snyk-policy
Advanced tools
Comparing version 1.2.1 to 1.3.0
@@ -21,11 +21,2 @@ module.exports = filterIgnored; | ||
// this is a cursory test to ensure that we're working with a snyk format | ||
// that we recognise. if the property is an object, then it's the early | ||
// alpha format, and we'll throw | ||
if (!Array.isArray(ignore[vuln.id])) { | ||
var error = new Error('old, unsupported .snyk format detected'); | ||
error.code = 'OLD_DOTFILE_FORMAT'; | ||
throw error; | ||
} | ||
debug('%s has rules', vuln.id); | ||
@@ -62,2 +53,2 @@ | ||
}).filter(Boolean); | ||
} | ||
} |
@@ -9,2 +9,3 @@ var fs = require('then-fs'); | ||
var filter = require('./filter'); | ||
var add = require('./add'); | ||
@@ -19,4 +20,10 @@ module.exports = { | ||
loadFromText: loadFromText, | ||
add: add, | ||
create: create, | ||
}; | ||
function create() { | ||
return loadFromText(''); | ||
} | ||
// this is a function to allow our tests and fixtures to change cwd | ||
@@ -34,2 +41,5 @@ function defaultFilename() { | ||
policy.demunge = parse.demunge.bind(null, policy); | ||
policy.add = add.bind(null, policy); | ||
policy.addIgnore = add.bind(null, policy, 'ignore'); | ||
policy.addPatch = add.bind(null, policy, 'patch'); | ||
return policy; | ||
@@ -36,0 +46,0 @@ } |
@@ -52,2 +52,2 @@ module.exports = { | ||
return yaml.safeDump(data); | ||
} | ||
} |
@@ -12,3 +12,61 @@ // eventually we'll have v2 which will point to latestParser, and v1 will | ||
checkForOldFormat(policy.ignore); // this is only an old issue on ignores | ||
validate(policy.ignore); | ||
validate(policy.patch); | ||
return policy; | ||
}; | ||
}; | ||
module.exports.needsFixing = needsFixing; | ||
function checkForOldFormat(ignore) { | ||
// this is a cursory test to ensure that we're working with a snyk format | ||
// that we recognise. if the property is an object, then it's the early | ||
// alpha format, and we'll throw | ||
Object.keys(ignore).forEach(function (id) { | ||
if (!Array.isArray(ignore[id])) { | ||
var error = new Error('old, unsupported .snyk format detected'); | ||
error.code = 'OLD_DOTFILE_FORMAT'; | ||
throw error; | ||
} | ||
}); | ||
} | ||
function validate(policy) { | ||
var fix = needsFixing(policy); | ||
if (fix) { | ||
fix.forEach(function (item) { | ||
var o = {}; | ||
o[item.key] = item.rule; | ||
policy[item.id].push(o); | ||
}); | ||
} | ||
} | ||
function needsFixing(policy) { | ||
var move = []; | ||
Object.keys(policy).forEach(function (id) { | ||
policy[id].forEach(function (rule) { | ||
var keys = Object.keys(rule); | ||
keys.shift(); // drop the first | ||
if (keys === 0) { | ||
return; | ||
} | ||
// this means our policy has become corrupted, and we need to move | ||
// the additional keys into their own position in the policy | ||
keys.forEach(function (key) { | ||
move.push({ | ||
id: id, | ||
key: key, | ||
rule: rule[key], | ||
}); | ||
delete rule[key]; | ||
}); | ||
}); | ||
}); | ||
return move.length ? move : false; | ||
} |
@@ -22,6 +22,6 @@ { | ||
"proxyquire": "^1.7.4", | ||
"semantic-release": "^4.3.5", | ||
"sinon": "^1.17.3", | ||
"tap": "^5.7.0", | ||
"tap-only": "0.0.5", | ||
"semantic-release": "^4.3.5" | ||
"tap-only": "0.0.5" | ||
}, | ||
@@ -43,3 +43,3 @@ "dependencies": { | ||
}, | ||
"version": "1.2.1" | ||
"version": "1.3.0" | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
1044575
38
683
0