Description
In NetworkServiceImpl.getVersionNoApp(), the application parses the network response directly using jsonDecode(response.body) without a surrounding try-catch block for format exceptions.
While the code checks for response.statusCode == 200, this does not guarantee the payload is valid JSON. If a proxy, firewall, or server misconfiguration intercepts the request and returns an HTML payload or an empty string with a 200 status, jsonDecode will immediately throw a fatal FormatException (e.g., Unexpected character). Because this exception is unhandled, it bypasses the normal error flow and causes a hard application crash.
Steps to Reproduce
- Intercept the network request to the actuator endpoint (using a tool like Charles Proxy or Postman).
- Return a
200 OK status, but change the response body to an empty string "" or a basic HTML string <html>Error</html>.
- Trigger the network call in the app.
- Observe the immediate
FormatException and fatal runtime crash in the console.
Expected Behavior
Network payloads must be treated as untrusted data. jsonDecode should be wrapped in a try-catch block specifically catching FormatException. If parsing fails, the app should gracefully handle it (e.g., returning a default value or showing an error UI) instead of crashing.
Environment
- Target File:
network_service_impl.dart
Proposed Solution
Wrap the jsonDecode logic inside a try-catch block. Catch the FormatException, log the parsing error, and handle the failure state safely without bringing down the application.
Description
In
NetworkServiceImpl.getVersionNoApp(), the application parses the network response directly usingjsonDecode(response.body)without a surroundingtry-catchblock for format exceptions.While the code checks for
response.statusCode == 200, this does not guarantee the payload is valid JSON. If a proxy, firewall, or server misconfiguration intercepts the request and returns an HTML payload or an empty string with a 200 status,jsonDecodewill immediately throw a fatalFormatException(e.g.,Unexpected character). Because this exception is unhandled, it bypasses the normal error flow and causes a hard application crash.Steps to Reproduce
200 OKstatus, but change the response body to an empty string""or a basic HTML string<html>Error</html>.FormatExceptionand fatal runtime crash in the console.Expected Behavior
Network payloads must be treated as untrusted data.
jsonDecodeshould be wrapped in atry-catchblock specifically catchingFormatException. If parsing fails, the app should gracefully handle it (e.g., returning a default value or showing an error UI) instead of crashing.Environment
network_service_impl.dartProposed Solution
Wrap the
jsonDecodelogic inside atry-catchblock. Catch theFormatException, log the parsing error, and handle the failure state safely without bringing down the application.