fix(@schematics/angular): Fix JSON parsing

Brocco · filipesilva · commit 69e3fa7305d3 · 2018-06-13T22:40:18.000+01:00
fixes #10880
diff --git a/packages/schematics/angular/library/index.ts b/packages/schematics/angular/library/index.ts
@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { strings } from '@angular-devkit/core';
+import { parseJson, strings } from '@angular-devkit/core';
 import {
   Rule,
   SchematicContext,
@@ -53,8 +53,8 @@ function updateJsonFile<T>(host: Tree, path: string, callback: UpdateJsonFn<T>):
   const source = host.read(path);
   if (source) {
     const sourceText = source.toString('utf-8');
-    const json = JSON.parse(sourceText);
-    callback(json);
+    const json = parseJson(sourceText);
+    callback(json as {} as T);
     host.overwrite(path, JSON.stringify(json, null, 2));
   }
 
diff --git a/packages/schematics/angular/utility/config.ts b/packages/schematics/angular/utility/config.ts
@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { experimental } from '@angular-devkit/core';
+import { JsonParseMode, experimental, parseJson } from '@angular-devkit/core';
 import { Rule, SchematicContext, SchematicsException, Tree } from '@angular-devkit/schematics';
 
 
@@ -495,9 +495,9 @@ export function getWorkspace(host: Tree): WorkspaceSchema {
   if (configBuffer === null) {
     throw new SchematicsException(`Could not find (${path})`);
   }
-  const config = configBuffer.toString();
+  const content = configBuffer.toString();
 
-  return JSON.parse(config);
+  return parseJson(content, JsonParseMode.Loose) as {} as WorkspaceSchema;
 }
 
 export function addProjectToWorkspace(
@@ -531,7 +531,7 @@ export function getConfig(host: Tree): CliConfig {
     throw new SchematicsException('Could not find .angular-cli.json');
   }
 
-  const config = JSON.parse(configBuffer.toString());
+  const config = parseJson(configBuffer.toString(), JsonParseMode.Loose) as {} as CliConfig;
 
   return config;
 }
diff --git a/packages/schematics/package_update/utility/npm.ts b/packages/schematics/package_update/utility/npm.ts
@@ -5,7 +5,7 @@
  * Use of this source code is governed by an MIT-style license that can be
  * found in the LICENSE file at https://angular.io/license
  */
-import { JsonObject, logging } from '@angular-devkit/core';
+import { JsonObject, JsonParseMode, logging, parseJson } from '@angular-devkit/core';
 import {
   Rule,
   SchematicContext,
@@ -93,7 +93,7 @@ function _getNpmPackageJson(
       response.on('data', chunk => data += chunk);
       response.on('end', () => {
         try {
-          const json = JSON.parse(data);
+          const json = parseJson(data, JsonParseMode.Strict);
           subject.next(json as JsonObject);
           subject.complete();
         } catch (err) {
@@ -233,7 +233,10 @@ export function updatePackageJson(
       if (!packageJsonContent) {
         throw new SchematicsException('Could not find package.json.');
       }
-      const packageJson = JSON.parse(packageJsonContent.toString());
+      const packageJson = parseJson(packageJsonContent.toString(), JsonParseMode.Strict);
+      if (packageJson === null || typeof packageJson !== 'object' || Array.isArray(packageJson)) {
+        throw new SchematicsException('Could not parse package.json.');
+      }
       const packages: { [name: string]: string } = {};
       for (const name of supportedPackages) {
         packages[name] = version;
@@ -251,17 +254,20 @@ export function updatePackageJson(
       if (!packageJsonContent) {
         throw new SchematicsException('Could not find package.json.');
       }
-      const packageJson = JSON.parse(packageJsonContent.toString());
+      const packageJson = parseJson(packageJsonContent.toString(), JsonParseMode.Strict);
+      if (packageJson === null || typeof packageJson !== 'object' || Array.isArray(packageJson)) {
+        throw new SchematicsException('Could not parse package.json.');
+      }
 
       for (const field of kPackageJsonDependencyFields) {
         const deps = packageJson[field];
-        if (!deps) {
+        if (!deps || typeof deps !== 'object' || Array.isArray(deps)) {
           continue;
         }
 
-        for (const depName of Object.keys(packageJson[field])) {
+        for (const depName of Object.keys(deps)) {
           if (allVersions[depName]) {
-            packageJson[field][depName] = allVersions[depName];
+            deps[depName] = allVersions[depName];
           }
         }
       }

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`* Use of this source code is governed by an MIT-style license that can be`
`6`	`6`	`* found in the LICENSE file at https://angular.io/license`
`7`	`7`	`*/`
`8`		`-import { experimental } from '@angular-devkit/core';`
	`8`	`+import { JsonParseMode, experimental, parseJson } from '@angular-devkit/core';`
`9`	`9`	`import { Rule, SchematicContext, SchematicsException, Tree } from '@angular-devkit/schematics';`
`10`	`10`
`11`	`11`
`@@ -495,9 +495,9 @@ export function getWorkspace(host: Tree): WorkspaceSchema {`
`495`	`495`	`if (configBuffer === null) {`
`496`	`496`	throw new SchematicsException(`Could not find (${path})`);
`497`	`497`	`}`
`498`		`- const config = configBuffer.toString();`
	`498`	`+ const content = configBuffer.toString();`
`499`	`499`
`500`		`- return JSON.parse(config);`
	`500`	`+ return parseJson(content, JsonParseMode.Loose) as {} as WorkspaceSchema;`
`501`	`501`	`}`
`502`	`502`
`503`	`503`	`export function addProjectToWorkspace(`
`@@ -531,7 +531,7 @@ export function getConfig(host: Tree): CliConfig {`
`531`	`531`	`throw new SchematicsException('Could not find .angular-cli.json');`
`532`	`532`	`}`
`533`	`533`
`534`		`- const config = JSON.parse(configBuffer.toString());`
	`534`	`+ const config = parseJson(configBuffer.toString(), JsonParseMode.Loose) as {} as CliConfig;`
`535`	`535`
`536`	`536`	`return config;`
`537`	`537`	`}`