lockfile-lint
Advanced tools
Comparing version 4.1.0 to 4.2.0
@@ -21,6 +21,19 @@ #!/usr/bin/env node | ||
['validate-https', 'validateHttps'], | ||
['allowed-schemes', 'validateSchemes'] | ||
['allowed-schemes', 'validateSchemes'], | ||
['allowed-urls', 'validateUrls'] | ||
]) | ||
for (const [commandArgument, commandValue] of Object.entries(config)) { | ||
/** | ||
* If we have both --allowed-urls and --allowed-hosts flags active | ||
* then we can skip doing the work for allowed urls as the validator | ||
* for allowed hosts will check for both. | ||
* | ||
* We only need to run the check for allowed urls if the user does not | ||
* specify allowed hosts. | ||
*/ | ||
if (commandArgument === 'allowed-urls' && config['allowed-hosts']) { | ||
continue | ||
} | ||
if (supportedValidators.has(commandArgument)) { | ||
@@ -32,3 +45,5 @@ const validatorItem = supportedValidators.get(commandArgument) | ||
options: { | ||
emptyHostname: config['empty-hostname'] | ||
emptyHostname: config['empty-hostname'], | ||
allowedHosts: config['allowed-hosts'], | ||
allowedUrls: config['allowed-urls'] | ||
} | ||
@@ -35,0 +50,0 @@ }) |
@@ -6,2 +6,13 @@ # Change Log | ||
# [4.2.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.1.0...lockfile-lint@4.2.0) (2020-03-23) | ||
### Features | ||
* **validators:** add URL validator ([#52](https://github.com/lirantal/lockfile-lint/issues/52)) ([e81ffe9](https://github.com/lirantal/lockfile-lint/commit/e81ffe9)) | ||
# [4.1.0](https://github.com/lirantal/lockfile-lint/compare/lockfile-lint@4.0.0...lockfile-lint@4.1.0) (2020-03-09) | ||
@@ -8,0 +19,0 @@ |
{ | ||
"name": "lockfile-lint", | ||
"version": "4.1.0", | ||
"version": "4.2.0", | ||
"description": "A CLI to lint a lockfile for security policies", | ||
@@ -57,3 +57,3 @@ "bin": { | ||
"debug": "^4.1.1", | ||
"lockfile-lint-api": "^5.0.12", | ||
"lockfile-lint-api": "^5.1.0", | ||
"yargs": "^15.0.2" | ||
@@ -183,3 +183,3 @@ }, | ||
}, | ||
"gitHead": "b481e8046cc5b8736263c3ce130c9783677460c5" | ||
"gitHead": "d30ce73a3e5977dede29450df1c79b09f02779b2" | ||
} |
@@ -65,2 +65,7 @@ 'use strict' | ||
conflicts: ['validate-https', 's'] | ||
}, | ||
u: { | ||
alias: ['allowed-urls'], | ||
type: 'array', | ||
describe: 'validates a whitelist of allowed URLs to be used for resources in the lockfile' | ||
} | ||
@@ -67,0 +72,0 @@ }) |
@@ -7,3 +7,4 @@ 'use strict' | ||
ValidateHttpsManager, | ||
ValidateSchemeManager | ||
ValidateSchemeManager, | ||
ValidateUrlManager | ||
} = require('../src/validators') | ||
@@ -14,3 +15,4 @@ | ||
['validateHttps', ValidateHttpsManager], | ||
['validateSchemes', ValidateSchemeManager] | ||
['validateSchemes', ValidateSchemeManager], | ||
['validateUrls', ValidateUrlManager] | ||
]) | ||
@@ -17,0 +19,0 @@ |
'use strict' | ||
const {ValidateHost, ParseLockfile, ValidateHttps, ValidateScheme} = require('lockfile-lint-api') | ||
const { | ||
ValidateHost, | ||
ParseLockfile, | ||
ValidateHttps, | ||
ValidateScheme, | ||
ValidateUrl | ||
} = require('lockfile-lint-api') | ||
const debug = require('debug') | ||
@@ -9,3 +15,4 @@ | ||
ValidateHttpsManager, | ||
ValidateSchemeManager | ||
ValidateSchemeManager, | ||
ValidateUrlManager | ||
} | ||
@@ -43,4 +50,19 @@ | ||
const validator = new ValidateHost({packages: lockfile.object}) | ||
const validationResult = validator.validate(validatorValues, validatorOptions) | ||
return validator.validate(validatorValues, validatorOptions) | ||
// Check if some of the errors are for allowed URLs and filter those out | ||
if (validatorOptions && validatorOptions.allowedUrls) { | ||
const urlValidator = new ValidateUrl({packages: lockfile.object}) | ||
validationResult.errors = validationResult.errors.filter( | ||
result => !urlValidator.validateSingle(result.package, validatorOptions.allowedUrls) | ||
) | ||
// If we don't have any errors left at this point make sure it's a success type | ||
if (!validationResult.errors.length) { | ||
validationResult.type = 'success' | ||
} | ||
} | ||
return validationResult | ||
} | ||
@@ -64,1 +86,18 @@ | ||
} | ||
function ValidateUrlManager ({path, type, validatorValues, validatorOptions}) { | ||
debug('validate-url-manager')( | ||
`invoked with validator options: ${JSON.stringify(validatorValues)}` | ||
) | ||
const options = { | ||
lockfilePath: path, | ||
lockfileType: type | ||
} | ||
const parser = new ParseLockfile(options) | ||
const lockfile = parser.parseSync() | ||
const validator = new ValidateUrl({packages: lockfile.object}) | ||
return validator.validate(validatorValues, validatorOptions) | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
42478
275
Updatedlockfile-lint-api@^5.1.0