License Compliance: Ignore invalid reports

75923f93 · mo khan · James Lopez · ca66f712 · 75923f93 · 75923f93
Commit 75923f93 authored Apr 23, 2020 by mo khan Committed by James Lopez Apr 23, 2020
3 changed files
--- a/ee/changelogs/unreleased/check-lc-report-schema.yml
+++ b/ee/changelogs/unreleased/check-lc-report-schema.yml
+---
+title: Ignore invalid license_scanning reports
+merge_request: 30114
+author:
+type: fixed
--- a/ee/lib/gitlab/ci/parsers/license_compliance/license_scanning.rb
+++ b/ee/lib/gitlab/ci/parsers/license_compliance/license_scanning.rb
@@ -10,7 +10,9 @@ module Gitlab
          PARSERS = { '1' => V1, '2' => V2 }.freeze

          def parse!(json_data, report)
-            json = JSON.parse(json_data, symbolize_names: true)
+            json = JSON.parse(json_data, symbolize_names: true, object_class: Hash)
+            return unless json.is_a?(Hash)
+
            report.version = json[:version].presence || DEFAULT_VERSION

            parser = PARSERS.fetch(report.major_version)

--- a/ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb
+++ b/ee/spec/lib/gitlab/ci/parsers/license_compliance/license_scanning_spec.rb
@@ -162,6 +162,16 @@ describe Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning do
      it { expect(report).to be_empty }
    end

+    context 'when the report is structured as an array' do
+      let(:invalid_json) { JSON.pretty_generate([]) }
+
+      before do
+        subject.parse!(invalid_json, report)
+      end
+
+      it { expect(report).to be_empty }
+    end
+
    context 'when the report is not a valid JSON document' do
      it do
        expect do