snyk-policy
Advanced tools
Comparing version 2.0.7 to 2.0.8
@@ -12,7 +12,8 @@ "use strict"; | ||
function addExclude(policy, pattern, group = 'global', options = {}) { | ||
var _a, _b; | ||
if (!isPatternGroupValid(group)) { | ||
throw new Error('invalid file pattern-group'); | ||
} | ||
policy.exclude = policy.exclude ?? {}; | ||
let patterns = policy.exclude[group] ?? []; | ||
policy.exclude = (_a = policy.exclude) !== null && _a !== void 0 ? _a : {}; | ||
let patterns = (_b = policy.exclude[group]) !== null && _b !== void 0 ? _b : []; | ||
// Remove duplicates | ||
@@ -19,0 +20,0 @@ patterns = patterns.filter((p) => typeof p === 'string' ? p !== pattern : !p[pattern]); |
@@ -45,2 +45,3 @@ "use strict"; | ||
function getVulnSource(vuln, cwd, live) { | ||
var _a; | ||
const from = vuln.from.slice(1).map((pkg) => (0, snyk_module_1.parsePackageString)(pkg).name); | ||
@@ -59,3 +60,3 @@ const viaPath = path.resolve(cwd || process.cwd(), 'node_modules', from.join('/node_modules/')); | ||
try { | ||
source = snyk_resolve_1.default.sync(from.slice(-1)?.pop(), viaPath); | ||
source = snyk_resolve_1.default.sync((_a = from.slice(-1)) === null || _a === void 0 ? void 0 : _a.pop(), viaPath); | ||
} | ||
@@ -62,0 +63,0 @@ catch (e) { |
@@ -24,4 +24,6 @@ "use strict"; | ||
} | ||
// converts vulns to filtered vulns | ||
const filteredVulns = vulns; | ||
if (vulns.ok) { | ||
return vulns; | ||
return filteredVulns; | ||
} | ||
@@ -32,4 +34,2 @@ const filtered = { | ||
}; | ||
// converts vulns to filtered vulns | ||
const filteredVulns = vulns; | ||
// strip the ignored modules from the results | ||
@@ -61,3 +61,3 @@ filteredVulns.vulnerabilities = (0, ignore_1.default)(policy.ignore, filteredVulns.vulnerabilities, filtered.ignore, matchStrategy); | ||
filteredVulns.vulnerabilities.some((vuln) => { | ||
if (levels[vuln.severity] >= level) { | ||
if (vuln.severity && levels[vuln.severity] >= level) { | ||
filteredVulns.ok = false; | ||
@@ -64,0 +64,0 @@ return true; // breaks |
@@ -32,2 +32,3 @@ "use strict"; | ||
notes[vuln.id].forEach((rule) => { | ||
var _a, _b, _c; | ||
const path = Object.keys(rule)[0]; // this is a string | ||
@@ -46,3 +47,3 @@ let expires = rule[path].expires; | ||
rule[path].disregardIfFixable && | ||
(vuln.upgradePath.length || vuln.patches.length)) { | ||
(((_a = vuln.upgradePath) === null || _a === void 0 ? void 0 : _a.length) || ((_b = vuln.patches) === null || _b === void 0 ? void 0 : _b.length))) { | ||
debug('%s vuln is fixable and rule is set to disregard if fixable', vuln.id); | ||
@@ -53,3 +54,3 @@ return false; | ||
// strip any control characters in the 3rd party reason file | ||
const reason = rule[path].reason?.replace('/[\x00-\x1F\x7F-\x9F]/u', ''); | ||
const reason = (_c = rule[path].reason) === null || _c === void 0 ? void 0 : _c.replace('/[\x00-\x1F\x7F-\x9F]/u', ''); | ||
if (debug.enabled) { | ||
@@ -56,0 +57,0 @@ debug('adding note based on path match: %s ~= %s', path, vuln.from.slice(1).join(' > ')); |
@@ -157,3 +157,3 @@ "use strict"; | ||
.catch((error) => { | ||
if (options?.loose && error.code === 'ENOENT') { | ||
if ((options === null || options === void 0 ? void 0 : options.loose) && error.code === 'ENOENT') { | ||
debug('ENOENT on file, but running loose'); | ||
@@ -168,3 +168,3 @@ return [parse.import(), {}]; | ||
policy.__created = res[1].birthtime || res[1].ctime; | ||
if (options?.loose && !policy.__modified) { | ||
if ((options === null || options === void 0 ? void 0 : options.loose) && !policy.__modified) { | ||
policy.__filename = null; | ||
@@ -171,0 +171,0 @@ } |
@@ -64,10 +64,11 @@ "use strict"; | ||
function validate(ruleSet) { | ||
var _a; | ||
// replace nulls with empty arrays and empty rules with empty objects | ||
for (const [id, pathObjs] of Object.entries(ruleSet)) { | ||
// default ruleset entries to [] | ||
ruleSet[id] = pathObjs ?? []; | ||
ruleSet[id] = pathObjs !== null && pathObjs !== void 0 ? pathObjs : []; | ||
for (const pathObj of ruleSet[id]) { | ||
for (const path in pathObj) { | ||
// default empty rules to {} | ||
pathObj[path] = pathObj[path] ?? {}; | ||
pathObj[path] = (_a = pathObj[path]) !== null && _a !== void 0 ? _a : {}; | ||
} | ||
@@ -74,0 +75,0 @@ } |
@@ -5,3 +5,2 @@ "use strict"; | ||
class PolicyError extends Error { | ||
code; | ||
constructor(message, code) { | ||
@@ -8,0 +7,0 @@ super(message); |
{ | ||
"name": "snyk-policy", | ||
"version": "2.0.7", | ||
"version": "2.0.8", | ||
"description": "Snyk's policy parser and matching logic", | ||
@@ -5,0 +5,0 @@ "files": [ |
{ | ||
"name": "snyk-policy", | ||
"version": "2.0.7", | ||
"version": "2.0.8", | ||
"description": "Snyk's policy parser and matching logic", | ||
@@ -5,0 +5,0 @@ "files": [ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
67600
1349