Fixes undefined vars becoming null and erroring in conditions

[ekohilas]

When running the following

> gitlab-ci-local@4.53.0 start
> ts-node --log-error src/index.ts --cwd ../some-dir --list-json

The following error occurs

Error attempting to evaluate the following rules:
  rules:
    - if: '"main" && null =~ /\bdependency_scanning\b/ && null == "true"'
as
```javascript
"main" && null.match(/\bdependency_scanning\b/)  != null&& null == "true"

TypeError: Cannot read properties of null (reading 'match')
    at eval (eval at evaluateRuleIf (gitlab-ci-local/src/utils.ts:258:19), <anonymous>:1:20)
    at Function.evaluateRuleIf (gitlab-ci-local/src/utils.ts:258:19)
    at Function.getRulesResult (gitlab-ci-local/src/utils.ts:181:24)
    at new Job (gitlab-ci-local/src/job.ts:217:38)
    at gitlab-ci-local/src/parser.ts:179:29
    at Function.forEachRealJob (gitlab-ci-local/src/utils.ts:54:13)
    at Parser.init (gitlab-ci-local/src/parser.ts:165:15)
    at async Function.create (gitlab-ci-local/src/parser.ts:60:9)
    at async handler (gitlab-ci-local/src/handler.ts:63:18)
    at async Object.handler (gitlab-ci-local/src/index.ts:37:21)

I suspect this happens on a yml that contains

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Jobs/Dependency-Scanning.gitlab-ci.yml

which expands to the following:

gemnasium-maven-dependency_scanning:
  stage: test
  script:
    - /analyzer run
  artifacts:
    access: developer
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
      cyclonedx: '**/gl-sbom-*.cdx.json'
    paths:
      - '**/gl-sbom-*.cdx.json'
  dependencies: []
  rules:
    - if: $DEPENDENCY_SCANNING_DISABLED == 'true' || $DEPENDENCY_SCANNING_DISABLED == '1'
      when: never
    - if: $DS_EXCLUDED_ANALYZERS =~ /gemnasium-maven/
      when: never
    - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bdependency_scanning\b/ && $CI_GITLAB_FIPS_MODE == "true"
      exists:
        - '**/{build.gradle,build.gradle.kts,build.sbt,pom.xml}'
      variables:
        DS_IMAGE_SUFFIX: '-fips'
    - if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bdependency_scanning\b/
      exists:
        - '**/{build.gradle,build.gradle.kts,build.sbt,pom.xml}'
  allow_failure: true
  variables:
    DS_ANALYZER_IMAGE: $SECURE_ANALYZERS_PREFIX/$DS_ANALYZER_NAME:$DS_MAJOR_VERSION
    DS_ANALYZER_NAME: gemnasium-maven
  image:
    name: $DS_ANALYZER_IMAGE$DS_IMAGE_SUFFIX
  cache:
    - *ref_0
  before_script:
    - >-
      if command -v git && [ $OPS_CONSOLE_SHA ]; then (cd services/opsConsole; git fetch --depth 1 origin $OPS_CONSOLE_SHA; git switch --detach
      $OPS_CONSOLE_SHA); fi
    - >-
      if [ $(npm --version) ] && [ "$CI_JOB_NAME" = "${CI_JOB_NAME#gemnasium}" ]; then npm ci --cache .npm --prefer-offline; else echo "container does not use
      NPM"; fi

With the problematic line being

- if: $CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\bdependency_scanning\b/ && $CI_GITLAB_FIPS_MODE == "true"

This can be avoided by defining the variable to be empty, however the proposed solution is likely more future proof.

[ANGkeith]

lgtm, thanks

can help to update the test cases so that we can have regression test

https://github.com/firecow/gitlab-ci-local/blob/master/tests/rules-regex.test.ts#L74

[ANGkeith]

since your changes had failed the regression test.

and our implementation can be a little convoluted....

i hijacked your mr and pushed directly into your branch, hope you're ok with it

[ekohilas]

since your changes had failed the regression test.

and our implementation can be a little convoluted....

i hijacked your mr and pushed directly into your branch, hope you're ok with it

I don't mind at all thank you!

Something with my docker setup is causing a lot of tests to fail that I still need to investigate :/