Added additional check when submitting an invalid payload to nsp. Corrected unit test.

dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java

@@ -27,6 +27,7 @@ import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.List;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.owasp.dependencycheck.utils.URLConnectionFactory;
 import org.slf4j.Logger;
@@ -81,9 +82,10 @@ public class NspSearch {
      *
      * @param packageJson the package.json file retrieved from the Dependency
      * @return a List of zero or more Advisory object
+     * @throws AnalysisException if Node Security Platform is unable to analyze the package
      * @throws IOException if it's unable to connect to Node Security Platform
      */
-    public List<Advisory> submitPackage(JsonObject packageJson) throws IOException {
+    public List<Advisory> submitPackage(JsonObject packageJson) throws AnalysisException, IOException {
         try {
             List<Advisory> result = new ArrayList<>();
             byte[] packageDatabytes = packageJson.toString().getBytes(StandardCharsets.UTF_8);
@@ -136,6 +138,10 @@ public class NspSearch {
                         }
                     }
                 }
+            } else if (conn.getResponseCode() == 400) {
+                LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}",
+                        conn.getResponseCode(), conn.getResponseMessage());
+                throw new AnalysisException("Could not perform NSP analysis. Invalid payload submitted to Node Security Platform.");
             } else {
                 LOGGER.debug("Could not connect to Node Security Platform. Received response code: {} {}",
                         conn.getResponseCode(), conn.getResponseMessage());

dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java

@@ -21,6 +21,7 @@ import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.owasp.dependencycheck.BaseTest;
+import org.owasp.dependencycheck.analyzer.exception.AnalysisException;
 import org.owasp.dependencycheck.utils.Settings;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -28,12 +29,10 @@ import javax.json.Json;
 import javax.json.JsonObject;
 import javax.json.JsonObjectBuilder;
 import javax.json.JsonReader;
-import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.util.List;
 import static org.junit.Assume.assumeFalse;
-import static org.junit.Assume.assumeTrue;
 import org.owasp.dependencycheck.utils.URLConnectionFailureException;
 
 public class NspSearchTest extends BaseTest {
@@ -59,13 +58,13 @@ public class NspSearchTest extends BaseTest {
             final List<Advisory> advisories = searcher.submitPackage(nspPayload);
             Assert.assertTrue(advisories.size() > 0);
         } catch (Exception ex) {
-           assumeFalse(ex instanceof URLConnectionFailureException
+            assumeFalse(ex instanceof URLConnectionFailureException
                     && ex.getMessage().contains("Unable to connect to "));
-           throw ex;
+            throw ex;
         }
     }
 
-    @Test
+    @Test(expected = AnalysisException.class)
     public void testNspSearchNegative() throws Exception {
         InputStream in = BaseTest.getResourceAsStream(this, "nsp/package.json");
         try (JsonReader jsonReader = Json.createReader(in)) {
@@ -73,9 +72,9 @@ public class NspSearchTest extends BaseTest {
             final JsonObject sanitizedJson = SanitizePackage.sanitize(packageJson);
             searcher.submitPackage(sanitizedJson);
         } catch (Exception ex) {
-           assumeFalse(ex instanceof URLConnectionFailureException
+            assumeFalse(ex instanceof URLConnectionFailureException
                     && ex.getMessage().contains("Unable to connect to "));
-           throw ex;
+            throw ex;
         }
     }