fix(protect): handle carriage returns when parsing .snyk file

snyk · May 19, 2021 · 63e4818 · 63e4818
1 parent 33d7560
commit 63e4818
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/packages/snyk-protect/src/lib/snyk-file.ts b/packages/snyk-protect/src/lib/snyk-file.ts
@@ -10,7 +10,7 @@ export function extractPatchMetadata(
   const patches = dotSnykFileContent
     .split('\n')
     .filter((l) => l.length && !l.trimStart().startsWith('#'))
-    .map((line) => lineRegex.exec(line))
+    .map((line) => lineRegex.exec(line.trimEnd()))
     .filter(Boolean)
     .reduce((acc, thing) => {
       const [, prefix, key, value] = thing as RegExpExecArray;

diff --git a/packages/snyk-protect/test/unit/snyk-file.spec.ts b/packages/snyk-protect/test/unit/snyk-file.spec.ts
@@ -27,6 +27,34 @@ patch:
     expect(packageNames).toEqual(['lodash']);
   });
 
+  it('handles carriage returns in line endings', () => {
+    const dotSnykFileContents = `
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.19.0
+ignore: {}
+# patches apply the minimum changes required to fix a vulnerability
+patch:
+  SNYK-JS-LODASH-567746:
+    - lodash:
+        patched: '2021-02-17T13:43:51.857Z'
+`
+      .split('\n')
+      .join('\r\n');
+    const snykFilePatchMetadata = extractPatchMetadata(dotSnykFileContents);
+    const vulnIds = Object.keys(snykFilePatchMetadata);
+
+    // can't use .flat() because it's not supported in Node 10
+    const packageNames: string[] = [];
+    for (const nextArrayOfPackageNames of Object.values(
+      snykFilePatchMetadata,
+    )) {
+      packageNames.push(...nextArrayOfPackageNames);
+    }
+
+    expect(vulnIds).toEqual(['SNYK-JS-LODASH-567746']);
+    expect(packageNames).toEqual(['lodash']);
+  });
+
   it('extracts a transitive dependency', () => {
     const dotSnykFileContents = `
 # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.