Short Summary of the Bug
SDK's getModalityQuality() may return no entry for the queried BiometricType; auto-unboxing causes NPE
Description
Summary
getSDKScore() auto-unboxes the Float returned by scoreMap.get(biometricType) directly to double.
If the SDK's getModalityQuality() does not populate an entry for the queried BiometricType,
get() returns null and the unboxing throws an unchecked NullPointerException.
Affected File
registration-services/src/main/java/io/mosip/registration/service/bio/impl/BioServiceImpl.java
Code
Map<BiometricType, Float> scoreMap = bioAPIFactory
.getBioProvider(biometricType, BiometricFunction.QUALITY_CHECK)
.getModalityQuality(birList, null);
return scoreMap.get(biometricType); // NPE if key absent — Float null unboxed to double
Impact
The NPE is not a BiometricException, so it escapes the catch block at line ~104 and
falls into the generic catch (Throwable t) at line ~114, where it gets re-thrown as
MDS_RCAPTURE_ERROR — misclassifying an SDK quality check failure as an MDM capture failure.
This makes root cause diagnosis significantly harder.
Steps to Reproduce
- Configure
mosip.registration.quality_check_with_sdk=Enable
- Use an SDK implementation whose
getModalityQuality() returns a map without an entry
for the captured modality (e.g., IRIS when only FINGER is keyed)
- Attempt biometric capture — registration client throws
MDS_RCAPTURE_ERROR
with no MDM involvement
Expected Behavior
A null-safe check with a descriptive BiometricException:
Float score = scoreMap.get(biometricType);
if (score == null) {
throw new BiometricException(
"SDK_SCORE_NULL",
"SDK did not return quality score for " + biometricType
);
}
return score.doubleValue();
Attachments / Evidence / Links
No response
Short Summary of the Bug
SDK's getModalityQuality() may return no entry for the queried BiometricType; auto-unboxing causes NPE
Description
Summary
getSDKScore()auto-unboxes theFloatreturned byscoreMap.get(biometricType)directly todouble.If the SDK's
getModalityQuality()does not populate an entry for the queriedBiometricType,get()returnsnulland the unboxing throws an uncheckedNullPointerException.Affected File
registration-services/src/main/java/io/mosip/registration/service/bio/impl/BioServiceImpl.javaCode
Impact
The NPE is not a
BiometricException, so it escapes the catch block at line ~104 andfalls into the generic
catch (Throwable t)at line ~114, where it gets re-thrown asMDS_RCAPTURE_ERROR— misclassifying an SDK quality check failure as an MDM capture failure.This makes root cause diagnosis significantly harder.
Steps to Reproduce
mosip.registration.quality_check_with_sdk=EnablegetModalityQuality()returns a map without an entryfor the captured modality (e.g., IRIS when only FINGER is keyed)
MDS_RCAPTURE_ERRORwith no MDM involvement
Expected Behavior
A null-safe check with a descriptive
BiometricException:Attachments / Evidence / Links
No response