snyk-policy - npm Package Compare versions

Comparing version 1.21.5 to 1.22.0

lib/filter/ignore.js

@@ -10,3 +10,8 @@ module.exports = filterIgnored;
 // see http://git.io/vCHmV for example of what ignore structure looks like
-function filterIgnored(ignore, vuln, filtered) {
+function filterIgnored(
+  ignore,
+  vuln,
+  filtered,
+  matchStrategy = 'packageManager'
+) {
   if (!ignore) {
@@ -79,3 +84,3 @@ return vuln;
           // first check if the path is a match on the rule
-          const pathMatch = matchToRule(vuln, rule);
+          const pathMatch = matchToRule(vuln, rule, matchStrategy);
 
@@ -82,0 +87,0 @@ if (pathMatch && expires && expires < now) {

lib/filter/index.js

@@ -9,3 +9,3 @@ module.exports = filter;
 // warning: mutates vulns
-function filter(vulns, policy, root) {
+function filter(vulns, policy, root, matchStrategy = 'packageManager') {
   if (!root) {
@@ -28,3 +28,4 @@ root = process.cwd();
     vulns.vulnerabilities,
-    filtered.ignore
+    filtered.ignore,
+    matchStrategy
   );
@@ -31,0 +32,0 @@

lib/index.js

@@ -32,4 +32,9 @@ const fs = require('promise-fs');
 function attachMethods(policy) {
-  policy.filter = function (vulns, root) {
-    return filter(vulns, policy, root || path.dirname(policy.__filename));
+  policy.filter = function (vulns, root, matchStrategy = 'packageManager') {
+    return filter(
+      vulns,
+      policy,
+      root || path.dirname(policy.__filename),
+      matchStrategy
+    );
   };
@@ -36,0 +41,0 @@ policy.save = save.bind(null, policy);

lib/match.js

@@ -108,9 +108,13 @@ module.exports = {
 
-function matchToRule(vuln, rule) {
+function matchToRule(vuln, rule, matchStrategy = 'packageManager') {
   return Object.keys(rule).some(function (path) {
-    return matchToSingleRule(vuln, path);
+    return matchToSingleRule(vuln, path, matchStrategy);
   });
 }
 
-function matchToSingleRule(vuln, path) {
+function matchToSingleRule(vuln, path, matchStrategy) {
+  if (matchStrategy === 'exact') {
+    return matchExactWithStars(vuln, path);
+  }
+
   // check for an exact match
@@ -129,2 +133,21 @@ let pathMatch = false;
 
+function matchExactWithStars(vuln, path) {
+  const parts = path.split(' > ');
+  if (parts[parts.length - 1] === '*') {
+    const paddingLength = vuln.from.length - parts.length;
+    for (let i = 0; i < paddingLength; i++) {
+      parts.push('*');
+    }
+  }
+  if (parts.length !== vuln.from.length) {
+    return false;
+  }
+  for (let i = 0; i < parts.length; i++) {
+    if (parts[i] !== vuln.from[i] && parts[i] !== '*') {
+      return false;
+    }
+  }
+  return true;
+}
+
 function getByVuln(policy, vuln) {
@@ -131,0 +154,0 @@ let found = null;

package.json

@@ -46,3 +46,3 @@ {
   },
-  "version": "1.21.5"
+  "version": "1.22.0"
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

43214

increased by1.91%

Lines of code

984

increased by3.36%

No dependency changes