From 81f4aefd31d6a9ee1e3194e0dc5766ada9643e9d Mon Sep 17 00:00:00 2001 From: "E.A. Wooten" Date: Thu, 19 Mar 2026 15:13:50 -0500 Subject: [PATCH 1/5] catch JSON parsing errors in fbgraph --- lib/graph.js | 23 ++++++++++++++++------- tests/graph.test.js | 28 +++++++++++++++++++++++++++- 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/lib/graph.js b/lib/graph.js index d17bee4..b0a69b1 100644 --- a/lib/graph.js +++ b/lib/graph.js @@ -190,12 +190,17 @@ Graph.prototype.get = function () { return; } - body = { ...JSON.parse(body), headers: res.headers }; - if (~res.headers['content-type'].indexOf('image')) { - body = { - image: true - , headers: res.headers - }; + if (res.headers['content-type'] && ~res.headers['content-type'].indexOf('image')) { + body = { + image: true + , headers: res.headers + }; + } else { + try { + body = { ...JSON.parse(body), headers: res.headers }; + } catch (e) { + // parsing failed, pass raw body to end() + } } self.end(body); @@ -233,7 +238,11 @@ Graph.prototype.post = function() { return; } - body = { ...JSON.parse(body), headers: res.headers }; + try { + body = { ...JSON.parse(body), headers: res.headers }; + } catch (e) { + // if parsing fails, we pass the raw body to end() + } self.end(body); }) .on('error', (err) => { diff --git a/tests/graph.test.js b/tests/graph.test.js index c782f52..b1a6a2f 100644 --- a/tests/graph.test.js +++ b/tests/graph.test.js @@ -2,7 +2,8 @@ var graph = require("../index") , FBConfig = require("./config").facebook , vows = require("vows") , events = require("events") - , assert = require("assert"); + , assert = require("assert") + , request = require("request"); var testUser1 = {} @@ -277,6 +278,31 @@ vows.describe("graph.test").addBatch({ } } } +}).addBatch({ + "Hardening JSON Parsing": { + "When receiving a non-JSON response": { + topic: function() { + var callback = this.callback; + var originalGet = request.get; + + request.get = function(options, cb) { + var res = { headers: { 'content-type': 'text/html' } }; + var body = '{"foo": bar}'; // Malformed JSON + setImmediate(function() { cb(null, res, body); }); + return { on: function() { return this; } }; + }; + + graph.get('/me', function(err, res) { + request.get = originalGet; + callback(err, res); + }); + }, + "it should return an error instead of crashing": function(err, res) { + assert.isNotNull(err); + assert.equal(err.message, 'Error parsing json'); + } + } + } }).addBatch({ "When tests are over": { topic: function () { From afe133edca52b4702e65c134a4620fe9718ff600 Mon Sep 17 00:00:00 2001 From: "E. A. Wooten" Date: Thu, 19 Mar 2026 15:20:57 -0500 Subject: [PATCH 2/5] Update lib/graph.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- lib/graph.js | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/graph.js b/lib/graph.js index b0a69b1..762cf81 100644 --- a/lib/graph.js +++ b/lib/graph.js @@ -191,16 +191,16 @@ Graph.prototype.get = function () { } if (res.headers['content-type'] && ~res.headers['content-type'].indexOf('image')) { - body = { - image: true - , headers: res.headers - }; + body = { + image: true + , headers: res.headers + }; } else { - try { - body = { ...JSON.parse(body), headers: res.headers }; - } catch (e) { - // parsing failed, pass raw body to end() - } + try { + body = { ...JSON.parse(body), headers: res.headers }; + } catch (e) { + // parsing failed, pass raw body to end() + } } self.end(body); From c70605e6256a40c5ad7ff544564539a18626145b Mon Sep 17 00:00:00 2001 From: "E. A. Wooten" Date: Thu, 19 Mar 2026 15:21:06 -0500 Subject: [PATCH 3/5] Update lib/graph.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- lib/graph.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/graph.js b/lib/graph.js index 762cf81..518bece 100644 --- a/lib/graph.js +++ b/lib/graph.js @@ -239,9 +239,9 @@ Graph.prototype.post = function() { } try { - body = { ...JSON.parse(body), headers: res.headers }; + body = { ...JSON.parse(body), headers: res.headers }; } catch (e) { - // if parsing fails, we pass the raw body to end() + // if parsing fails, we pass the raw body to end() } self.end(body); }) From 202252d035df83f910d6aa30a00cb5e2e076b6de Mon Sep 17 00:00:00 2001 From: "E. A. Wooten" Date: Thu, 19 Mar 2026 15:21:17 -0500 Subject: [PATCH 4/5] Update tests/graph.test.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- tests/graph.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/graph.test.js b/tests/graph.test.js index b1a6a2f..93b07fb 100644 --- a/tests/graph.test.js +++ b/tests/graph.test.js @@ -280,7 +280,7 @@ vows.describe("graph.test").addBatch({ } }).addBatch({ "Hardening JSON Parsing": { - "When receiving a non-JSON response": { + "When receiving an invalid JSON response": { topic: function() { var callback = this.callback; var originalGet = request.get; From 1b1281550407265abcff303454ca091f3ebcd3a5 Mon Sep 17 00:00:00 2001 From: "E. A. Wooten" Date: Thu, 19 Mar 2026 15:21:36 -0500 Subject: [PATCH 5/5] Update tests/graph.test.js Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- tests/graph.test.js | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/tests/graph.test.js b/tests/graph.test.js index 93b07fb..bbbf079 100644 --- a/tests/graph.test.js +++ b/tests/graph.test.js @@ -279,30 +279,30 @@ vows.describe("graph.test").addBatch({ } } }).addBatch({ - "Hardening JSON Parsing": { - "When receiving an invalid JSON response": { - topic: function() { - var callback = this.callback; - var originalGet = request.get; - - request.get = function(options, cb) { - var res = { headers: { 'content-type': 'text/html' } }; - var body = '{"foo": bar}'; // Malformed JSON - setImmediate(function() { cb(null, res, body); }); - return { on: function() { return this; } }; - }; - - graph.get('/me', function(err, res) { - request.get = originalGet; - callback(err, res); - }); - }, - "it should return an error instead of crashing": function(err, res) { - assert.isNotNull(err); - assert.equal(err.message, 'Error parsing json'); - } - } + "Hardening JSON Parsing": { + "When receiving a non-JSON response": { + topic: function () { + var callback = this.callback + , originalGet = request.get; + + request.get = function (options, cb) { + var res = { headers: { 'content-type': 'text/html' } } + , body = '{"foo": bar}'; // Malformed JSON + setImmediate(function () { cb(null, res, body); }); + return { on: function () { return this; } }; + }; + + graph.get('/me', function (err, res) { + request.get = originalGet; + callback(err, res); + }); + }, + "it should return an error instead of crashing": function (err, res) { + assert.isNotNull(err); + assert.equal(err.message, 'Error parsing json'); + } } + } }).addBatch({ "When tests are over": { topic: function () {