hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-08 20:20:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4548 from asgerf/js/handle-empty-package-json

Browse Source 
Approved by erik-krogh
This commit is contained in:
CodeQL CI
2020-10-26 11:51:12 +00:00
committed by GitHub
parent 68876b02fe c353f61091
commit e825af2791
6 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java
View File

@@ -19,6 +19,8 @@ import java.util.List;
import java.util.regex.Pattern;
import com.google.gson.Gson;
import com.google.gson.JsonParseException;
import com.semmle.js.dependencies.packument.Packument;
import org.apache.commons.compress.archivers.tar.TarArchiveEntry;
@@ -84,7 +86,13 @@ public class Fetcher {
}
System.out.println("Fetching package metadata for " + packageName);
try (Reader reader = new BufferedReader(new InputStreamReader(fetch("https://registry.npmjs.org/" + packageName)))) {
return new Gson().fromJson(reader, Packument.class);
Packument packument = new Gson().fromJson(reader, Packument.class);
if (packument == null) {
throw new IOException("Malformed packument for " + packageName);
}
return packument;
} catch (JsonParseException ex) {
throw new IOException("Malformed packument for " + packageName, ex);
}
}

3
javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java
View File

@@ -746,6 +746,9 @@ protected DependencyInstallationResult preparePackagesAndDependencies(Set<Path>
if (file.getFileName().toString().equals("package.json")) {
try {
PackageJson packageJson = new Gson().fromJson(new WholeIO().read(file), PackageJson.class);
if (packageJson == null) {
continue;
}
file = file.toAbsolutePath();
if (tryRelativize(sourceRoot, file) == null) {
continue; // Ignore package.json files outside the source root.

4
javascript/ql/test/library-tests/MalformedPackageJson/Test.expected Normal file
View File

@@ -0,0 +1,4 @@
files
| nullContents/package.json:0:0:0:0 | nullContents/package.json |
| tst.js:0:0:0:0 | tst.js |
packageJsons

5
javascript/ql/test/library-tests/MalformedPackageJson/Test.ql Normal file
View File

@@ -0,0 +1,5 @@
import javascript
query File files() { any() }
query PackageJSON packageJsons() { any() }

1
javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json Normal file
View File

@@ -0,0 +1 @@
null

2
javascript/ql/test/library-tests/MalformedPackageJson/tst.js Normal file
View File

@@ -0,0 +1,2 @@
// This file is just here to ensure some JS code is extracted
let x = 'hey';