Merge pull request #4548 from asgerf/js/handle-empty-package-json

codeql-ci · web-flow · commit e825af2791ce · 2020-10-26T11:51:12.000Z
Approved by erik-krogh
diff --git a/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java b/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java
@@ -19,6 +19,8 @@
 import java.util.regex.Pattern;
 
 import com.google.gson.Gson;
+import com.google.gson.JsonParseException;
+
 import com.semmle.js.dependencies.packument.Packument;
 
 import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
@@ -84,7 +86,13 @@ public Packument getPackument(String packageName) throws IOException {
         }
         System.out.println("Fetching package metadata for " + packageName);
         try (Reader reader = new BufferedReader(new InputStreamReader(fetch("https://registry.npmjs.org/" + packageName)))) {
-            return new Gson().fromJson(reader, Packument.class);
+            Packument packument = new Gson().fromJson(reader, Packument.class);
+            if (packument == null) {
+                throw new IOException("Malformed packument for " + packageName);
+            }
+            return packument;
+        } catch (JsonParseException ex) {
+            throw new IOException("Malformed packument for " + packageName, ex);
         }
     }
 
diff --git a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
@@ -746,6 +746,9 @@ protected DependencyInstallationResult preparePackagesAndDependencies(Set<Path>
       if (file.getFileName().toString().equals("package.json")) {
         try {
           PackageJson packageJson = new Gson().fromJson(new WholeIO().read(file), PackageJson.class);
+          if (packageJson == null) {
+            continue;
+          }
           file = file.toAbsolutePath();
           if (tryRelativize(sourceRoot, file) == null) {
             continue; // Ignore package.json files outside the source root.
diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/Test.expected b/javascript/ql/test/library-tests/MalformedPackageJson/Test.expected
@@ -0,0 +1,4 @@
+files
+| nullContents/package.json:0:0:0:0 | nullContents/package.json |
+| tst.js:0:0:0:0 | tst.js |
+packageJsons
diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/Test.ql b/javascript/ql/test/library-tests/MalformedPackageJson/Test.ql
@@ -0,0 +1,5 @@
+import javascript
+
+query File files() { any() }
+
+query PackageJSON packageJsons() { any() }
diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json b/javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json
@@ -0,0 +1 @@
+null
diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/tst.js b/javascript/ql/test/library-tests/MalformedPackageJson/tst.js
@@ -0,0 +1,2 @@
+// This file is just here to ensure some JS code is extracted
+let x = 'hey';

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+// This file is just here to ensure some JS code is extracted`
	`2`	`+let x = 'hey';`