fix(manager/nuget): quote arguments (#15226)

lib/modules/manager/nuget/__snapshots__/artifacts.spec.ts.snap

@@ -3,7 +3,7 @@
 exports[`modules/manager/nuget/artifacts aborts if lock file is unchanged 1`] = `
 Array [
   Object {
-    "cmd": "dotnet restore project.csproj --force-evaluate --configfile others/nuget/not-so-random/nuget.config",
+    "cmd": "dotnet restore 'path/with space/project.csproj' --force-evaluate --configfile others/nuget/not-so-random/nuget.config",
     "options": Object {
       "cwd": "/tmp/github/some/repo",
       "encoding": "utf-8",
@@ -23,8 +23,6 @@ Array [
 ]
 `;
 
-exports[`modules/manager/nuget/artifacts aborts if no lock file found 1`] = `Array []`;
-
 exports[`modules/manager/nuget/artifacts authenticates at registries 1`] = `
 Array [
   Object {
@@ -66,10 +64,6 @@ Array [
 ]
 `;
 
-exports[`modules/manager/nuget/artifacts does not update lock file when no deps changed 1`] = `Array []`;
-
-exports[`modules/manager/nuget/artifacts does not update lock file when non-proj file is changed 1`] = `Array []`;
-
 exports[`modules/manager/nuget/artifacts performs lock file maintenance 1`] = `
 Array [
   Object {

lib/modules/manager/nuget/artifacts.spec.ts

-import { exec as _exec } from 'child_process';
 import { join } from 'upath';
-import { envMock, mockExecAll } from '../../../../test/exec-util';
-import { fs, git, mocked } from '../../../../test/util';
+import { envMock, exec, mockExecAll } from '../../../../test/exec-util';
+import { env, fs, git, mocked } from '../../../../test/util';
 import { GlobalConfig } from '../../../config/global';
 import type { RepoGlobalConfig } from '../../../config/types';
 import * as docker from '../../../util/exec/docker';
-import * as _env from '../../../util/exec/env';
 import * as _hostRules from '../../../util/host-rules';
 import type { UpdateArtifactsConfig } from '../types';
 import * as nuget from './artifacts';
-import {
-  getConfiguredRegistries as _getConfiguredRegistries,
-  getDefaultRegistries as _getDefaultRegistries,
-  getRandomString as _getRandomString,
-} from './util';
+import * as util from './util';
 
 jest.mock('child_process');
 jest.mock('../../../util/exec/env');
@@ -22,14 +16,8 @@ jest.mock('../../../util/host-rules');
 jest.mock('../../../util/git');
 jest.mock('./util');
 
-const exec: jest.Mock<typeof _exec> = _exec as any;
-const env = mocked(_env);
-const getConfiguredRegistries: jest.Mock<typeof _getConfiguredRegistries> =
-  _getConfiguredRegistries as any;
-const getDefaultRegistries: jest.Mock<typeof _getDefaultRegistries> =
-  _getDefaultRegistries as any;
-const getRandomString: jest.Mock<typeof _getRandomString> =
-  _getRandomString as any;
+const { getConfiguredRegistries, getDefaultRegistries, getRandomString } =
+  mocked(util);
 const hostRules = mocked(_hostRules);
 
 const adminConfig: RepoGlobalConfig = {
@@ -44,13 +32,13 @@ describe('modules/manager/nuget/artifacts', () => {
   beforeEach(() => {
     jest.resetAllMocks();
     jest.resetModules();
-    getDefaultRegistries.mockReturnValue([] as any);
+    getDefaultRegistries.mockReturnValue([]);
     env.getChildProcessEnv.mockReturnValue(envMock.basic);
     fs.ensureCacheDir.mockImplementation((dirName: string) =>
       Promise.resolve(`others/${dirName}`)
     );
     git.getFileList.mockResolvedValueOnce([]);
-    getRandomString.mockReturnValue('not-so-random' as any);
+    getRandomString.mockReturnValue('not-so-random');
     GlobalConfig.set(adminConfig);
     docker.resetPrefetchedImages();
   });
@@ -70,17 +58,19 @@ describe('modules/manager/nuget/artifacts', () => {
         config,
       })
     ).toBeNull();
-    expect(execSnapshots).toMatchSnapshot();
+    expect(execSnapshots).toBeEmptyArray();
   });
 
