diff --git a/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java b/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java index 79fc7c2c65a..fa996f1b34e 100644 --- a/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java +++ b/javascript/extractor/src/com/semmle/js/dependencies/Fetcher.java @@ -19,6 +19,8 @@ import java.util.List; import java.util.regex.Pattern; import com.google.gson.Gson; +import com.google.gson.JsonParseException; + import com.semmle.js.dependencies.packument.Packument; import org.apache.commons.compress.archivers.tar.TarArchiveEntry; @@ -84,7 +86,13 @@ public class Fetcher { } System.out.println("Fetching package metadata for " + packageName); try (Reader reader = new BufferedReader(new InputStreamReader(fetch("https://registry.npmjs.org/" + packageName)))) { - return new Gson().fromJson(reader, Packument.class); + Packument packument = new Gson().fromJson(reader, Packument.class); + if (packument == null) { + throw new IOException("Malformed packument for " + packageName); + } + return packument; + } catch (JsonParseException ex) { + throw new IOException("Malformed packument for " + packageName, ex); } } diff --git a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java index 8b9438a52ac..5ebe88d3584 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java +++ b/javascript/extractor/src/com/semmle/js/extractor/AutoBuild.java @@ -746,6 +746,9 @@ protected DependencyInstallationResult preparePackagesAndDependencies(Set if (file.getFileName().toString().equals("package.json")) { try { PackageJson packageJson = new Gson().fromJson(new WholeIO().read(file), PackageJson.class); + if (packageJson == null) { + continue; + } file = file.toAbsolutePath(); if (tryRelativize(sourceRoot, file) == null) { continue; // Ignore package.json files outside the source root. diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/Test.expected b/javascript/ql/test/library-tests/MalformedPackageJson/Test.expected new file mode 100644 index 00000000000..6e33d556817 --- /dev/null +++ b/javascript/ql/test/library-tests/MalformedPackageJson/Test.expected @@ -0,0 +1,4 @@ +files +| nullContents/package.json:0:0:0:0 | nullContents/package.json | +| tst.js:0:0:0:0 | tst.js | +packageJsons diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/Test.ql b/javascript/ql/test/library-tests/MalformedPackageJson/Test.ql new file mode 100644 index 00000000000..3f0d3eb4607 --- /dev/null +++ b/javascript/ql/test/library-tests/MalformedPackageJson/Test.ql @@ -0,0 +1,5 @@ +import javascript + +query File files() { any() } + +query PackageJSON packageJsons() { any() } diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json b/javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json new file mode 100644 index 00000000000..ec747fa47dd --- /dev/null +++ b/javascript/ql/test/library-tests/MalformedPackageJson/nullContents/package.json @@ -0,0 +1 @@ +null \ No newline at end of file diff --git a/javascript/ql/test/library-tests/MalformedPackageJson/tst.js b/javascript/ql/test/library-tests/MalformedPackageJson/tst.js new file mode 100644 index 00000000000..2c3e68a8966 --- /dev/null +++ b/javascript/ql/test/library-tests/MalformedPackageJson/tst.js @@ -0,0 +1,2 @@ +// This file is just here to ensure some JS code is extracted +let x = 'hey';