fix: Add null checking when parsing the license json in AbstractNpmAnalyzer. (#7784)

floverfelt · web-flow · commit ebe6f0da6ff7 · 2025-07-06T08:41:51.000-04:00
diff --git a/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java b/core/src/main/java/org/owasp/dependencycheck/analyzer/AbstractNpmAnalyzer.java
@@ -393,8 +393,11 @@ public void gatherEvidence(final JsonObject json, Dependency dependency) {
                     }
                 }
                 dependency.setLicense(sb.toString());
-            } else {
-                dependency.setLicense(json.getJsonObject("license").getString("type"));
+            } else if (value instanceof JsonObject) {
+                final JsonObject object = (JsonObject) value;
+                if (object.containsKey("type") && !object.isNull("type")) {
+                    dependency.setLicense(object.getString("type"));
+                }
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -393,8 +393,11 @@ public void gatherEvidence(final JsonObject json, Dependency dependency) {`
`393`	`393`	`}`
`394`	`394`	`}`
`395`	`395`	`dependency.setLicense(sb.toString());`
`396`		`- } else {`
`397`		`- dependency.setLicense(json.getJsonObject("license").getString("type"));`
	`396`	`+ } else if (value instanceof JsonObject) {`
	`397`	`+ final JsonObject object = (JsonObject) value;`
	`398`	`+ if (object.containsKey("type") && !object.isNull("type")) {`
	`399`	`+ dependency.setLicense(object.getString("type"));`
	`400`	`+ }`
`398`	`401`	`}`
`399`	`402`	`}`
`400`	`403`	`}`