fix(manager/terraform): Guard against empty module and provider fields (#20394)

2025-01-15 00:56:26 +00:00 · 2023-02-14 12:39:09 +03:00 · 2023-02-14 12:39:09 +03:00 · 3eb96c9647
commit 3eb96c9647
parent 2235659b18
3 changed files with 27 additions and 0 deletions
--- a/lib/modules/manager/terraform/extractors/others/modules.ts
+++ b/lib/modules/manager/terraform/extractors/others/modules.ts
@ -34,6 +34,12 @@ export class ModuleExtractor extends DependencyExtractor {
      return [];
    }

+    // istanbul ignore if
+    if (!is.plainObject(modules)) {
+      logger.debug({ modules }, 'Terraform: unexpected `modules` value');
+      return [];
+    }
+
    const dependencies = [];
    for (const moduleElement of Object.values(modules).flat()) {
      const dep = {
--- a/lib/modules/manager/terraform/extractors/others/providers.ts
+++ b/lib/modules/manager/terraform/extractors/others/providers.ts
@ -1,4 +1,5 @@
 import is from '@sindresorhus/is';
+import { logger } from '../../../../../logger';
 import type { PackageDependency } from '../../../types';
 import { TerraformProviderExtractor } from '../../base';
 import type { TerraformDefinitionFile } from '../../hcl/types';
@ -18,6 +19,15 @@ export class ProvidersExtractor extends TerraformProviderExtractor {
      return [];
    }

+    // istanbul ignore if
+    if (!is.plainObject(providerTypes)) {
+      logger.debug(
+        { providerTypes },
+        'Terraform: unexpected `providerTypes` value'
+      );
+      return [];
+    }
+
    const dependencies = [];
    for (const providerTypeName of Object.keys(providerTypes)) {
      for (const providerTypeElement of providerTypes[providerTypeName]) {
--- a/lib/modules/manager/terraform/extractors/resources/helm-release.ts
+++ b/lib/modules/manager/terraform/extractors/resources/helm-release.ts
@ -1,4 +1,5 @@
 import is from '@sindresorhus/is';
+import { logger } from '../../../../../logger';
 import { DockerDatasource } from '../../../../datasource/docker';
 import { HelmDatasource } from '../../../../datasource/helm';
 import { isOCIRegistry } from '../../../helmv3/utils';
@ -19,6 +20,16 @@ export class HelmReleaseExtractor extends DependencyExtractor {
    if (is.nullOrUndefined(helmReleases)) {
      return [];
    }
+
+    // istanbul ignore if
+    if (!is.plainObject(helmReleases)) {
+      logger.debug(
+        { helmReleases },
+        'Terraform: unexpected `helmReleases` value'
+      );
+      return [];
+    }
+
    for (const helmRelease of Object.values(helmReleases).flat()) {
      const dep: PackageDependency = {
        currentValue: helmRelease.version,