Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

strip BOM from YAML manifests #11779

Merged
merged 1 commit into from
Mar 11, 2025
+7 −31
Merged

strip BOM from YAML manifests #11779

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions docker/lib/dependabot/docker/file_parser.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,6 @@ def parse
end

manifest_files.each do |file|
check_manifest_file_encoding(file)
dependency_set += workfile_file_dependencies(file)
end

Expand Down Expand Up @@ -83,15 +82,6 @@ def manifest_files
dependency_files.select { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
end

sig { params(file: Dependabot::DependencyFile).void }
def check_manifest_file_encoding(file)
return unless file.content&.start_with?("\uFEFF")

file_path = Pathname.new(file.directory).join(file.name).cleanpath.to_path
msg = "The file appears to have been saved with a byte order mark (BOM). This will prevent proper parsing."
raise Dependabot::DependencyFileNotParseable.new(file_path, msg)
end

sig { params(file: Dependabot::DependencyFile).returns(DependencySet) }
def workfile_file_dependencies(file)
dependency_set = DependencySet.new
Expand Down
8 changes: 7 additions & 1 deletion docker/lib/dependabot/shared/shared_file_fetcher.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,13 @@ def yamlfiles
@yamlfiles ||= T.let(
repo_contents(raise_errors: false)
.select { |f| f.type == "file" && f.name.match?(YAML_REGEXP) }
.map { |f| fetch_file_from_host(f.name) },
.map do |f|
fetched = fetch_file_from_host(f.name)
# The YAML parser used doesn't properly handle a byte-order-mark (BOM) and it can cause failures in
# unexpected ways. That BOM is removed here to allow regular updates to proceed.
fetched.content = T.must(fetched.content)[1..-1] if fetched.content&.start_with?("\uFEFF")
fetched
end,
T.nilable(T::Array[DependencyFile])
)
end
Expand Down
10 changes: 0 additions & 10 deletions docker/spec/dependabot/docker/file_parser_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1142,16 +1142,6 @@
end
end
end

context "with an invalid yaml file" do
let(:podfile_fixture_name) { "with_bom.yaml" }

it "throws when the yaml starts with a byte order mark" do
expect do
_unused = dependencies
end.to raise_error(Dependabot::DependencyFileNotParseable)
end
end
end

describe "YAML parse" do
Expand Down
10 changes: 0 additions & 10 deletions docker/spec/fixtures/kubernetes/yaml/with_bom.yaml
View file
Open in desktop

This file was deleted.

Loading