From 36a29974bbf94251f640e3c06be816b16a79c252 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Mon, 21 Feb 2022 15:38:24 +0100
Subject: [PATCH] fix: validate depName is a string (#14342)

Closes #14338
---
 lib/workers/repository/process/fetch.spec.ts | 12 +++++++-----
 lib/workers/repository/process/fetch.ts      |  7 +++++--
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/lib/workers/repository/process/fetch.spec.ts b/lib/workers/repository/process/fetch.spec.ts
index 6590a074a9..9448ff3944 100644
--- a/lib/workers/repository/process/fetch.spec.ts
+++ b/lib/workers/repository/process/fetch.spec.ts
@@ -77,17 +77,19 @@ describe('workers/repository/process/fetch', () => {
               { depName: ' ' },
               { depName: null },
               { depName: undefined },
+              { depName: { oh: 'no' } as unknown as string },
             ],
           },
         ],
       };
       await fetchUpdates(config, packageFiles);
-      expect(packageFiles.docker[0].deps[0].skipReason).toBe('missing-depname');
+      expect(packageFiles.docker[0].deps[0].skipReason).toBe('invalid-name');
       expect(packageFiles.docker[0].deps[1].skipReason).toBeUndefined();
-      expect(packageFiles.docker[0].deps[2].skipReason).toBe('missing-depname');
-      expect(packageFiles.docker[0].deps[3].skipReason).toBe('missing-depname');
-      expect(packageFiles.docker[0].deps[4].skipReason).toBe('missing-depname');
-      expect(packageFiles.docker[0].deps[5].skipReason).toBe('missing-depname');
+      expect(packageFiles.docker[0].deps[2].skipReason).toBe('invalid-name');
+      expect(packageFiles.docker[0].deps[3].skipReason).toBe('invalid-name');
+      expect(packageFiles.docker[0].deps[4].skipReason).toBe('invalid-name');
+      expect(packageFiles.docker[0].deps[5].skipReason).toBe('invalid-name');
+      expect(packageFiles.docker[0].deps[6].skipReason).toBe('invalid-name');
     });
   });
 });
diff --git a/lib/workers/repository/process/fetch.ts b/lib/workers/repository/process/fetch.ts
index 75bbcd6a3a..3ea114fd10 100644
--- a/lib/workers/repository/process/fetch.ts
+++ b/lib/workers/repository/process/fetch.ts
@@ -16,8 +16,11 @@ async function fetchDepUpdates(
 ): Promise<PackageDependency> {
   let dep = clone(indep);
   dep.updates = [];
-  if (!is.nonEmptyString(dep.depName?.trim())) {
-    dep.skipReason = 'missing-depname';
+  if (is.string(dep.depName)) {
+    dep.depName = dep.depName.trim();
+  }
+  if (!is.nonEmptyString(dep.depName)) {
+    dep.skipReason = 'invalid-name';
   }
   if (dep.skipReason) {
     return dep;
-- 
GitLab