgres-latest.json");
FileReader reader = new FileReader(reportFile);
JSONObject obj = new JSONObject();
ObjectMapper mapper = new ObjectMapper();
ScanReport tester = mapper.readValue(reportFile, ScanReport.class);
List<Layers> layerList = tester.getLayers();
List<Feature> featureList;
List<Vulnerability> vulnerabilities = null;
for (Layers layers2 : layerList) {
featureList = layers2.getLayer().getFeatures();
System.out.println("Number of features: " + featureList.size());
System.out.println("***************************************************************");
for (Feature feature : featureList) {
System.out.println("Feature name :" + feature.getName());
if (feature.getVulnerabilities().equals(" ") || feature.getVulnerabilities().isEmpty()
|| feature.getVulnerabilities().size() == 0) {
System.out.println("no vulnerability found");
} else {
vulnerabilities = feature.getVulnerabilities();
System.out.println("------------------------------------------------------------");
for (Vulnerability vulnerability : vulnerabilities) {
System.out.println(" === Vulnerabilities === ");
System.out.println("CVE: " + vulnerability.getName());
System.out.println("Namespace: " + vulnerability.getNamespaceName());
}
}
}
}
}
您的问题似乎与序列化无关。我认为你的状况很糟糕,试试这个:
if (feature.getVulnerabilities() == null || feature.getVulnerabilities().equals(" ") || feature.getVulnerabilities().isEmpty() || feature.getVulnerabilities().size() == 0)
使用注释
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
@JsonIgnoreProperties(ignoreUnknown = true)
public class MyMappingClass {
}
请参阅 JsonIgnoreProperties on Jackson 联机文档。
使用配置比注释侵入性小。
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
ObjectReader objectReader = objectMapper.reader(MyMappingClass.class);
MyMappingClass myMappingClass = objectReader.readValue(json);
请参阅FAIL_ON_UNKNOWN_PROPERTIES杰克逊在线文档。