From 0e665bf3acb92879d1dc95bb6a58739d8ce59aba Mon Sep 17 00:00:00 2001 From: Federico Builes Date: Wed, 27 Mar 2024 15:04:38 +0100 Subject: [PATCH] Adding a failing test. Co-authored-by: Brandon Teng --- __tests__/deny.test.ts | 11 +++++++++++ src/deny.ts | 10 +++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/__tests__/deny.test.ts b/__tests__/deny.test.ts index dc5e5ee..d402971 100644 --- a/__tests__/deny.test.ts +++ b/__tests__/deny.test.ts @@ -164,3 +164,14 @@ test('it adds packages outside of the deny lists', async () => { expect(deniedChanges.length).toEqual(0) }) + +test('it adds packages with versions', async () => { + const changes: Changes = [npmChange] + const deniedChanges = await getDeniedChanges( + changes, + ['pkg:npm/reeuhq@1.0.4'], + ['pkg:maven:org.apache.logging.log4j'] + ) + + expect(deniedChanges.length).toEqual(0) +}) diff --git a/src/deny.ts b/src/deny.ts index 1a73441..2fd66e4 100644 --- a/src/deny.ts +++ b/src/deny.ts @@ -11,11 +11,15 @@ export async function getDeniedChanges( let failed = false for (const change of changes) { change.name = change.name.toLowerCase() - const packageUrl = change.package_url.toLowerCase().split('@')[0] + const [name, version] = change.package_url.toLowerCase().split('@') if (deniedPackages) { for (const denied of deniedPackages) { - if (packageUrl === denied.split('@')[0].toLowerCase()) { + const [dpName, dpVersion] = denied.toLowerCase().split('@') + if (name === dpName && version !== dpVersion) { + continue + } + if (name === dpName && version === dpVersion) { changesDenied.push(change) failed = true } @@ -24,7 +28,7 @@ export async function getDeniedChanges( if (deniedGroups) { for (const denied of deniedGroups) { - if (packageUrl.startsWith(denied.toLowerCase())) { + if (name.startsWith(denied.toLowerCase())) { changesDenied.push(change) failed = true }