feat: validate ignoredBy.email

snyk · Oct 24, 2017 · 84a22f2 · 84a22f2
1 parent 6f06ccd
commit 84a22f2
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 6 deletions.
diff --git a/lib/add.js b/lib/add.js
@@ -1,6 +1,7 @@
 module.exports = add;
 
 var debug = require('debug')('snyk:policy');
+var emailValidator = require('email-validator');
 
 var validReasonTypes = ['not-vulnerable', 'wont-fix', 'temporary-ignore'];
 
@@ -25,6 +26,16 @@ function add(policy, type, options) {
       throw new Error('invalid reasonType ' + options[curr]);
     }
 
+    if (curr === 'ignoredBy') {
+      if (typeof options[curr] !== 'object') {
+        throw new Error('ignoredBy must be an object');
+      }
+
+      if (!emailValidator.validate(options[curr].email)) {
+        throw new Error('ignoredBy.email must be a valid email address');
+      }
+    }
+
     acc[curr] = options[curr];
     return acc;
   }, {});

diff --git a/lib/parser/demunge.js b/lib/parser/demunge.js
@@ -16,9 +16,7 @@ function demunge(policy, apiRoot) {
           res.reason = pathObj[path].reason;
           res.expires =
             pathObj[path].expires && new Date(pathObj[path].expires);
-          if (pathObj[path].disregardIfFixable) {
-            res.disregardIfFixable = pathObj[path].disregardIfFixable;
-          }
+          res.disregardIfFixable = pathObj[path].disregardIfFixable;
         }
 
         return res;

diff --git a/package.json b/package.json
@@ -26,6 +26,7 @@
   },
   "dependencies": {
     "debug": "^2.2.0",
+    "email-validator": "^1.1.1",
     "es6-promise": "^3.1.2",
     "js-yaml": "^3.5.3",
     "lodash.clonedeep": "^4.3.1",

diff --git a/test/unit/add.test.js b/test/unit/add.test.js
@@ -49,7 +49,6 @@ test('add ignore with valid reasonType', function (t) {
   })
   .then(function (policy) {
     t.ok('error not thrown');
-    t.deepEqual(Object.keys(policy.ignore), ['a'], '`a` is the only root');
     t.deepEqual(policy.ignore.a[0]['a > b'].reasonType, 'wont-fix',
       'metadata saved');
   })
@@ -63,14 +62,57 @@ test('add ignore with invalid reasonType', function (t) {
     return policy.addIgnore({
       id: 'a',
       path: 'a > b',
-      reasonType: 'invalid',
+      reasonType: 'test',
     });
   })
   .then(function () {
     t.fail('error not thrown');
   })
+  .catch(function (err) {
+    t.equal(err.message, 'invalid reasonType test',
+      'error is thrown');
+  });
+});
+
+test('add ignore with valid ignoredBy', function (t) {
+  var ignoredBy = {
+    name: 'Joe Bloggs',
+    email: 'joe@acme.org',
+  };
+  return create().then(function (policy) {
+    return policy.addIgnore({
+      id: 'a',
+      path: 'a > b',
+      ignoredBy: ignoredBy,
+    });
+  })
+  .then(function (policy) {
+    t.ok('error not thrown');
+    t.deepEqual(policy.ignore.a[0]['a > b'].ignoredBy, ignoredBy,
+      'metadata saved');
+  })
   .catch(function () {
-    t.ok('error is thrown');
+    t.fail('error thrown thrown');
   });
 });
 
+test('add ignore with invalid ignoredBy', function (t) {
+  var ignoredBy = {
+    name: 'Joe Bloggs',
+    email: 'joeacme.org',
+  };
+  return create().then(function (policy) {
+    return policy.addIgnore({
+      id: 'a',
+      path: 'a > b',
+      ignoredBy: ignoredBy,
+    });
+  })
+  .then(function () {
+    t.fail('error not thrown');
+  })
+  .catch(function (err) {
+    t.equal(err.message, 'ignoredBy.email must be a valid email address',
+      'error is thrown');
+  });
+});