fix: skip on missing patches that were required by policy (#117)

snyk · Jul 25, 2016 · f89d194 · f89d194
1 parent 859ccee
commit f89d194
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/lib/protect/patch.js b/lib/protect/patch.js
@@ -57,6 +57,14 @@ function patch(vulns, live, cwd) {
     // then apply each individual patch - but do it one at a time (via reduce)
     var promises = deduped.packages.reduce(function (acc, vuln) {
       return acc.then(function (res) {
+
+        // TODO fix me!
+        // Hack to skip patches that were required by policy, but cannot
+        // be applied due to missing patch for the specific vuln pkg ver
+        if (res === false) {
+          res = [];
+        }
+
         var patches = vuln.patches; // this is also deduped in `dedupe`
 
         if (patches === null) {

diff --git a/test/policy-trust-deep.test.js b/test/policy-trust-deep.test.js
@@ -7,15 +7,15 @@ test('`snyk test` sees suggested ignore policies', function (t) {
   return cli.test(dir).catch(function (res) {
     var vulns = res.message.toLowerCase();
     t.notEqual(vulns.indexOf('suggests ignoring this issue, with reason: test trust policies'), -1, 'found suggestion to ignore');
-    t.equal(count('vulnerability found', vulns), 5, 'all 4 vulns found');
+    t.equal(count('vulnerability found', vulns), 6, 'all 6 vulns found');
   });
 });
 
 test('`snyk test` ignores when applying `--trust-policies`', function (t) {
   return cli.test(dir, { 'trust-policies': true }).catch(function (res) {
     var vulns = res.message.trim();
     // note: it's 2 vulns + the summary line
-    t.equal(count('vulnerability found', vulns), 3, 'only 3 vulns left');
+    t.equal(count('vulnerability found', vulns), 4, 'only 4 vulns left');
   });
 });