diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java index d78ecfb34..9fa4fbbd0 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nsp/NspSearch.java @@ -27,6 +27,7 @@ import java.net.URL; import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.utils.Settings; import org.owasp.dependencycheck.utils.URLConnectionFactory; import org.slf4j.Logger; @@ -81,9 +82,10 @@ public class NspSearch { * * @param packageJson the package.json file retrieved from the Dependency * @return a List of zero or more Advisory object + * @throws AnalysisException if Node Security Platform is unable to analyze the package * @throws IOException if it's unable to connect to Node Security Platform */ - public List submitPackage(JsonObject packageJson) throws IOException { + public List submitPackage(JsonObject packageJson) throws AnalysisException, IOException { try { List result = new ArrayList<>(); byte[] packageDatabytes = packageJson.toString().getBytes(StandardCharsets.UTF_8); @@ -136,6 +138,10 @@ public class NspSearch { } } } + } else if (conn.getResponseCode() == 400) { + LOGGER.debug("Invalid payload submitted to Node Security Platform. Received response code: {} {}", + conn.getResponseCode(), conn.getResponseMessage()); + throw new AnalysisException("Could not perform NSP analysis. Invalid payload submitted to Node Security Platform."); } else { LOGGER.debug("Could not connect to Node Security Platform. Received response code: {} {}", conn.getResponseCode(), conn.getResponseMessage()); diff --git a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java index f93c6afbc..57569224a 100644 --- a/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java +++ b/dependency-check-core/src/test/java/org/owasp/dependencycheck/data/nsp/NspSearchTest.java @@ -21,6 +21,7 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.owasp.dependencycheck.BaseTest; +import org.owasp.dependencycheck.analyzer.exception.AnalysisException; import org.owasp.dependencycheck.utils.Settings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -28,12 +29,10 @@ import javax.json.Json; import javax.json.JsonObject; import javax.json.JsonObjectBuilder; import javax.json.JsonReader; -import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.util.List; import static org.junit.Assume.assumeFalse; -import static org.junit.Assume.assumeTrue; import org.owasp.dependencycheck.utils.URLConnectionFailureException; public class NspSearchTest extends BaseTest { @@ -59,13 +58,13 @@ public class NspSearchTest extends BaseTest { final List advisories = searcher.submitPackage(nspPayload); Assert.assertTrue(advisories.size() > 0); } catch (Exception ex) { - assumeFalse(ex instanceof URLConnectionFailureException + assumeFalse(ex instanceof URLConnectionFailureException && ex.getMessage().contains("Unable to connect to ")); - throw ex; + throw ex; } } - @Test + @Test(expected = AnalysisException.class) public void testNspSearchNegative() throws Exception { InputStream in = BaseTest.getResourceAsStream(this, "nsp/package.json"); try (JsonReader jsonReader = Json.createReader(in)) { @@ -73,9 +72,9 @@ public class NspSearchTest extends BaseTest { final JsonObject sanitizedJson = SanitizePackage.sanitize(packageJson); searcher.submitPackage(sanitizedJson); } catch (Exception ex) { - assumeFalse(ex instanceof URLConnectionFailureException + assumeFalse(ex instanceof URLConnectionFailureException && ex.getMessage().contains("Unable to connect to ")); - throw ex; + throw ex; } }