fix: guard against null in DetokenizeRequest.downloadUrl(null)

Devesh-Skyflow · claude · Devesh-Skyflow · commit a8026686fa07 · 2026-05-18T17:37:31.000+05:30
Calling .downloadUrl(null) previously stored null in the field, creating
an NPE risk for callers who read getDownloadUrl() back without a null
check. Now null -&gt; false (matching the default), consistent with the
continueOnError(null) guard in the same builder.

Added test: testDetokenizeRequestDownloadUrlNullTreatedAsFalse

Co-Authored-By: Claude Sonnet 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/src/main/java/com/skyflow/vault/tokens/DetokenizeRequest.java b/src/main/java/com/skyflow/vault/tokens/DetokenizeRequest.java
@@ -67,7 +67,7 @@ public DetokenizeRequestBuilder downloadURL(Boolean downloadURL) {
         }
 
         public DetokenizeRequestBuilder downloadUrl(Boolean downloadUrl) {
-            this.downloadUrl = downloadUrl;
+            this.downloadUrl = downloadUrl != null && downloadUrl;
             return this;
         }
 
diff --git a/src/test/java/com/skyflow/vault/controller/VaultControllerTests.java b/src/test/java/com/skyflow/vault/controller/VaultControllerTests.java
@@ -291,4 +291,12 @@ public void testDetokenizeRequestDownloadUrlDefaultIsFalse() {
         Assert.assertFalse("downloadUrl should be false by default", request.getDownloadUrl());
     }
 
+    @Test
+    public void testDetokenizeRequestDownloadUrlNullTreatedAsFalse() {
+        DetokenizeRequest request = DetokenizeRequest.builder()
+                .downloadUrl(null)
+                .build();
+        Assert.assertFalse("null downloadUrl should default to false — no NPE risk", request.getDownloadUrl());
+    }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,7 @@ public DetokenizeRequestBuilder downloadURL(Boolean downloadURL) {`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`public DetokenizeRequestBuilder downloadUrl(Boolean downloadUrl) {`
`70`		`- this.downloadUrl = downloadUrl;`
	`70`	`+ this.downloadUrl = downloadUrl != null && downloadUrl;`
`71`	`71`	`return this;`
`72`	`72`	`}`
`73`	`73`
Original file line number	Diff line number	Diff line change
`@@ -291,4 +291,12 @@ public void testDetokenizeRequestDownloadUrlDefaultIsFalse() {`
`291`	`291`	`Assert.assertFalse("downloadUrl should be false by default", request.getDownloadUrl());`
`292`	`292`	`}`
`293`	`293`
	`294`	`+ @Test`
	`295`	`+ public void testDetokenizeRequestDownloadUrlNullTreatedAsFalse() {`
	`296`	`+ DetokenizeRequest request = DetokenizeRequest.builder()`
	`297`	`+ .downloadUrl(null)`
	`298`	`+ .build();`
	`299`	`+ Assert.assertFalse("null downloadUrl should default to false — no NPE risk", request.getDownloadUrl());`
	`300`	`+ }`
	`301`	`+`
`294`	`302`	`}`