From 2180f5bd23c6faddac37e8073000b6fc8d11bb40 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Sat, 14 Jan 2023 09:52:30 +0100
Subject: [PATCH] fix(bundler): harden extract (#19839)

---
 lib/modules/manager/bundler/extract.ts | 35 +++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/lib/modules/manager/bundler/extract.ts b/lib/modules/manager/bundler/extract.ts
index 1329812035..62107de857 100644
--- a/lib/modules/manager/bundler/extract.ts
+++ b/lib/modules/manager/bundler/extract.ts
@@ -73,8 +73,16 @@ export async function extractPackageFile(
       while (lineNumber < lines.length && groupLine !== 'end') {
         lineNumber += 1;
         groupLine = lines[lineNumber];
+        // istanbul ignore if
+        if (!is.string(groupLine)) {
+          logger.warn(
+            { content, fileName, type: 'groupLine' },
+            'Bundler parsing error'
+          );
+          groupLine = 'end';
+        }
         if (groupLine !== 'end') {
-          groupContent += formatContent(groupLine || '');
+          groupContent += formatContent(groupLine);
         }
       }
       const groupRes = await extractPackageFile(groupContent);
@@ -104,8 +112,11 @@ export async function extractPackageFile(
           lineNumber += 1;
           sourceLine = lines[lineNumber];
           // istanbul ignore if
-          if (sourceLine === null || sourceLine === undefined) {
-            logger.info({ content, fileName }, 'Undefined sourceLine');
+          if (!is.string(sourceLine)) {
+            logger.warn(
+              { content, fileName, type: 'sourceLine' },
+              'Bundler parsing error'
+            );
             sourceLine = 'end';
           }
           if (sourceLine !== 'end') {
@@ -135,6 +146,14 @@ export async function extractPackageFile(
       while (lineNumber < lines.length && platformsLine !== 'end') {
         lineNumber += 1;
         platformsLine = lines[lineNumber];
+        // istanbul ignore if
+        if (!is.string(platformsLine)) {
+          logger.warn(
+            { content, fileName, type: 'platformsLine' },
+            'Bundler parsing error'
+          );
+          platformsLine = 'end';
+        }
         if (platformsLine !== 'end') {
           platformsContent += formatContent(platformsLine);
         }
@@ -160,7 +179,15 @@ export async function extractPackageFile(
       while (lineNumber < lines.length && ifLine !== 'end') {
         lineNumber += 1;
         ifLine = lines[lineNumber];
-        if (is.string(ifLine) && ifLine !== 'end') {
+        // istanbul ignore if
+        if (!is.string(ifLine)) {
+          logger.warn(
+            { content, fileName, type: 'ifLine' },
+            'Bundler parsing error'
+          );
+          ifLine = 'end';
+        }
+        if (ifLine !== 'end') {
           ifContent += formatContent(ifLine);
         }
       }
-- 
GitLab