From 748c2e80f8542aa57e3c7d231898cb217682f868 Mon Sep 17 00:00:00 2001
From: Anders Eknert <anders@styra.com>
Date: Wed, 18 Dec 2024 20:59:48 +0100
Subject: [PATCH] Fix nil pointer dereference in JUnit reporter (#1307)

Fixes #1306

Thanks @OhMyGuus for reporting the issue!

(Unrelated to the issue, but I'm also reverting the URL change of that integration
 test we changed recently... as the URL in OPA is now back to what it was before :)

Signed-off-by: Anders Eknert <anders@styra.com>
---
 .../capabilities/capabilities_integration_test.go     |  2 +-
 pkg/reporter/reporter.go                              |  7 ++++++-
 pkg/reporter/reporter_test.go                         | 11 +++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/internal/capabilities/capabilities_integration_test.go b/internal/capabilities/capabilities_integration_test.go
index 76fd56a4..ec36b019 100644
--- a/internal/capabilities/capabilities_integration_test.go
+++ b/internal/capabilities/capabilities_integration_test.go
@@ -18,7 +18,7 @@ func TestLookupFromURL(t *testing.T) {
 
 	caps, err := Lookup(
 		context.Background(),
-		"https://raw.githubusercontent.com/open-policy-agent/opa/refs/heads/main/v1/capabilities/v0.55.0.json",
+		"https://raw.githubusercontent.com/open-policy-agent/opa/main/capabilities/v0.55.0.json",
 	)
 	if err != nil {
 		t.Errorf("unexpected error from Lookup: %v", err)
diff --git a/pkg/reporter/reporter.go b/pkg/reporter/reporter.go
index 1d274ebe..e20dd09f 100644
--- a/pkg/reporter/reporter.go
+++ b/pkg/reporter/reporter.go
@@ -511,6 +511,11 @@ func (tr JUnitReporter) Publish(_ context.Context, r report.Report) error {
 		}
 
 		for _, violation := range violationsPerFile[file] {
+			text := ""
+			if violation.Location.Text != nil {
+				text = strings.TrimSpace(*violation.Location.Text)
+			}
+
 			testsuite.AddTestcase(junit.Testcase{
 				Name:      fmt.Sprintf("%s/%s: %s", violation.Category, violation.Title, violation.Description),
 				Classname: violation.Location.String(),
@@ -522,7 +527,7 @@ func (tr JUnitReporter) Publish(_ context.Context, r report.Report) error {
 						violation.Description,
 						violation.Category,
 						violation.Location.String(),
-						strings.TrimSpace(*violation.Location.Text),
+						text,
 						getDocumentationURL(violation)),
 				},
 			})
diff --git a/pkg/reporter/reporter_test.go b/pkg/reporter/reporter_test.go
index 62344bca..c9a9a411 100644
--- a/pkg/reporter/reporter_test.go
+++ b/pkg/reporter/reporter_test.go
@@ -331,6 +331,17 @@ func TestJUnitReporterPublishNoViolations(t *testing.T) {
 	}
 }
 
+func TestJUnitReporterPublishViolationWithoutText(t *testing.T) {
+	t.Parallel()
+
+	var buf bytes.Buffer
+	if err := NewJUnitReporter(&buf).Publish(context.Background(), report.Report{
+		Violations: []report.Violation{{Title: "no-text"}},
+	}); err != nil {
+		t.Fatal(err)
+	}
+}
+
 func MustReadFile(t *testing.T, path string) string {
 	t.Helper()