Merge pull request #2747 from shubhamkumar9199/fix/unsafe-json-parse

alberto-art3ch · web-flow · commit 9caac8cda626 · 2025-11-04T17:33:59.000-05:00
WEB-(394)-fix: replace all direct JSON.parse usages with safe parsing utilities
diff --git a/src/app/core/utils/json.ts b/src/app/core/utils/json.ts
@@ -0,0 +1,28 @@
+export function safeParse<T>(raw: string | null | undefined, defaultValue: T): T {
+  if (!raw) return defaultValue;
+  try {
+    return JSON.parse(raw) as T;
+  } catch {
+    return defaultValue;
+  }
+}
+
+export function safeParseObject<T extends object>(raw: string | null | undefined, defaultValue: T): T {
+  if (!raw) return defaultValue;
+  try {
+    const parsed = JSON.parse(raw);
+    return parsed && typeof parsed === 'object' && !Array.isArray(parsed) ? (parsed as T) : defaultValue;
+  } catch {
+    return defaultValue;
+  }
+}
+
+export function safeParseArray<T = unknown>(raw: string | null | undefined, defaultValue: T[] = []): T[] {
+  if (!raw) return defaultValue;
+  try {
+    const parsed = JSON.parse(raw);
+    return Array.isArray(parsed) ? (parsed as T[]) : defaultValue;
+  } catch {
+    return defaultValue;
+  }
+}
diff --git a/src/app/settings/settings.service.ts b/src/app/settings/settings.service.ts
@@ -2,6 +2,7 @@
 import { Injectable } from '@angular/core';
 import { AlertService } from 'app/core/alert/alert.service';
 import { Dates } from 'app/core/utils/dates';
+import { safeParse, safeParseArray, safeParseObject } from 'app/core/utils/json';
 
 /** Environment Imports */
 import { environment } from '../../environments/environment';
@@ -108,8 +109,9 @@ export class SettingsService {
   /**
    * Returns date format setting.
    */
-  get dateFormat() {
-    return JSON.parse(localStorage.getItem('mifosXDateFormat'));
+  get dateFormat(): string {
+    const parsed = safeParse<string | null>(localStorage.getItem('mifosXDateFormat'), null);
+    return typeof parsed === 'string' && parsed.length > 0 ? parsed : 'dd MMMM yyyy';
   }
 
   /**
@@ -119,7 +121,10 @@ export class SettingsService {
     if (!localStorage.getItem('mifosXLanguage')) {
       this.setDefaultLanguage();
     }
-    return JSON.parse(localStorage.getItem('mifosXLanguage'));
+    return safeParseObject<{ name: string; code: string } | undefined>(
+      localStorage.getItem('mifosXLanguage'),
+      undefined
+    );
   }
 
   get languageCode() {
@@ -147,7 +152,7 @@ export class SettingsService {
    * Returns list of default server
    */
   get servers() {
-    return JSON.parse(localStorage.getItem('mifosXServers'));
+    return safeParseArray<string>(localStorage.getItem('mifosXServers'), []);
   }
 
   /**
@@ -160,7 +165,7 @@ export class SettingsService {
     if (environment.baseApiUrl && environment.baseApiUrl !== '') {
       return environment.baseApiUrl;
     } else {
-      return this.servers()[0];
+      return this.servers[0];
     }
   }
 
@@ -217,7 +222,7 @@ export class SettingsService {
    * Returns list of Tenant Identifiers
    */
   get tenantIdentifiers(): any {
-    return JSON.parse(localStorage.getItem('mifosXTenantIdentifiers'));
+    return safeParseArray<string>(localStorage.getItem('mifosXTenantIdentifiers'), []);
   }
 
