From a6c9075f76fc747070873719a34530818ed16f73 Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Wed, 27 Sep 2023 10:36:55 +0200
Subject: [PATCH] fix(kustomize): validate name is a string (#24676)

Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
---
 lib/modules/manager/kustomize/extract.spec.ts | 9 +++++++++
 lib/modules/manager/kustomize/extract.ts      | 7 ++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/modules/manager/kustomize/extract.spec.ts b/lib/modules/manager/kustomize/extract.spec.ts
index 10da86921e..e41d7719b8 100644
--- a/lib/modules/manager/kustomize/extract.spec.ts
+++ b/lib/modules/manager/kustomize/extract.spec.ts
@@ -186,6 +186,15 @@ describe('modules/manager/kustomize/extract', () => {
       expect(pkg).toBeNull();
     });
 
+    it('should return null on invalid input', () => {
+      const pkg = extractImage({
+        // @ts-expect-error: for testing
+        name: 3,
+        newTag: '',
+      });
+      expect(pkg).toBeNull();
+    });
+
     it('should correctly extract a default image', () => {
       const sample = {
         currentDigest: undefined,
diff --git a/lib/modules/manager/kustomize/extract.ts b/lib/modules/manager/kustomize/extract.ts
index 8c7e85f4dc..5bccc523a5 100644
--- a/lib/modules/manager/kustomize/extract.ts
+++ b/lib/modules/manager/kustomize/extract.ts
@@ -67,7 +67,12 @@ export function extractImage(image: Image): PackageDependency | null {
   if (!image.name) {
     return null;
   }
-  const nameDep = splitImageParts(image.newName ?? image.name);
+  const nameToSplit = image.newName ?? image.name;
+  if (!is.string(nameToSplit)) {
+    logger.debug({ image }, 'Invalid image name');
+    return null;
+  }
+  const nameDep = splitImageParts(nameToSplit);
   const { depName } = nameDep;
   const { digest, newTag } = image;
   if (digest && newTag) {
-- 
GitLab