From c4693c00acefa5c1fa07b40b725ee01af3fb4f06 Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Wed, 21 Sep 2022 16:30:05 +0200 Subject: [PATCH] Raise errors for invalid values in the external config. --- __tests__/config.test.ts | 5 +++++ .../fixtures/invalid-severity-config.yml | 3 +++ src/config.ts | 22 +++++++++++-------- src/schemas.ts | 5 +++-- 4 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 __tests__/fixtures/invalid-severity-config.yml diff --git a/__tests__/config.test.ts b/__tests__/config.test.ts index d7c9545..368cba3 100644 --- a/__tests__/config.test.ts +++ b/__tests__/config.test.ts @@ -133,3 +133,8 @@ test('it accepts an external configuration filename', async () => { const options = readConfig() expect(options.fail_on_severity).toEqual('critical') }) + +test('it raises an error when given an unknown severity in an external config file', async () => { + setInput('config-file', './__tests__/fixtures/invalid-severity-config.yml') + expect(() => readConfig()).toThrow() +}) diff --git a/__tests__/fixtures/invalid-severity-config.yml b/__tests__/fixtures/invalid-severity-config.yml new file mode 100644 index 0000000..9e4b6b6 --- /dev/null +++ b/__tests__/fixtures/invalid-severity-config.yml @@ -0,0 +1,3 @@ +fail-on-severity: 'so many zombies' +deny-licenses: + - MIT diff --git a/src/config.ts b/src/config.ts index 70b0db0..505504e 100644 --- a/src/config.ts +++ b/src/config.ts @@ -3,7 +3,11 @@ import path from 'path' import YAML from 'yaml' import * as core from '@actions/core' import * as z from 'zod' -import {ConfigurationOptions, SEVERITIES} from './schemas' +import { + ConfigurationOptions, + ConfigurationOptionsSchema, + SeveritySchema +} from './schemas' function getOptionalInput(name: string): string | undefined { const value = core.getInput(name) @@ -22,10 +26,9 @@ export function readConfig(): ConfigurationOptions { } export function readInlineConfig(): ConfigurationOptions { - const fail_on_severity = z - .enum(SEVERITIES) - .default('low') - .parse(getOptionalInput('fail-on-severity')) + const fail_on_severity = SeveritySchema.parse( + getOptionalInput('fail-on-severity') + ) const allow_licenses = getOptionalInput('allow-licenses') const deny_licenses = getOptionalInput('deny-licenses') @@ -53,14 +56,15 @@ export function readConfigFile(filePath: string): ConfigurationOptions { } catch (error: unknown) { throw error } - const values = YAML.parse(data) + data = YAML.parse(data) // get rid of the ugly dashes from the actions conventions - for (const key of Object.keys(values)) { + for (const key of Object.keys(data)) { if (key.includes('-')) { - values[key.replace(/-/g, '_')] = values[key] - delete values[key] + data[key.replace(/-/g, '_')] = data[key] + delete data[key] } } + const values = ConfigurationOptionsSchema.parse(data) return values } diff --git a/src/schemas.ts b/src/schemas.ts index 1300cd5..0854735 100644 --- a/src/schemas.ts +++ b/src/schemas.ts @@ -1,6 +1,7 @@ import * as z from 'zod' export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const +export const SeveritySchema = z.enum(SEVERITIES).default('low') export const ChangeSchema = z.object({ change_type: z.enum(['added', 'removed']), @@ -14,7 +15,7 @@ export const ChangeSchema = z.object({ vulnerabilities: z .array( z.object({ - severity: z.enum(['critical', 'high', 'moderate', 'low']), + severity: SeveritySchema, advisory_ghsa_id: z.string(), advisory_summary: z.string(), advisory_url: z.string() @@ -32,7 +33,7 @@ export const PullRequestSchema = z.object({ export const ConfigurationOptionsSchema = z .object({ - fail_on_severity: z.enum(SEVERITIES).default('low'), + fail_on_severity: SeveritySchema, allow_licenses: z.array(z.string()).default([]), deny_licenses: z.array(z.string()).default([]), config_file: z.string().optional().default('false'),