nna/npm-audit-action
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: add the ability to run with '--json' and output the result (#78)

Browse Source 
* addition-of-json-flag

* Set output of npn audit
This commit is contained in:
sgkiokas
2020-12-12 13:56:05 +02:00
committed by GitHub
parent 3868af0215
commit c4cd169835
8 changed files with 133 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
__tests__/audit.test.ts
View File

@@ -30,7 +30,7 @@ describe('run', () => {
}
})
audit.run('low', 'false')
audit.run('low', 'false', 'false')
expect(audit.foundVulnerability()).toBeTruthy()
})
@@ -51,7 +51,28 @@ describe('run', () => {
}
})
audit.run('low', 'true')
audit.run('low', 'true', 'false')
expect(audit.foundVulnerability()).toBeTruthy()
})
test('finds vulnerabilities with json flag enabled', () => {
mocked(child_process).spawnSync.mockImplementation((): any => {
const stdout = fs.readFileSync(
path.join(__dirname, 'testdata/audit/error.json')
)
return {
pid: 100,
output: [stdout],
stdout,
stderr: '',
status: 1,
signal: null,
error: null
}
})
audit.run('low', 'false', 'true')
expect(audit.foundVulnerability()).toBeTruthy()
})
@@ -72,7 +93,7 @@ describe('run', () => {
}
})
audit.run('low', 'false')
audit.run('low', 'false', 'false')
expect(audit.foundVulnerability()).toBeFalsy()
})
@@ -91,7 +112,7 @@ describe('run', () => {
expect.assertions(1)
const e = new Error('Something is wrong')
expect(() => audit.run('low', 'false')).toThrowError(e)
expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
})
test('throws an error if status is null', () => {
@@ -109,7 +130,7 @@ describe('run', () => {
expect.assertions(1)
const e = new Error('the subprocess terminated due to a signal.')
expect(() => audit.run('low', 'false')).toThrowError(e)
expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
})
test('throws an error if stderr is null', () => {
@@ -127,6 +148,6 @@ describe('run', () => {
expect.assertions(1)
const e = new Error('Something is wrong')
expect(() => audit.run('low', 'false')).toThrowError(e)
expect(() => audit.run('low', 'false', 'false')).toThrowError(e)
})
})

1
__tests__/main.test.ts
View File

@@ -16,6 +16,7 @@ describe('run', () => {
process.env.INPUT_AUDIT_LEVEL = 'low'
process.env.INPUT_PRODUCTION_FLAG = 'false'
process.env.INPUT_JSON_FLAG = 'false'
process.env.INPUT_GITHUB_CONTEXT =
'{ "event_name": "pull_request", "event": { "number": 100} }'
process.env.INPUT_GITHUB_TOKEN = '***'

73
__tests__/testdata/audit/error.json vendored Normal file
View File

@@ -0,0 +1,73 @@
{
"actions": [
{
"isMajor": false,
"action": "install",
"resolves": [
{
"id": 532,
"path": "moment",
"dev": false,
"optional": false,
"bundled": false
}
],
"module": "moment",
"target": "2.29.1"
}
],
"advisories": {
"532": {
"findings": [
{
"version": "2.19.2",
"paths": [
"moment"
]
}
],
"id": 532,
"created": "2017-09-21T20:40:00.889Z",
"updated": "2019-06-24T15:10:05.868Z",
"deleted": null,
"title": "Regular Expression Denial of Service",
"found_by": {
"name": "Cristian-Alexandru Staicu"
},
"reported_by": {
"name": "Cristian-Alexandru Staicu"
},
"module_name": "moment",
"cves": [],
"vulnerable_versions": "<2.19.3",
"patched_versions": ">=2.19.3",
"overview": "Affected versions of `moment` are vulnerable to a low severity regular expression denial of service when parsing dates as strings.",
"recommendation": "Update to version 2.19.3 or later.",
"references": "- [Issue #4163](https://github.com/moment/moment/issues/4163)\n- [PR #4326](https://github.com/moment/moment/pull/4326)",
"access": "public",
"severity": "low",
"cwe": "CWE-400",
"metadata": {
"module_type": "",
"exploitability": 5,
"affected_components": ""
},
"url": "https://npmjs.com/advisories/532"
}
},
"muted": [],
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 7,
"moderate": 1,
"high": 5,
"critical": 0
},
"dependencies": 659,
"devDependencies": 0,
"optionalDependencies": 0,
"totalDependencies": 659
},
"runId": "88c86b12-b4a4-4827-9d3c-d58ae74384c5"
}