Skip to content

Commit f0f8aee

Browse files
dominikvagnerdominikvagner
committed
fix: make the deny check respect pkg namespaces
This adds a namespace condition into the deny check. This will fix an issue where the check would deny different packages than those actually provided. Also adds a test for this and fixes one test present by providing package URLs.
1 parent 125b995 commit f0f8aee

File tree

2 files changed

+19
-2
lines changed

2 files changed

+19
-2
lines changed

__tests__/deny.test.ts

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -135,29 +135,44 @@ test('allows packages not defined in the deny packages and groups list', async (
135135
expect(deniedChanges.length).toEqual(0)
136136
})
137137

138+
test('allows packages with the same name, but different namespaces', async () => {
139+
const changes: Changes = [npmChange]
140+
const deniedPackages = createTestPURLs([
141+
'pkg:npm/lodasher/lodash',
142+
'pkg:npm/malicious/[email protected]'
143+
])
144+
const deniedChanges = await getDeniedChanges(changes, deniedPackages, [])
145+
146+
expect(deniedChanges.length).toEqual(0)
147+
})
148+
138149
test('deny packages does not prevent removal of denied packages', async () => {
139150
const changes: Changes = [
140151
createTestChange({
141152
change_type: 'added',
142153
name: 'deny-by-name-and-version',
154+
package_url: 'pkg:npm/org.test.deny.by/[email protected]',
143155
version: '1.0.0',
144156
ecosystem: 'npm'
145157
}),
146158
createTestChange({
147159
change_type: 'removed',
148160
name: 'pass-by-name-and-version',
161+
package_url: 'pkg:npm/org.test.pass.by/[email protected]',
149162
version: '1.0.0',
150163
ecosystem: 'npm'
151164
}),
152165
createTestChange({
153166
change_type: 'added',
154167
name: 'deny-by-name',
168+
package_url: 'pkg:npm/org.test.deny.by/deny-by-name',
155169
version: '1.0.0',
156170
ecosystem: 'npm'
157171
}),
158172
createTestChange({
159173
change_type: 'removed',
160174
name: 'pass-by-name',
175+
package_url: 'pkg:npm/org.test.pass.by/pass-by-name',
161176
version: '1.0.0',
162177
ecosystem: 'npm'
163178
}),

src/deny.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,17 +14,19 @@ export async function getDeniedChanges(
1414
continue
1515
}
1616

17+
const namespace = getNamespace(change)
18+
1719
for (const denied of deniedPackages) {
1820
if (
1921
(!denied.version || change.version === denied.version) &&
20-
change.name === denied.name
22+
change.name === denied.name &&
23+
namespace === denied.namespace
2124
) {
2225
changesDenied.push(change)
2326
}
2427
}
2528

2629
for (const denied of deniedGroups) {
27-
const namespace = getNamespace(change)
2830
if (!denied.namespace) {
2931
core.error(
3032
`Denied group represented by '${denied.original}' does not have a namespace. The format should be 'pkg:<type>/<namespace>/'.`

0 commit comments

Comments
 (0)