From 174f6e24da5bd72f011956c9949001f4cbbc2d26 Mon Sep 17 00:00:00 2001
From: Hans Aikema <aikebah-github@aikebah.net>
Date: Thu, 12 Jan 2023 21:01:27 +0100
Subject: [PATCH] fix(partial): Issue #5144 Avoid NPE on non-Include
 packageReference

---
 .../dependencycheck/data/nuget/XPathMSBuildProjectParser.java | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java b/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
index 5e6bdf0518d..ca22f98c721 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
@@ -69,6 +69,10 @@ public List<NugetPackageReference> parse(InputStream stream) throws MSBuildProje
                 final NamedNodeMap attrs = node.getAttributes();
 
                 final String include = attrs.getNamedItem("Include").getNodeValue();
+                if (include == null) {
+                    // Issue 5144 work-around for NPE on packageReferences other than includes
+                    continue;
+                }
                 String version = null;
 
                 if (attrs.getNamedItem("Version") != null) {