From 8eeab50ab781e19ca0264ccf28a01c3d4eb2b72e Mon Sep 17 00:00:00 2001
From: Tobias Sorn <tobias.sorn@sap.com>
Date: Tue, 26 Jan 2021 10:40:22 +0100
Subject: [PATCH] secure looping by checking libs existence in manifest

simplify manifest path resolving
---
 lib/processors/versionInfoGenerator.js      |  8 ++--
 test/lib/processors/versionInfoGenerator.js | 47 +++++++++++++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/lib/processors/versionInfoGenerator.js b/lib/processors/versionInfoGenerator.js
index b30918689..4d66d14a1 100644
--- a/lib/processors/versionInfoGenerator.js
+++ b/lib/processors/versionInfoGenerator.js
@@ -58,7 +58,7 @@ const processManifest = async (manifestResource) => {
 	// sap.ui5/dependencies is used for the "manifestHints/libs"
 	if (manifestObject["sap.ui5"]) {
 		const manifestDependencies = manifestObject["sap.ui5"]["dependencies"];
-		if (manifestDependencies) {
+		if (manifestDependencies && manifestDependencies.libs) {
 			const libs = {};
 			for (const [libKey, libValue] of Object.entries(manifestDependencies.libs)) {
 				libs[libKey] = {};
@@ -134,8 +134,7 @@ const isBundledWithLibrary = (embeddedBy, componentPath, libraryPathPrefix) => {
  * @returns {string} manifest path, e.g. "lib/x/sub/manifest.json"
  */
 const getManifestPath = (filePath, subPath) => {
-	const folderPathOfManifest = filePath.substr(0, filePath.length - "manifest.json".length) + subPath;
-	return posixPath.resolve(folderPathOfManifest + "/manifest.json");
+	return posixPath.resolve(posixPath.dirname(filePath), subPath, "manifest.json");
 };
 
 /**
@@ -189,6 +188,9 @@ class DependencyInfo {
 		if (!this._libsResolved) {
 			// early set if there is a potential cycle
 			this._libsResolved = Object.create(null);
+			if (!this.libs) {
+				return this._libsResolved;
+			}
 			for (const [libName, libValue] of Object.entries(this.libs)) {
 				const lazy = libValue.lazy;
 				const dependencyInfoObjectAdded = this.addResolvedLibDependency(libName, lazy);
diff --git a/test/lib/processors/versionInfoGenerator.js b/test/lib/processors/versionInfoGenerator.js
index d85aff3e1..67ba49efc 100644
--- a/test/lib/processors/versionInfoGenerator.js
+++ b/test/lib/processors/versionInfoGenerator.js
@@ -90,6 +90,53 @@ test.serial("versionInfoGenerator simple library infos", async (t) => {
 		"Cannot add meta information for library 'my.lib'. The manifest.json file cannot be found");
 });
 
+test.serial("versionInfoGenerator manifest without libs", async (t) => {
+	const libAManifest = {
+		getPath: () => {
+			return "/resources/lib/a/manifest.json";
+		},
+		getString: async () => {
+			return JSON.stringify({
+				"sap.app": {
+					"id": "lib.a",
+					"embeds": []
+				},
+				"sap.ui5": {
+					"dependencies": {
+						"minUI5Version": "1.84"
+					}
+				}
+			});
+		}
+	};
+	const libA = {name: "lib.a", version: "1.2.3", libraryManifest: libAManifest};
+
+	const options = {
+		rootProjectName: "myname", rootProjectVersion: "1.33.7", libraryInfos: [
+			libA
+		]};
+	const versionInfos = await versionInfoGenerator({options});
+
+	const resource = versionInfos[0];
+	const result = await resource.getString();
+
+	const oExpected = {
+		"name": "myname",
+		"version": "1.33.7",
+		"scmRevision": "",
+		"libraries": [
+			{
+				"name": "lib.a",
+				"version": "1.2.3",
+				"scmRevision": ""
+			}
+		]
+	};
+	assertVersionInfoContent(t, oExpected, result);
+	t.is(t.context.infoLogStub.callCount, 0);
+	t.is(t.context.warnLogStub.callCount, 0);
+});
+
 test.serial("versionInfoGenerator library infos with dependencies", async (t) => {
 	const libAManifest = {
 		getPath: () => {