diff options
author | isaacs <i@izs.me> | 2020-10-14 02:12:24 +0300 |
---|---|---|
committer | isaacs <i@izs.me> | 2020-10-16 02:10:52 +0300 |
commit | 2ccb63659f9a757201658d5d019099b492d04a5b (patch) | |
tree | 0fd7adabac86a74b1665c7519a1695bbbdede2f5 /test/lib/utils | |
parent | 03fca6a3b227f71562863bec7a1de1732bd719f1 (diff) |
Handle errors from audit endpoint appropriately
If we're running the 'audit' command, then a failed endpoint means that
the command failed. Error out in that case.
Otherwise, if it's a quick audit as part of another command, just return
a value to indicate that we should not print audit info.
This avoids showing '0 vulnerabilities found', which, while amusingly
technically correct, is misleading and not very helpful.
Fix: #1951
Credit: @isaacs
Close: #1956
Reviewed-by: @darcyclarke
Diffstat (limited to 'test/lib/utils')
-rw-r--r-- | test/lib/utils/audit-error.js | 110 | ||||
-rw-r--r-- | test/lib/utils/reify-output.js | 7 |
2 files changed, 117 insertions, 0 deletions
diff --git a/test/lib/utils/audit-error.js b/test/lib/utils/audit-error.js new file mode 100644 index 000000000..f183a16e8 --- /dev/null +++ b/test/lib/utils/audit-error.js @@ -0,0 +1,110 @@ +const t = require('tap') +const requireInject = require('require-inject') + +const LOGS = [] +const npm = { + command: null, + flatOptions: {}, + log: { + warn: (...msg) => LOGS.push(msg) + } +} +const OUTPUT = [] +const output = (...msg) => OUTPUT.push(msg) +const auditError = requireInject('../../../lib/utils/audit-error.js', { + '../../../lib/npm.js': npm, + '../../../lib/utils/output.js': output +}) + +t.afterEach(cb => { + npm.flatOptions = {} + OUTPUT.length = 0 + LOGS.length = 0 + cb() +}) + +t.test('no error, not audit command', t => { + npm.command = 'install' + t.equal(auditError({}), false, 'no error') + t.strictSame(OUTPUT, [], 'no output') + t.strictSame(LOGS, [], 'no warnings') + t.end() +}) + +t.test('error, not audit command', t => { + npm.command = 'install' + t.equal(auditError({ + error: { + message: 'message', + body: Buffer.from('body'), + method: 'POST', + uri: 'https://example.com/not/a/registry', + headers: { + head: ['ers'] + }, + statusCode: '420' + } + }), true, 'had error') + t.strictSame(OUTPUT, [], 'no output') + t.strictSame(LOGS, [], 'no warnings') + t.end() +}) + +t.test('error, audit command, not json', t => { + npm.command = 'audit' + npm.flatOptions.json = false + t.throws(() => auditError({ + error: { + message: 'message', + body: Buffer.from('body'), + method: 'POST', + uri: 'https://example.com/not/a/registry', + headers: { + head: ['ers'] + }, + statusCode: '420' + } + })) + + t.strictSame(OUTPUT, [ [ 'body' ] ], 'some output') + t.strictSame(LOGS, [ [ 'audit', 'message' ] ], 'some warnings') + t.end() +}) + +t.test('error, audit command, json', t => { + npm.command = 'audit' + npm.flatOptions.json = true + t.throws(() => auditError({ + error: { + message: 'message', + body: { response: 'body' }, + method: 'POST', + uri: 'https://example.com/not/a/registry', + headers: { + head: ['ers'] + }, + statusCode: '420' + } + })) + + t.strictSame(OUTPUT, [ + [ + '{\n' + + ' "message": "message",\n' + + ' "method": "POST",\n' + + ' "uri": "https://example.com/not/a/registry",\n' + + ' "headers": {\n' + + ' "head": [\n' + + ' "ers"\n' + + ' ]\n' + + ' },\n' + + ' "statusCode": "420",\n' + + ' "body": {\n' + + ' "response": "body"\n' + + ' }\n' + + '}' + ] + ], 'some output') + t.strictSame(LOGS, [ [ 'audit', 'message' ] ], 'some warnings') + t.end() +}) diff --git a/test/lib/utils/reify-output.js b/test/lib/utils/reify-output.js index 92a53707f..55f77f1d9 100644 --- a/test/lib/utils/reify-output.js +++ b/test/lib/utils/reify-output.js @@ -77,6 +77,13 @@ t.test('single package', (t) => { ) reifyOutput({ + // a report with an error is the same as no report at all, if + // the command is not 'audit' + auditReport: { + error: { + message: 'no audit for youuuuu' + } + }, actualTree: { name: 'foo', package: { |