Merge pull request #900 from snyk/fix/fail-on-remediation-advice-only

fix: use remediation to calculate fail-on arg
snyk · Dec 10, 2019 · 0e8bfb1 · 0e8bfb1
2 parents 593dbbe + cf71309
commit 0e8bfb1
Show file tree

Hide file tree

Showing 4 changed files with 4,601 additions and 308 deletions.
diff --git a/src/cli/commands/test/index.ts b/src/cli/commands/test/index.ts
@@ -269,46 +269,34 @@ function shouldFail(vulnerableResults: any[], failOn: FailOn) {
   return vulnerableResults.length > 0;
 }
 
-function hasFix(vuln: any) {
-  const { isUpgradable, isPinnable, isPatchable } = vuln;
-  return isUpgradable || isPinnable || isPatchable;
-}
-
-function hasUpgrade(vuln: any) {
-  const { isUpgradable, isPinnable } = vuln;
-  return isUpgradable || isPinnable;
-}
-
-function hasPatch(vuln: any) {
-  const { isPatchable } = vuln;
-  return isPatchable;
-}
-
-function isTestResultFixable(testResult: any): boolean {
-  const { vulnerabilities } = testResult;
-  return vulnerabilities.some(hasFix);
+function isFixable(testResult: any): boolean {
+  return isUpgradable(testResult) || isPatchable(testResult);
 }
 
 function hasFixes(testResults: any[]): boolean {
-  return testResults.some(isTestResultFixable);
+  return testResults.some(isFixable);
 }
 
-function isTestResultUpgradable(testResult: any): boolean {
-  const { vulnerabilities } = testResult;
-  return vulnerabilities.some(hasUpgrade);
+function isUpgradable(testResult: any): boolean {
+  const {
+    remediation: { upgrade = {}, pin = {} },
+  } = testResult;
+  return Object.keys(upgrade).length > 0 || Object.keys(pin).length > 0;
 }
 
 function hasUpgrades(testResults: any[]): boolean {
-  return testResults.some(isTestResultUpgradable);
+  return testResults.some(isUpgradable);
 }
 
-function isTestResultPatchable(testResult: any): boolean {
-  const { vulnerabilities } = testResult;
-  return vulnerabilities.some(hasPatch);
+function isPatchable(testResult: any): boolean {
+  const {
+    remediation: { patch = {} },
+  } = testResult;
+  return Object.keys(patch).length > 0;
 }
 
 function hasPatches(testResults: any[]): boolean {
-  return testResults.some(isTestResultPatchable);
+  return testResults.some(isPatchable);
 }
 
 function summariseVulnerableResults(vulnerableResults, options: TestOptions) {

diff --git a/test/acceptance/cli-fail-on.test.ts b/test/acceptance/cli-fail-on.test.ts
@@ -40,14 +40,6 @@ const patchableResult = getWorkspaceJSON(
   'patchable',
   'vulns-result.json',
 );
-const pinnableVulnsResult = getWorkspaceJSON(
-  'fail-on',
-  'pinnable',
-  'vulns-result.json',
-);
-
-// snyk test stub responses
-const pinnableVulns = getWorkspaceJSON('fail-on', 'pinnable', 'vulns.json');
 
 // @later: remove this config stuff.
 // Was copied straight from ../src/cli-server.js