Skip to content
Snippets Groups Projects
Unverified Commit 1567386f authored by Jamie Magee's avatar Jamie Magee Committed by GitHub
Browse files

refactor: safely parse `Pipfile.lock` (#20825)

parent cbbeecbe
No related branches found
No related tags found
No related merge requests found
...@@ -15,11 +15,12 @@ import type { ...@@ -15,11 +15,12 @@ import type {
UpdateArtifactsConfig, UpdateArtifactsConfig,
UpdateArtifactsResult, UpdateArtifactsResult,
} from '../types'; } from '../types';
import { PipfileLockSchema } from './schema';
function getPythonConstraint( function getPythonConstraint(
existingLockFileContent: string, existingLockFileContent: string,
config: UpdateArtifactsConfig config: UpdateArtifactsConfig
): string | undefined | null { ): string | undefined {
const { constraints = {} } = config; const { constraints = {} } = config;
const { python } = constraints; const { python } = constraints;
...@@ -28,14 +29,20 @@ function getPythonConstraint( ...@@ -28,14 +29,20 @@ function getPythonConstraint(
return python; return python;
} }
try { try {
const pipfileLock = JSON.parse(existingLockFileContent); const result = PipfileLockSchema.safeParse(
if (pipfileLock?._meta?.requires?.python_version) { JSON.parse(existingLockFileContent)
const pythonVersion: string = pipfileLock._meta.requires.python_version; );
// istanbul ignore if: not easily testable
if (!result.success) {
logger.warn({ error: result.error }, 'Invalid Pipfile.lock');
return undefined;
}
if (result.data._meta?.requires?.python_version) {
const pythonVersion = result.data._meta.requires.python_version;
return `== ${pythonVersion}.*`; return `== ${pythonVersion}.*`;
} }
if (pipfileLock?._meta?.requires?.python_full_version) { if (result.data._meta?.requires?.python_full_version) {
const pythonFullVersion: string = const pythonFullVersion = result.data._meta.requires.python_full_version;
pipfileLock._meta.requires.python_full_version;
return `== ${pythonFullVersion}`; return `== ${pythonFullVersion}`;
} }
} catch (err) { } catch (err) {
...@@ -56,14 +63,19 @@ function getPipenvConstraint( ...@@ -56,14 +63,19 @@ function getPipenvConstraint(
return pipenv; return pipenv;
} }
try { try {
const pipfileLock = JSON.parse(existingLockFileContent); const result = PipfileLockSchema.safeParse(
if (pipfileLock?.default?.pipenv?.version) { JSON.parse(existingLockFileContent)
const pipenvVersion: string = pipfileLock.default.pipenv.version; );
return pipenvVersion; // istanbul ignore if: not easily testable
} if (!result.success) {
if (pipfileLock?.develop?.pipenv?.version) { logger.warn({ error: result.error }, 'Invalid Pipfile.lock');
const pipenvVersion: string = pipfileLock.develop.pipenv.version; return '';
return pipenvVersion; }
if (result.data.default?.pipenv?.version) {
return result.data.default.pipenv.version;
}
if (result.data.develop?.pipenv?.version) {
return result.data.develop.pipenv.version;
} }
} catch (err) { } catch (err) {
// Do nothing // Do nothing
......
import { z } from 'zod';
const PipfileLockEntrySchema = z
.record(
z.string(),
z.object({
version: z.string().optional(),
})
)
.optional();
export const PipfileLockSchema = z.object({
_meta: z
.object({
requires: z
.object({
python_version: z.string().optional(),
python_full_version: z.string().optional(),
})
.optional(),
})
.optional(),
default: PipfileLockEntrySchema,
develop: PipfileLockEntrySchema,
});
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment