From de97f1af0e0a7f72cc0c63b1122f154689207ba1 Mon Sep 17 00:00:00 2001
From: Hans Aikema <aikebah-github@aikebah.net>
Date: Sat, 21 Jan 2023 00:31:09 +0100
Subject: [PATCH] fix(partial): Issue #5144 Avoid NPE on non-Include
 packageReference

Improved version of #5293. We should not attempt dereference of the null-valued attribute-node of an absent Include attribute
---
 .../data/nuget/XPathMSBuildProjectParser.java                | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java b/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
index ca22f98c721..bfd52bf1070 100644
--- a/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
+++ b/core/src/main/java/org/owasp/dependencycheck/data/nuget/XPathMSBuildProjectParser.java
@@ -68,11 +68,12 @@ public List<NugetPackageReference> parse(InputStream stream) throws MSBuildProje
                 final Node node = nodeList.item(i);
                 final NamedNodeMap attrs = node.getAttributes();
 
-                final String include = attrs.getNamedItem("Include").getNodeValue();
-                if (include == null) {
+                final Node includeAttr = attrs.getNamedItem("Include");
+                if (includeAttr == null) {
                     // Issue 5144 work-around for NPE on packageReferences other than includes
                     continue;
                 }
+                final String include = includeAttr.getNodeValue();
                 String version = null;
 
                 if (attrs.getNamedItem("Version") != null) {