-
Notifications
You must be signed in to change notification settings - Fork 3.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Handle errors from audit endpoint appropriately
If we're running the 'audit' command, then a failed endpoint means that the command failed. Error out in that case. Otherwise, if it's a quick audit as part of another command, just return a value to indicate that we should not print audit info. This avoids showing '0 vulnerabilities found', which, while amusingly technically correct, is misleading and not very helpful. Fix: #1951 Credit: @isaacs Close: #1956 Reviewed-by: @darcyclarke
- Loading branch information
Showing
6 changed files
with
260 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
// print an error or just nothing if the audit report has an error | ||
// this is called by the audit command, and by the reify-output util | ||
// prints a JSON version of the error if it's --json | ||
// returns 'true' if there was an error, false otherwise | ||
|
||
const output = require('./output.js') | ||
const npm = require('../npm.js') | ||
const auditError = (report) => { | ||
if (!report || !report.error) { | ||
return false | ||
} | ||
|
||
if (npm.command !== 'audit') { | ||
return true | ||
} | ||
|
||
const { error } = report | ||
|
||
// ok, we care about it, then | ||
npm.log.warn('audit', error.message) | ||
const { body: errBody } = error | ||
const body = Buffer.isBuffer(errBody) ? errBody.toString() : errBody | ||
if (npm.flatOptions.json) { | ||
output(JSON.stringify({ | ||
message: error.message, | ||
method: error.method, | ||
uri: error.uri, | ||
headers: error.headers, | ||
statusCode: error.statusCode, | ||
body | ||
}, null, 2)) | ||
} else { | ||
output(body) | ||
} | ||
|
||
throw 'audit endpoint returned an error' | ||
} | ||
|
||
module.exports = auditError |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,110 @@ | ||
const t = require('tap') | ||
const requireInject = require('require-inject') | ||
|
||
const LOGS = [] | ||
const npm = { | ||
command: null, | ||
flatOptions: {}, | ||
log: { | ||
warn: (...msg) => LOGS.push(msg) | ||
} | ||
} | ||
const OUTPUT = [] | ||
const output = (...msg) => OUTPUT.push(msg) | ||
const auditError = requireInject('../../../lib/utils/audit-error.js', { | ||
'../../../lib/npm.js': npm, | ||
'../../../lib/utils/output.js': output | ||
}) | ||
|
||
t.afterEach(cb => { | ||
npm.flatOptions = {} | ||
OUTPUT.length = 0 | ||
LOGS.length = 0 | ||
cb() | ||
}) | ||
|
||
t.test('no error, not audit command', t => { | ||
npm.command = 'install' | ||
t.equal(auditError({}), false, 'no error') | ||
t.strictSame(OUTPUT, [], 'no output') | ||
t.strictSame(LOGS, [], 'no warnings') | ||
t.end() | ||
}) | ||
|
||
t.test('error, not audit command', t => { | ||
npm.command = 'install' | ||
t.equal(auditError({ | ||
error: { | ||
message: 'message', | ||
body: Buffer.from('body'), | ||
method: 'POST', | ||
uri: 'https://example.com/not/a/registry', | ||
headers: { | ||
head: ['ers'] | ||
}, | ||
statusCode: '420' | ||
} | ||
}), true, 'had error') | ||
t.strictSame(OUTPUT, [], 'no output') | ||
t.strictSame(LOGS, [], 'no warnings') | ||
t.end() | ||
}) | ||
|
||
t.test('error, audit command, not json', t => { | ||
npm.command = 'audit' | ||
npm.flatOptions.json = false | ||
t.throws(() => auditError({ | ||
error: { | ||
message: 'message', | ||
body: Buffer.from('body'), | ||
method: 'POST', | ||
uri: 'https://example.com/not/a/registry', | ||
headers: { | ||
head: ['ers'] | ||
}, | ||
statusCode: '420' | ||
} | ||
})) | ||
|
||
t.strictSame(OUTPUT, [ [ 'body' ] ], 'some output') | ||
t.strictSame(LOGS, [ [ 'audit', 'message' ] ], 'some warnings') | ||
t.end() | ||
}) | ||
|
||
t.test('error, audit command, json', t => { | ||
npm.command = 'audit' | ||
npm.flatOptions.json = true | ||
t.throws(() => auditError({ | ||
error: { | ||
message: 'message', | ||
body: { response: 'body' }, | ||
method: 'POST', | ||
uri: 'https://example.com/not/a/registry', | ||
headers: { | ||
head: ['ers'] | ||
}, | ||
statusCode: '420' | ||
} | ||
})) | ||
|
||
t.strictSame(OUTPUT, [ | ||
[ | ||
'{\n' + | ||
' "message": "message",\n' + | ||
' "method": "POST",\n' + | ||
' "uri": "https://example.com/not/a/registry",\n' + | ||
' "headers": {\n' + | ||
' "head": [\n' + | ||
' "ers"\n' + | ||
' ]\n' + | ||
' },\n' + | ||
' "statusCode": "420",\n' + | ||
' "body": {\n' + | ||
' "response": "body"\n' + | ||
' }\n' + | ||
'}' | ||
] | ||
], 'some output') | ||
t.strictSame(LOGS, [ [ 'audit', 'message' ] ], 'some warnings') | ||
t.end() | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters