Defensively guard against dangling ? from qualifiers
This commit is contained in:
@@ -20,7 +20,7 @@ test("Parses CLI output", async () => {
|
||||
});
|
||||
|
||||
describe("ComponentDetection.makePackageUrl", () => {
|
||||
test("returns a valid package url", () => {
|
||||
test("returns a valid package url from saturated object", () => {
|
||||
const packageUrl = ComponentDetection.makePackageUrl({
|
||||
Scheme: "pkg",
|
||||
Type: "npm",
|
||||
@@ -36,4 +36,18 @@ describe("ComponentDetection.makePackageUrl", () => {
|
||||
"pkg:npm/github/component-detection-action@0.0.2?arch=amd64&os=linux"
|
||||
);
|
||||
});
|
||||
|
||||
test("returns valid package url without dangling ? with empty qualifers", () => {
|
||||
const packageUrl = ComponentDetection.makePackageUrl({
|
||||
Scheme: "pkg",
|
||||
Type: "npm",
|
||||
Namespace: "github",
|
||||
Name: "component-detection-action",
|
||||
Version: "0.0.2",
|
||||
Qualifiers: { },
|
||||
});
|
||||
expect(packageUrl).toBe(
|
||||
"pkg:npm/github/component-detection-action@0.0.2"
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -128,7 +128,9 @@ export default class ComponentDetection {
|
||||
if (packageUrlJson.Version) {
|
||||
packageUrl += `@${packageUrlJson.Version}`;
|
||||
}
|
||||
if (packageUrlJson.Qualifiers !== null) {
|
||||
if (typeof packageUrlJson.Qualifiers === "object"
|
||||
&& packageUrlJson.Qualifiers !== null
|
||||
&& Object.keys(packageUrlJson.Qualifiers).length > 0) {
|
||||
const qualifierString = Object.entries(packageUrlJson.Qualifiers)
|
||||
.map(([key, value]) => `${key}=${value}`)
|
||||
.join("&");
|
||||
|
||||
+3
-1
@@ -23425,7 +23425,9 @@ class ComponentDetection {
|
||||
if (packageUrlJson.Version) {
|
||||
packageUrl += `@${packageUrlJson.Version}`;
|
||||
}
|
||||
if (packageUrlJson.Qualifiers !== null) {
|
||||
if (typeof packageUrlJson.Qualifiers === "object"
|
||||
&& packageUrlJson.Qualifiers !== null
|
||||
&& Object.keys(packageUrlJson.Qualifiers).length > 0) {
|
||||
const qualifierString = Object.entries(packageUrlJson.Qualifiers)
|
||||
.map(([key, value]) => `${key}=${value}`)
|
||||
.join("&");
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user