   /**
@@ -260,6 +265,6 @@ export class SettingsService {
   }
 
   get themeDarkEnabled(): boolean {
-    return JSON.parse(localStorage.getItem('mifosXThemeDarkEnabled'));
+    return safeParse<boolean>(localStorage.getItem('mifosXThemeDarkEnabled'), false);
   }
 }
diff --git a/src/app/shared/theme-picker/theme-storage.service.ts b/src/app/shared/theme-picker/theme-storage.service.ts
@@ -1,4 +1,5 @@
 import { Injectable, EventEmitter } from '@angular/core';
+import { safeParseObject } from 'app/core/utils/json';
 import { Theme } from './theme.model';
 import { ThemeManagerService } from './theme-manager.service';
 
@@ -19,7 +20,7 @@ export class ThemeStorageService {
   }
 
   getTheme(): Theme {
-    return JSON.parse(localStorage.getItem(this.themeStorageKey));
+    return safeParseObject<Theme | null>(localStorage.getItem(this.themeStorageKey), null);
   }
 
   clearTheme() {
diff --git a/src/app/system/configurations/business-date-tab/business-date-tab.component.ts b/src/app/system/configurations/business-date-tab/business-date-tab.component.ts
@@ -46,7 +46,7 @@ export class BusinessDateTabComponent implements OnInit {
   businessDateData: any;
 
   dateIndex = 0;
-  userDateFormat: '';
+  userDateFormat: string = '';
   isBusinessDateEnabled = false;
   isEditInProgress = false;
 
diff --git a/src/app/tasks/view-checker-inbox/view-checker-inbox.component.ts b/src/app/tasks/view-checker-inbox/view-checker-inbox.component.ts
@@ -15,6 +15,7 @@ import { MatDivider } from '@angular/material/divider';
 import { NgIf, NgFor, KeyValuePipe } from '@angular/common';
 import { DateFormatPipe } from '../../pipes/date-format.pipe';
 import { STANDALONE_SHARED_IMPORTS } from 'app/standalone-shared.module';
+import { safeParseObject } from 'app/core/utils/json';
 
 @Component({
   selector: 'mifosx-view-checker-inbox',
@@ -52,7 +53,7 @@ export class ViewCheckerInboxComponent {
   ) {
     this.route.data.subscribe((data: { checkerInboxDetail: any }) => {
       this.checkerInboxDetail = data.checkerInboxDetail;
-      this.jsondata = JSON.parse(this.checkerInboxDetail.commandAsJson);
+      this.jsondata = safeParseObject<any>(this.checkerInboxDetail.commandAsJson, {});
       this.displayJSONData = !_.isEmpty(this.jsondata);
     });
   }
diff --git a/src/app/web-app.component.ts b/src/app/web-app.component.ts
@@ -31,6 +31,7 @@ import { Dates } from './core/utils/dates';
 import { animate, style, transition, trigger } from '@angular/animations';
 import { I18nService } from './core/i18n/i18n.service';
 import { ThemingService } from './shared/theme-toggle/theming.service';
+import { safeParseArray } from 'app/core/utils/json';
 
 import { AuthService } from './zitadel/auth.service';
 
@@ -195,7 +196,7 @@ export class WebAppComponent implements OnInit, OnDestroy {
     // Stores top 100 user activites as local storage object.
     let activities: string[] = [];
     if (localStorage.getItem('mifosXLocation')) {
-      const activitiesArray: string[] = JSON.parse(localStorage.getItem('mifosXLocation'));
+      const activitiesArray = safeParseArray<string>(localStorage.getItem('mifosXLocation'), []);
       const length = activitiesArray.length;
       activities = length > 100 ? activitiesArray.slice(length - 100) : activitiesArray;
     }

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`import { Injectable } from '@angular/core';`
`3`	`3`	`import { AlertService } from 'app/core/alert/alert.service';`
`4`	`4`	`import { Dates } from 'app/core/utils/dates';`
	`5`	`+import { safeParse, safeParseArray, safeParseObject } from 'app/core/utils/json';`
`5`	`6`
`6`	`7`	`/** Environment Imports */`
`7`	`8`	`import { environment } from '../../environments/environment';`
`@@ -108,8 +109,9 @@ export class SettingsService {`
`108`	`109`	`/**`
`109`	`110`	`* Returns date format setting.`
`110`	`111`	`*/`
`111`		`- get dateFormat() {`
`112`		`- return JSON.parse(localStorage.getItem('mifosXDateFormat'));`
	`112`	`+ get dateFormat(): string {`
	`113`	`+ const parsed = safeParse<string \| null>(localStorage.getItem('mifosXDateFormat'), null);`
	`114`	`+ return typeof parsed === 'string' && parsed.length > 0 ? parsed : 'dd MMMM yyyy';`
`113`	`115`	`}`
`114`	`116`
`115`	`117`	`/**`
`@@ -119,7 +121,10 @@ export class SettingsService {`
`119`	`121`	`if (!localStorage.getItem('mifosXLanguage')) {`
`120`	`122`	`this.setDefaultLanguage();`
`121`	`123`	`}`
`122`		`- return JSON.parse(localStorage.getItem('mifosXLanguage'));`
	`124`	`+ return safeParseObject<{ name: string; code: string } \| undefined>(`
	`125`	`+ localStorage.getItem('mifosXLanguage'),`
	`126`	`+ undefined`
	`127`	`+ );`
`123`	`128`	`}`
`124`	`129`
`125`	`130`	`get languageCode() {`
`@@ -147,7 +152,7 @@ export class SettingsService {`
`147`	`152`	`* Returns list of default server`
`148`	`153`	`*/`
`149`	`154`	`get servers() {`
`150`		`- return JSON.parse(localStorage.getItem('mifosXServers'));`
	`155`	`+ return safeParseArray<string>(localStorage.getItem('mifosXServers'), []);`
`151`	`156`	`}`
`152`	`157`
`153`	`158`	`/**`
`@@ -160,7 +165,7 @@ export class SettingsService {`
`160`	`165`	`if (environment.baseApiUrl && environment.baseApiUrl !== '') {`
`161`	`166`	`return environment.baseApiUrl;`
`162`	`167`	`} else {`
`163`		`- return this.servers()[0];`
	`168`	`+ return this.servers[0];`
`164`	`169`	`}`
`165`	`170`	`}`
`166`	`171`
`@@ -217,7 +222,7 @@ export class SettingsService {`
`217`	`222`	`* Returns list of Tenant Identifiers`
`218`	`223`	`*/`
`219`	`224`	`get tenantIdentifiers(): any {`
`220`		`- return JSON.parse(localStorage.getItem('mifosXTenantIdentifiers'));`
	`225`	`+ return safeParseArray<string>(localStorage.getItem('mifosXTenantIdentifiers'), []);`
`221`	`226`	`}`
`222`	`227`
`223`	`228`	`/**`
`@@ -260,6 +265,6 @@ export class SettingsService {`
`260`	`265`	`}`
`261`	`266`
`262`	`267`	`get themeDarkEnabled(): boolean {`
`263`		`- return JSON.parse(localStorage.getItem('mifosXThemeDarkEnabled'));`
	`268`	`+ return safeParse<boolean>(localStorage.getItem('mifosXThemeDarkEnabled'), false);`
`264`	`269`	`}`
`265`	`270`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`import { Injectable, EventEmitter } from '@angular/core';`
	`2`	`+import { safeParseObject } from 'app/core/utils/json';`
`2`	`3`	`import { Theme } from './theme.model';`
`3`	`4`	`import { ThemeManagerService } from './theme-manager.service';`
`4`	`5`
`@@ -19,7 +20,7 @@ export class ThemeStorageService {`
`19`	`20`	`}`
`20`	`21`
`21`	`22`	`getTheme(): Theme {`
`22`		`- return JSON.parse(localStorage.getItem(this.themeStorageKey));`
	`23`	`+ return safeParseObject<Theme \| null>(localStorage.getItem(this.themeStorageKey), null);`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`clearTheme() {`