Validate version items match layout before accessing matches result (!20) · Merge requests · GitLab.org / ruby / gems / semver_dialects

Oscar Tovar requested to merge otovar/validate-versions into master Dec 19, 2023

The semver_dialects lib assumes that every item in the versionstring given will match the expected layout, and have an op and version. When this is not the case, accessing the nil matches variable results in a NoMethodError that is hard to safely handle by the caller. This MR gracefully handles the error by first checking to see if the version_item matches the expected layout, and if it does not, it raises a known SemverDialects::Error error. In the context of CVS, this allows vulnerability scans to safely rescue instances where we cannot scan an SBOM component because of a malformed version string instead of rescuing all NoMethodError exceptions.

Relates to gitlab-org/gitlab#435452 (closed)

Validate version items match layout before accessing matches result

Merge request reports