Remove invalid UTF-8 characters from nuspec response body

Qureshi2131 · Jan 29, 2024 · f087f20 · f087f20
1 parent aca169f
commit f087f20
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 3 deletions.
diff --git a/nuget/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb b/nuget/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb
@@ -39,7 +39,7 @@ def self.fetch_nuspec_from_repository(repository_details, package_id, package_ve
 
           return unless nuspec_response.status == 200
 
-          nuspec_response_body = remove_wrapping_zero_width_chars(nuspec_response.body)
+          nuspec_response_body = remove_invalid_characters(nuspec_response.body)
           nuspec_xml = Nokogiri::XML(nuspec_response_body)
         else
           # no guarantee we can directly query the .nuspec; fall back to extracting it from the .nupkg
@@ -75,8 +75,11 @@ def self.extract_nuspec(zip_stream, package_id)
         nil
       end
 
-      def self.remove_wrapping_zero_width_chars(string)
-        string.force_encoding("UTF-8").encode
+      def self.remove_invalid_characters(string)
+        string.dup
+              .force_encoding(Encoding::UTF_8)
+              .encode
+              .scrub("")
               .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
               .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
       end

diff --git a/nuget/spec/dependabot/nuget/update_checker/nuspec_fetcher_spec.rb b/nuget/spec/dependabot/nuget/update_checker/nuspec_fetcher_spec.rb
@@ -43,4 +43,13 @@
       it { is_expected.to be_falsy }
     end
   end
+
+  describe "remove_invalid_characters" do
+    context "when a utf-16 bom is present" do
+      let(:response_body) { "\xFE\xFF<xml></xml>" }
+      subject(:result) { described_class.remove_invalid_characters(response_body) }
+
+      it { is_expected.to eq("<xml></xml>") }
+    end
+  end
 end