Merge pull request #11779 from dependabot/dev/brettfo/docker-yaml-bom

strip BOM from YAML manifests
dependabot · Mar 11, 2025 · 683e6a8 · 683e6a8
2 parents 114cd43 + 3f6e44e
commit 683e6a8
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 31 deletions.
diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb
@@ -53,7 +53,6 @@ def parse
         end
 
         manifest_files.each do |file|
-          check_manifest_file_encoding(file)
           dependency_set += workfile_file_dependencies(file)
         end
 
@@ -83,15 +82,6 @@ def manifest_files
         dependency_files.select { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
       end
 
-      sig { params(file: Dependabot::DependencyFile).void }
-      def check_manifest_file_encoding(file)
-        return unless file.content&.start_with?("\uFEFF")
-
-        file_path = Pathname.new(file.directory).join(file.name).cleanpath.to_path
-        msg = "The file appears to have been saved with a byte order mark (BOM). This will prevent proper parsing."
-        raise Dependabot::DependencyFileNotParseable.new(file_path, msg)
-      end
-
       sig { params(file: Dependabot::DependencyFile).returns(DependencySet) }
       def workfile_file_dependencies(file)
         dependency_set = DependencySet.new

diff --git a/docker/lib/dependabot/shared/shared_file_fetcher.rb b/docker/lib/dependabot/shared/shared_file_fetcher.rb
@@ -76,7 +76,13 @@ def yamlfiles
         @yamlfiles ||= T.let(
           repo_contents(raise_errors: false)
             .select { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
-            .map { |f| fetch_file_from_host(f.name) },
+            .map do |f|
+              fetched = fetch_file_from_host(f.name)
+              # The YAML parser used doesn't properly handle a byte-order-mark (BOM) and it can cause failures in
+              # unexpected ways.  That BOM is removed here to allow regular updates to proceed.
+              fetched.content = T.must(fetched.content)[1..-1] if fetched.content&.start_with?("\uFEFF")
+              fetched
+            end,
           T.nilable(T::Array[DependencyFile])
         )
       end

diff --git a/docker/spec/dependabot/docker/file_parser_spec.rb b/docker/spec/dependabot/docker/file_parser_spec.rb
@@ -1142,16 +1142,6 @@
         end
       end
     end
-
-    context "with an invalid yaml file" do
-      let(:podfile_fixture_name) { "with_bom.yaml" }
-
-      it "throws when the yaml starts with a byte order mark" do
-        expect do
-          _unused = dependencies
-        end.to raise_error(Dependabot::DependencyFileNotParseable)
-      end
-    end
   end
 
   describe "YAML parse" do

diff --git a/docker/spec/fixtures/kubernetes/yaml/with_bom.yaml b/docker/spec/fixtures/kubernetes/yaml/with_bom.yaml