From 591a95b380a3e3fb34824f8f32a7f8d984d3cd4b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Ramos?= <andre.ramos@hitachivantara.com>
Date: Tue, 27 Feb 2024 16:24:17 +0000
Subject: [PATCH] [BISERVER-15031] - Limit the PIR Export via REST API to the
 allowed types - null protection missing

---
 .../web/http/api/resources/RepositoryResource.java        | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
index 30955749a7..351de62d3f 100644
--- a/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
+++ b/extensions/src/main/java/org/pentaho/platform/web/http/api/resources/RepositoryResource.java
@@ -764,8 +764,12 @@ protected Response doService( String contextId, String resourceId ) throws Objec
   }
 
   private boolean validatePrptiOutputFormat() {
-    String outputFormat = this.httpServletRequest.getParameterMap().get( "output-target" )[0];
-    return AllowedPrptiTypes.getByType( outputFormat ) != null;
+    boolean valid = true;
+    if ( this.httpServletRequest.getParameterMap() != null && this.httpServletRequest.getParameterMap().containsKey( "output-target" ) ) {
+      String outputFormat = this.httpServletRequest.getParameterMap().get( "output-target" )[0];
+      valid = AllowedPrptiTypes.getByType( outputFormat ) != null;
+    }
+    return valid;
   }
 
   abstract class CGFactory implements ContentGeneratorDescriptor {