Skip to content

Commit

Permalink
feat(audit): add filtering by severity level (#6716)
Browse files Browse the repository at this point in the history
**Summary**

Adds a `--level` flag to the `audit` command allowing to filter the audit output by severity greater than or equal to the provided value which can be (info, low, moderate, high or critical).

fixes #6668
rogeriopvl authored and rally25rs committed Mar 17, 2019
1 parent 6dbedcc commit 298e0ea
Showing 3 changed files with 38 additions and 2 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -4,6 +4,10 @@ Please add one entry in this file for each change in Yarn's behavior. Use the sa

## Master

- Implements `yarn audit --level [severity]` flag to filter the audit command's output.

[#6716](https://github.com/yarnpkg/yarn/pull/6716) - [**Rogério Vicente**](https://twitter.com/rogeriopvl)

- Implements `yarn audit --groups group_name [group_name ...]`.

[#6724](https://github.com/yarnpkg/yarn/pull/6724) - [**Tom Milligan**](https://github.com/tommilligan)
14 changes: 14 additions & 0 deletions __tests__/commands/audit.js
Original file line number Diff line number Diff line change
@@ -214,6 +214,20 @@ test('audit groups only devDependencies omits dependencies from requires', () =>
});
});

test('calls reporter auditAdvisory when using --level high flag', () => {
return runAudit([], {level: 'high'}, 'single-vulnerable-dep-installed', (config, reporter) => {
const apiResponse = getAuditResponse(config);
expect(reporter.auditAdvisory).toBeCalledWith(apiResponse.actions[0].resolves[0], apiResponse.advisories['118']);
});
});

test(`doesn't call reporter auditAdvisory when using --level critical flag`, () => {
return runAudit([], {level: 'critical'}, 'single-vulnerable-dep-installed', (config, reporter) => {
getAuditResponse(config);
expect(reporter.auditAdvisory).not.toHaveBeenCalled();
});
});

test('calls reporter auditAdvisory with correct data', () => {
return runAudit([], {}, 'single-vulnerable-dep-installed', (config, reporter) => {
const apiResponse = getAuditResponse(config);
22 changes: 20 additions & 2 deletions src/cli/commands/audit.js
Original file line number Diff line number Diff line change
@@ -18,6 +18,7 @@ const gzip = promisify(zlib.gzip);

export type AuditOptions = {
groups: Array<string>,
level?: string,
};

export type AuditNode = {
@@ -127,14 +128,24 @@ export function setFlags(commander: Object) {
groups => groups.split(' '),
OWNED_DEPENDENCY_TYPES,
);
commander.option(
'--level <severity>',
`Only print advisories with severity greater than or equal to one of the following: \
info|low|moderate|high|critical. Default: info`,
'info',
);
}

export function hasWrapper(commander: Object, args: Array<string>): boolean {
return true;
}

export async function run(config: Config, reporter: Reporter, flags: Object, args: Array<string>): Promise<number> {
const audit = new Audit(config, reporter, {groups: flags.groups || OWNED_DEPENDENCY_TYPES});
const DEFAULT_LOG_LEVEL = 'info';
const audit = new Audit(config, reporter, {
groups: flags.groups || OWNED_DEPENDENCY_TYPES,
level: flags.level || DEFAULT_LOG_LEVEL,
});
const lockfile = await Lockfile.fromDirectory(config.lockfileFolder, reporter);
const install = new Install({}, config, reporter, lockfile);
const {manifest, requests, patterns, workspaceLayout} = await install.fetchRequestFromCwd();
@@ -167,6 +178,8 @@ export async function run(config: Config, reporter: Reporter, flags: Object, arg
}

export default class Audit {
severityLevels = ['info', 'low', 'moderate', 'high', 'critical'];

constructor(config: Config, reporter: Reporter, options: AuditOptions) {
this.config = config;
this.reporter = reporter;
@@ -292,9 +305,14 @@ export default class Audit {
return;
}

const startLoggingAt: number = Math.max(0, this.severityLevels.indexOf(this.options.level));

const reportAdvisory = (resolution: AuditResolution) => {
const advisory = this.auditData.advisories[resolution.id.toString()];
this.reporter.auditAdvisory(resolution, advisory);

if (this.severityLevels.indexOf(advisory.severity) >= startLoggingAt) {
this.reporter.auditAdvisory(resolution, advisory);
}
};

if (Object.keys(this.auditData.advisories).length !== 0) {

0 comments on commit 298e0ea

Please sign in to comment.