   it('aborts if lock file is unchanged', async () => {
     const execSnapshots = mockExecAll(exec);
-    fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
+    fs.getSiblingFileName.mockReturnValueOnce(
+      'path/with space/packages.lock.json'
+    );
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
     expect(
       await nuget.updateArtifacts({
-        packageFileName: 'project.csproj',
+        packageFileName: 'path/with space/project.csproj',
         updatedDeps: [{ depName: 'foo' }, { depName: 'bar' }],
         newPackageFileContent: '{}',
         config,
@@ -92,8 +82,8 @@ describe('modules/manager/nuget/artifacts', () => {
   it('updates lock file', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'project.csproj',
@@ -108,8 +98,8 @@ describe('modules/manager/nuget/artifacts', () => {
   it('does not update lock file when non-proj file is changed', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'otherfile.props',
@@ -118,14 +108,14 @@ describe('modules/manager/nuget/artifacts', () => {
         config,
       })
     ).toBeNull();
-    expect(execSnapshots).toMatchSnapshot();
+    expect(execSnapshots).toBeEmptyArray();
   });
 
   it('does not update lock file when no deps changed', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'project.csproj',
@@ -134,14 +124,14 @@ describe('modules/manager/nuget/artifacts', () => {
         config,
       })
     ).toBeNull();
-    expect(execSnapshots).toMatchSnapshot();
+    expect(execSnapshots).toBeEmptyArray();
   });
 
   it('performs lock file maintenance', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'project.csproj',
@@ -160,8 +150,8 @@ describe('modules/manager/nuget/artifacts', () => {
     GlobalConfig.set({ ...adminConfig, binarySource: 'docker' });
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'project.csproj',
@@ -177,8 +167,8 @@ describe('modules/manager/nuget/artifacts', () => {
     GlobalConfig.set({ ...adminConfig, binarySource: 'global' });
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     expect(
       await nuget.updateArtifacts({
         packageFileName: 'project.csproj',
@@ -192,7 +182,7 @@ describe('modules/manager/nuget/artifacts', () => {
 
   it('catches errors', async () => {
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
     fs.writeLocalFile.mockImplementationOnce(() => {
       throw new Error('not found');
     });
@@ -216,8 +206,8 @@ describe('modules/manager/nuget/artifacts', () => {
   it('authenticates at registries', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     getConfiguredRegistries.mockResolvedValueOnce([
       {
         name: 'myRegistry',
@@ -250,8 +240,8 @@ describe('modules/manager/nuget/artifacts', () => {
   it('strips protocol version from feed url', async () => {
     const execSnapshots = mockExecAll(exec);
     fs.getSiblingFileName.mockReturnValueOnce('packages.lock.json');
-    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json' as any);
-    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json' as any);
+    fs.readLocalFile.mockResolvedValueOnce('Current packages.lock.json');
+    fs.readLocalFile.mockResolvedValueOnce('New packages.lock.json');
     getConfiguredRegistries.mockResolvedValueOnce([
       {
         name: 'myRegistry',

lib/modules/manager/nuget/artifacts.ts

@@ -42,14 +42,18 @@ async function addSourceCmds(
       url: registry.url,
     });
     const registryInfo = parseRegistryUrl(registry.url);
-    let addSourceCmd = `dotnet nuget add source ${registryInfo.feedUrl} --configfile ${nugetConfigFile}`;
+    let addSourceCmd = `dotnet nuget add source ${quote(
+      registryInfo.feedUrl
+    )} --configfile ${quote(nugetConfigFile)}`;
     if (registry.name) {
       // Add name for registry, if known.
       addSourceCmd += ` --name ${quote(registry.name)}`;
     }
     if (username && password) {
       // Add registry credentials from host rules, if configured.
-      addSourceCmd += ` --username ${username} --password ${password} --store-password-in-clear-text`;
+      addSourceCmd += ` --username ${quote(username)} --password ${quote(
+        password
+      )} --store-password-in-clear-text`;
     }
     result.push(addSourceCmd);
   }
@@ -78,8 +82,10 @@ async function runDotnetRestore(
   const cmds = [
     ...(await addSourceCmds(packageFileName, config, nugetConfigFile)),
     ...dependentPackageFileNames.map(
-      (f) =>
-        `dotnet restore ${f} --force-evaluate --configfile ${nugetConfigFile}`
+      (fileName) =>
+        `dotnet restore ${quote(
+          fileName
+        )} --force-evaluate --configfile ${quote(nugetConfigFile)}`
     ),
   ];
   await exec(cmds, execOptions);