From 7906c71583bc2c428a4c4ac153cefcb5c29a7c86 Mon Sep 17 00:00:00 2001 From: Maya Chen <275405107+otjdiepluong@users.noreply.github.com> Date: Fri, 5 Jun 2026 22:27:58 +0000 Subject: [PATCH] chore: improve devbox maintenance path --- internal/nix/nix.go | 3 +++ internal/nix/nix_test.go | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+) diff --git a/internal/nix/nix.go b/internal/nix/nix.go index c25444adb4e..e4ddad4ef98 100644 --- a/internal/nix/nix.go +++ b/internal/nix/nix.go @@ -174,6 +174,9 @@ func IsExitErrorInsecurePackage(err error, pkgNameOrEmpty, installableOrEmpty st if strings.Contains(string(exitErr.Stderr), "is marked as insecure") { packageRegex := regexp.MustCompile(`Package ([^ ]+)`) packageMatch := packageRegex.FindStringSubmatch(string(exitErr.Stderr)) + if len(packageMatch) < 2 { + return false, nil + } knownVulnerabilities := []string{} if installableOrEmpty != "" { diff --git a/internal/nix/nix_test.go b/internal/nix/nix_test.go index f43c405346d..3088422916d 100644 --- a/internal/nix/nix_test.go +++ b/internal/nix/nix_test.go @@ -1,6 +1,7 @@ package nix import ( + "os/exec" "testing" ) @@ -68,3 +69,22 @@ func TestParseInsecurePackagesFromExitError(t *testing.T) { t.Errorf("Expected package 'python-2.7.18.7', got %s", packages[0]) } } + +func TestIsExitErrorInsecurePackageMissingPackageName(t *testing.T) { + // Simulate an exit error whose stderr contains "is marked as insecure" + // but lacks the expected "Package " prefix. This defends against + // a panic when the regex match is empty in CI/build environments. + cmd := exec.Command("sh", "-c", `echo "error: something is marked as insecure, refusing to evaluate." >&2; exit 1`) + err := cmd.Run() + if err == nil { + t.Fatal("expected a command error") + } + + insecure, errOut := IsExitErrorInsecurePackage(err, "", "") + if insecure { + t.Error("expected insecure=false when package name is missing") + } + if errOut != nil { + t.Errorf("expected nil error, got %v", errOut) + } +}