Parse purls cautiously in getDeniedChanges

actions · Apr 26, 2024 · a346092 · a346092
1 parent 0659a74
commit a346092
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/deny.ts b/src/deny.ts
@@ -11,7 +11,13 @@ export async function getDeniedChanges(
 
   let hasDeniedPackage = false
   for (const change of changes) {
-    const changedPackage = PackageURL.fromString(change.package_url)
+    let changedPackage: PackageURL
+    try {
+      changedPackage = PackageURL.fromString(change.package_url)
+    } catch (error) {
+      core.error(`Error parsing package URL: ${error}`)
+      continue
+    }
 
     for (const denied of deniedPackages) {
       if (