Skip to content

Commit

Permalink
fix: correct --integrity-exclude package name matching logic (#190)
Browse files Browse the repository at this point in the history
Update the matching logic for --integrity-exclude to check the exluded package name against the
package identifier used internally. Update the corresponding test suite with more realistic mocking
data. Add an extra test case to ensure package names aren't matched partially.
  • Loading branch information
ericcornelissen authored Feb 11, 2024
1 parent 9c03af3 commit b374b79
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ describe('Validator: Integrity', () => {

it('validator should fail if not allowed hash type is used for a resource', () => {
const mockedPackages = {
bolt11: {
'bolt11@1.4.1-3e38a8b13f29678e59705efec18f590e50272676': {
integrity: 'sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg='
}
}
Expand All @@ -39,20 +39,20 @@ describe('Validator: Integrity', () => {
errors: [
{
message:
'detected invalid integrity hash type for package: bolt11\n expected: sha512\n actual: sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg=\n',
package: 'bolt11'
'detected invalid integrity hash type for package: bolt11@1.4.1-3e38a8b13f29678e59705efec18f590e50272676\n expected: sha512\n actual: sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg=\n',
package: 'bolt11@1.4.1-3e38a8b13f29678e59705efec18f590e50272676'
}
]
})
})

it('validator should succeed if all resources are from an allowed hash type', () => {
const mockedPackages = {
'@types/node': {
'@types/node@20.11.17-14733ac8d7ad65e47f20fc8c2b20bd58ef37c9f5': {
integrity:
'sha512-CK2fnrQlIgKlCV3N2kM+Gznb5USlwA1KFX3rJVHmgVk6NJxFPuQ86pAcvKnu37IA4BGlSRz7sEE1lHL1aLZ/eQ=='
},
typescript: {
'typescript@5.0.0-d5998c40b92db6ac7b06359242cf43afc8b499f4': {
integrity:
'sha512-goMHfm00nWPa8UvR/CPSvykqf6dVV8x/dp0c5mFTMTIu0u0FlGWRioyy7Nn0PGAdHxpJZnuO/ut+PpQ8UiHAig=='
}
Expand All @@ -67,11 +67,11 @@ describe('Validator: Integrity', () => {

it('validator should not fail even if one of the packages has no `integrity` field', () => {
const mockedPackages = {
typescript: {
'typescript@5.0.0-d5998c40b92db6ac7b06359242cf43afc8b499f4': {
integrity:
'sha512-goMHfm00nWPa8UvR/CPSvykqf6dVV8x/dp0c5mFTMTIu0u0FlGWRioyy7Nn0PGAdHxpJZnuO/ut+PpQ8UiHAig=='
},
meow: {}
'meow@13.0.0-0478ab49a1d0b9808d0ea088db43c980a15dfc4b': {}
}
const validator = new ValidateIntegrity({packages: mockedPackages})

Expand All @@ -83,7 +83,7 @@ describe('Validator: Integrity', () => {

it('validator should not fail if an excluded package has an invalid integrity hash type', () => {
const mockedPackages = {
typescript: {
'typescript@5.0.0-d5998c40b92db6ac7b06359242cf43afc8b499f4': {
integrity: 'sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg='
}
}
Expand All @@ -98,6 +98,29 @@ describe('Validator: Integrity', () => {
})
})

it('validator should not match excluded package by partial name', () => {
const mockedPackages = {
'common-prefix-package@1.0.0-30f09ab54e1d572758bd0673b8b96b5df96ec1fa': {
integrity: 'sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg='
}
}
const options = {
integrityExclude: ['common-prefix']
}

const validator = new ValidateIntegrity({packages: mockedPackages})
expect(validator.validate(options)).toEqual({
type: 'error',
errors: [
{
message:
'detected invalid integrity hash type for package: common-prefix-package@1.0.0-30f09ab54e1d572758bd0673b8b96b5df96ec1fa\n expected: sha512\n actual: sha1-1ZNEUixLxGSmWnMKxpUAf9tm3Yg=\n',
package: 'common-prefix-package@1.0.0-30f09ab54e1d572758bd0673b8b96b5df96ec1fa'
}
]
})
})

it('validator should return true for a single package with a valid URL', () => {
const mockedPackages = {
typescript: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ module.exports = class ValidateIntegrity {
continue
}

if (excludedPackages.includes(packageName)) {
if (excludedPackages.find(name => packageName.startsWith(`${name}@`))) {
continue
}

Expand Down

0 comments on commit b374b79

Please sign in to comment.