From 154b47755403f5d9e13fdabdca62aff7b25a5acf Mon Sep 17 00:00:00 2001
From: "ricardo.bartels@telekom.de" <ricardo.bartels@telekom.de>
Date: Fri, 12 Jul 2024 17:22:10 +0200
Subject: [PATCH 1/3] improves handling of Helm index with broken helm chart
 versions #13176

Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
---
 pkg/repo/index.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkg/repo/index.go b/pkg/repo/index.go
index 40b11c5cf..3e6cfa5d3 100644
--- a/pkg/repo/index.go
+++ b/pkg/repo/index.go
@@ -353,6 +353,10 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
 		return i, err
 	}
 
+	if i.APIVersion == "" {
+		return i, ErrNoAPIVersion
+	}
+
 	for name, cvs := range i.Entries {
 		for idx := len(cvs) - 1; idx >= 0; idx-- {
 			if cvs[idx] == nil {
@@ -371,11 +375,10 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
 				cvs = append(cvs[:idx], cvs[idx+1:]...)
 			}
 		}
+		// adjust slice to only contain a set of valid versions
+		i.Entries[name] = cvs
 	}
 	i.SortEntries()
-	if i.APIVersion == "" {
-		return i, ErrNoAPIVersion
-	}
 	return i, nil
 }
 

From af13b0d8dca846ea27df3a21a4e37829e3b81654 Mon Sep 17 00:00:00 2001
From: "ricardo.bartels@telekom.de" <ricardo.bartels@telekom.de>
Date: Sun, 14 Jul 2024 11:51:13 +0200
Subject: [PATCH 2/3] adds tests for handling of Helm index with broken chart
 versions #13176

Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
---
 pkg/repo/index_test.go | 74 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/pkg/repo/index_test.go b/pkg/repo/index_test.go
index 91486670b..a1e3e9438 100644
--- a/pkg/repo/index_test.go
+++ b/pkg/repo/index_test.go
@@ -644,3 +644,77 @@ func TestIgnoreSkippableChartValidationError(t *testing.T) {
 		})
 	}
 }
+
+var indexWithDuplicatesInChartDeps = `
+apiVersion: v1
+entries:
+  nginx:
+    - urls:
+        - https://charts.helm.sh/stable/alpine-1.0.0.tgz
+        - http://storage2.googleapis.com/kubernetes-charts/alpine-1.0.0.tgz
+      name: alpine
+      description: string
+      home: https://github.com/something
+      digest: "sha256:1234567890abcdef"
+    - urls:
+        - https://charts.helm.sh/stable/nginx-0.2.0.tgz
+      name: nginx
+      description: string
+      version: 0.2.0
+      home: https://github.com/something/else
+      digest: "sha256:1234567890abcdef"
+`
+var indexWithDuplicatesInLastChartDeps = `
+apiVersion: v1
+entries:
+  nginx:
+    - urls:
+        - https://charts.helm.sh/stable/nginx-0.2.0.tgz
+      name: nginx
+      description: string
+      version: 0.2.0
+      home: https://github.com/something/else
+      digest: "sha256:1234567890abcdef"
+    - urls:
+        - https://charts.helm.sh/stable/alpine-1.0.0.tgz
+        - http://storage2.googleapis.com/kubernetes-charts/alpine-1.0.0.tgz
+      name: alpine
+      description: string
+      home: https://github.com/something
+      digest: "sha256:111"
+`
+
+func TestLoadIndex_DuplicateChartDeps(t *testing.T) {
+	tests := []struct {
+		source string
+		data   string
+	}{
+		{
+			source: "indexWithDuplicatesInChartDeps",
+			data:   indexWithDuplicatesInChartDeps,
+		},
+		{
+			source: "indexWithDuplicatesInLastChartDeps",
+			data:   indexWithDuplicatesInLastChartDeps,
+		},
+	}
+	for _, tc := range tests {
+		t.Run(tc.source, func(t *testing.T) {
+			idx, err := loadIndex([]byte(tc.data), tc.source)
+			if err != nil {
+				t.Fatalf("unexpected error: %s", err)
+			}
+			cvs := idx.Entries["nginx"]
+			if cvs == nil {
+				if err != nil {
+					t.Error("expected one chart version not to be filtered out")
+				}
+			}
+			for _, v := range cvs {
+				if v.Name == "alpine" {
+					t.Error("malformed version was not filtered out")
+				}
+			}
+		})
+	}
+}

From cdbef2b7d1862e6fe4253e39740afbc5ec405679 Mon Sep 17 00:00:00 2001
From: "ricardo.bartels@telekom.de" <ricardo.bartels@telekom.de>
Date: Wed, 14 Aug 2024 09:04:36 +0200
Subject: [PATCH 3/3] Revering change unrelated to issue #13176

Signed-off-by: ricardo.bartels@telekom.de <ricardo.bartels@telekom.de>
---
 pkg/repo/index.go | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/pkg/repo/index.go b/pkg/repo/index.go
index 3e6cfa5d3..83324ed92 100644
--- a/pkg/repo/index.go
+++ b/pkg/repo/index.go
@@ -353,10 +353,6 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
 		return i, err
 	}
 
-	if i.APIVersion == "" {
-		return i, ErrNoAPIVersion
-	}
-
 	for name, cvs := range i.Entries {
 		for idx := len(cvs) - 1; idx >= 0; idx-- {
 			if cvs[idx] == nil {
@@ -379,6 +375,9 @@ func loadIndex(data []byte, source string) (*IndexFile, error) {
 		i.Entries[name] = cvs
 	}
 	i.SortEntries()
+	if i.APIVersion == "" {
+		return i, ErrNoAPIVersion
+	}
 	return i, nil
 }