fix(nuget): null ref when parsing paket.lock (#725)

Author: melotic

src/Microsoft.ComponentDetection.Detectors/nuget/NuGetComponentDetector.cs

@@ -105,6 +105,7 @@ private async Task ProcessFileAsync(ProcessRequest processRequest)
             else if ("paket.lock".Equals(stream.Pattern, StringComparison.OrdinalIgnoreCase))
             {
                 this.ParsePaketLock(processRequest);
+                return;
             }
             else
             {
@@ -166,10 +167,18 @@ private void ParsePaketLock(ProcessRequest processRequest)
             var matches = Regex.Matches(line, @"\s*([a-zA-Z0-9-.]*) \([<>=]*[ ]*([0-9a-zA-Z-.]*)\)", RegexOptions.Singleline);
             foreach (var match in matches.Cast<Match>())
             {
-                var name = match.Groups[1].Value;
-                var version = match.Groups[2].Value;
-                var component = new NuGetComponent(name, version);
-                singleFileComponentRecorder.RegisterUsage(new DetectedComponent(component));
+                try
+                {
+                    var name = match.Groups[1].Value;
+                    var version = match.Groups[2].Value;
+                    var component = new NuGetComponent(name, version);
+                    singleFileComponentRecorder.RegisterUsage(new DetectedComponent(component));
+                }
+                catch (Exception e)
+                {
+                    this.Logger.LogWarning(e, "Failed to parse paket.lock component from line `{Line}` in {Location}", line, stream.Location);
+                    singleFileComponentRecorder.RegisterPackageParseFailure(stream.Location);
+                }
             }
         }
     }

test/Microsoft.ComponentDetection.Detectors.Tests/NuGetComponentDetectorTests.cs

@@ -151,12 +151,23 @@ public async Task TestNugetDetector_ReturnsValidPaketComponentAsync()
 
         var (scanResult, componentRecorder) = await this.DetectorTestUtility
             .WithFile("paket.lock", paketLock)
+            .AddServiceMock(this.mockLogger)
             .ExecuteDetectorAsync();
 
         Assert.AreEqual(ProcessingResultCode.Success, scanResult.ResultCode);
 
         // While there are 26 lines in the sample, several dependencies are identical, so there are only 11 matches.
         Assert.AreEqual(11, componentRecorder.GetDetectedComponents().Count());
+
+        // Verify that we stop executing after parsing the paket.lock file.
+        this.mockLogger.Verify(
+            x => x.Log(
+            It.IsAny<LogLevel>(),
+            It.IsAny<EventId>(),
+            It.IsAny<It.IsAnyType>(),
+            It.IsAny<Exception>(),
+            (Func<It.IsAnyType, Exception, string>)It.IsAny<object>()),
+            Times.Once());
     }
 
     [TestMethod]